Last week at the PacSec security conference held in Tokyo, a new device capable of fully infiltrating radio-controlled drones was unveiled by researchers. This new device exploits a vulnerability in the frequency-hopping systems in many consumer drones. The frequency-hopping systems make it easier for drones to obfuscate and protect their radio communication. Of course, this new device is not available for sale but that doesn’t mean hackers may not soon find this vulnerability as well and begin exploiting it as well.
This demonstration in Tokyo is not the first to yield concerns related to drone hacking. In October, the Federal Trade Commission (FTC) held a workshop in D.C. where FTC researchers were able to hack into three different consumer drones. The FTC researchers were able to hack into the camera feed on the drones –in two of the drones, the researchers were able to turn off the power and cause it to fall from the sky, seizing complete control of its flight path. A drone manufacturer noted that the drones used by the FTC to conduct this test were released back in 2010 and since then, manufacturers have taken measures to better secure drones such as encrypting the control link and inclusion of security controls that prevent GPS tampering.
Unfortunately, like all other connected devices in the age of the Internet of Things, there are no clear rules on what manufacturers need to do to secure drones and keep them protected from malicious hackers.
The FTC is currently soliciting comments from the public on the consumer privacy and security implications of drone technology until November 14. Recode, a technology news website focusing on the business in Silicon Valley, asked the FTC for information on its research and the specific types of drones that were hacked, but the FTC requested that Recode submit a formal Freedom of Information Act letter, which is now pending fulfillment.