Drone Threat Intel Report: DroneSec Notify #24

This summary has been extracted from our weekly public threat intelligence report. For more information on the platform or weekly email PDFs, please visit: or email us at [email protected] or join the slack group at

A dedicated ‘cyber-security’ section this week as a number of artefacts belong in that category. When threat modelling an actor who misuses drones, there are several characteristics. One is how technically savvy they may be at removing No-Fly-Zones (NFZs) and bypassing the mechanisms on drones themselves. For drone enthusiasts and modders – easily done. However, for the majority of contraband deliveries into prison, the apprehended subjects are often using pre-purchased and pre-made equipment, falling into the unskilled category.

To this extent, we track several NFZ bypass and pay-to-mod entities. If a drone or device is found by forensics to contain these binaries/applications/programs, it could link back to much needed information regarding the threat actor. This week, we see the return of the previously-thought-defunct “NoLimitDronez (NLD)” modding site that offers financial bounties in return for exploits leading to jailbreaks and other bypasses. Finally, a very interesting, yet brief analysis of the DJI Mimo app’s undermining privacy and security features as investigated by River Loop Security.

Continuing in on the emerging technology side, a shift in the attitude of the Counter-Drone industry – with Citadel Defense releasing a counter-counter-drone software release against adversarial spoofing. This is where a threat actor might look to confuse or overwhelm a C-UAS system by mimicking drones or drone swarms that aren’t really in the air. An example – a Raspberry Pi squawking drone MAC an BSSID addresses could do something similar on a trivial Wi-Fi scale. For Citadel’s systems, it seems to come in the form of detecting and filtering out rogue Radio Frequency signals by using the “DeepFake” software. Will we see a whitepaper one day? Who knows, the tech is likely kept pretty watertight.

Notable events this week include the temporary halt of the Vance Air Force Base by drone, some great forensic analysis of piecing together a downed Altura Zenith drone and a halt on the European drone regulations by the aviation community on unaddressed privacy and safety concerns. Of personal interest, was footage streamed from a UK police drone showing a runaway suspect in action – no place to hide and quickly apprehended by a hovering law enforcement drone above.

I’d like to give a special thank you to Randall Nichols who heads up the UAS Cybersecurity practice at Kansas State University. First noticing Randall was providing insights at an upcoming webinar, he’s kindly provided two of his drone securities books to Notify readers, free of charge. In depth, highly relevant and taking on the core concepts of cyber security within unmanned systems, they’re worth a read or storing on the Red Team’s desk. Both of these eBooks can be found in the Whitepapers section.

See how the DroneSec Notify Threat Intelligence Platform can benefit your organisation.

Leave a reply