Some time ago I had the opportunity to participate in the Changellenge Cup student design competition , where I was a member of the judging panel in one of the sections. Today, however, I’m not going to tell you about the professions themselves, but about selected problems that we discussed in the engineering department.
Participants had to develop unmanned aerial vehicle (UAV) use cases in business, defense and the national economy. I think the results are worth reading.
Drones can be used in various fields, among which there are three main categories:
- public administration: military services, border guards or disaster relief services,
- companies: monitoring and maintenance of buildings, energy plants, construction sites, agricultural facilities, farms, geological discoveries or aerial photos,
- consumers: goods delivery, advertising, guided tours and games.
Currently, the drone market is most often used by military and defense agencies, but in the next 10-20 years, these devices will become an integral part of our lives, while remaining vulnerable to security gaps and problems.
Naturally, these forecasts should accelerate the development of the relevant industry and legal regulations. If we take into account the prospect of drone proliferation, the usual issues related to technical threats or vulnerabilities become more acute.
In short, any drone is made up of two main components – the machine itself and the ground control station, whether fixed or mobile.
The drone, in turn, consists of a real-time controlled system, control software, interface module facilitating data exchange, sensors connected with the software and avionics. Optionally, it can also have a weapon control system (if equipped) or an autopilot.
The ground control station consists of the controlling software, interface modules and the controller. Here I will add that each of the above-mentioned components can become the target of an attack.
There are three main attack vectors:
- Direct attack on the drone in case of physical access to the device. For example, during maintenance, someone may intentionally or accidentally infect the drone with malware or replace the boards or chips.
- Radio link attack: control channel can be hidden and data intercepted and decrypted – scenario that was used to hack US drones in Iraq . Interestingly, the attackers used the Russian SkyGrabber program .
- Attacking sensors by falsifying data – for example, changing GPS coordinates.
Drones and safety: where are we going?
After hacking, the device can be used for any purpose – it can change the generated data, display and control flight parameters (e.g. speed, altitude, direction or programmable flight plans) or, as a last resort, bring it to the ground (high-class drones are expensive, so would be a costly waste).