Drone Threat Intel Report: DroneSec Notify #6
This summary has been extracted from our weekly public threat intelligence report. For more information on the platform or weekly email PDFs, please visit: dronesec.com/pages/notify or email us at [email protected] or join the slack group at dronesec.slack.com.
For my young cousin’s birthday, he got a small < 250g drone (Melbourne, Australia). Too quick out of the gates to read the instructions, he failed to calibrate it properly and by the time we heard the shouting, it was making a beeline for the nearest creek area. Being in private property land, we drove alongside the fence line in the car while he attempted to “fly it up to see it” - when I clearly knew by now the battery had run out.
A really interesting angle was that he started thinking of all the different ways we could track down and find where the drone was – using a camera on another drone, pressing a special combination on the D-pad, even resetting the controller to hear the different beep-beep-beep combinations. To be quite honest, I disregarded it; until he pointed out that the controller ($30 drone) would get a faint red light and would actually make a sound when we drove past a certain property. There was no LED screen attached, no special ‘Return Home’ functionality, so I had initially treated it as a brick.
Long story short – it was in the property, and a humble hand-written letter by the cousin was dropped in the post-box. A few days later however, the neighbour left a stern reply about being spied upon and imprisoned the drone. However, it blows me away to know that with just 30 seconds of airtime, this 10-year old was already thinking of a variety of techniques to track and locate a drone. These will be the jobs of the future and kids will be going through high school one day thinking “I’m going to be a drone security specialist one day!” Pretty impressive stuff.
To aid the industry and its educational requirements, the UK Civil Aviation Authority (CAA) has paired up with CREST to launch the ‘ASSURE’ program – focusing on the link between Cyber Security and the Aviation industry. This is really interesting to us as an organisation as we already seek out hackers with experience in ‘Red Teaming’ or ‘Penetration Testing’ as certified by CREST. The link is below, and with time I believe some of those modules will be dedicated to small UAVs and the Counter-Drone and UTM Systems that protect against and support them.
In other news, we saw a judge authorise the use of a drone for collecting hidden surveillance footage of a real-time drug deal, which was then played in court by the prosecutor – a nod to the reduced cost and flexibility drones provide police over helicopters. An Israeli paper was also the talk of the DroneSec office this week which demonstrates using drones with mobile projectors to spoof street signs in an effort to manipulate vehicle Driver Assistance systems (e.g. slow down, stop, lane-change). In short – a tactical manoeuvre by a drone could project an image of a stop-sign on a freeway, leaving vehicles that automatically detect and ingest them at risk of suddenly stopping, causing machine-learned accidents.
That wraps it up for this week. For all of our Singapore (SIN) readers, we’ll be both at the Air show and the inaugural Global Drone Security Network on the 10th February. For anyone in attendance, please do get in touch beforehand and we’d love to have a chat and talk all things drone security.