McAfee Labs 2017 Threats Predictions November 2016
What started as a fun toy for kids and a slightly expensive hobby for enthusiasts has really taken off, if you’ll forgive the pun. Drones are well on the way to becoming a major tool for shippers, law enforcement agencies, photographers, farmers, the news media, and more. It is hard to deny that drones have become a lot more valuable to many types of businesses and government agencies. Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network. In 2015, a proof of concept hack was demonstrated at DefCon that showed how someone could easily take control of a toy drone. Although taking over a kid’s drone may seem amusing and not that big of an issue, once we look at the increase in drone usage potential problems starts to arise.
How will these attacks take place? Various researchers have found many consumer drones shipping with open ports and weak authentication methods, allowing a person with the right equipment to send commands to the victim’s drone. So far, this has been a fairly manual process but, as we’ve seen in the past, new exploits typically appear sooner or later in easily reproducible format. The majority of the vulnerabilities discovered on commercial drones can be easily fixed with a software update. Of course, this requires the manufacturer to release a patch. While high-end drones will most likely be patched quickly, cheap drones will most likely fly a long time before a patch is available. As we have seen with other IoT technology, once a device is connected to a network, people quickly start looking for ways to hack it. This effort is made easier by the general rush to market for IoT devices, including drones, that have little or no security. What makes drones potentially easier to hack is they are designed to have a quick and easy setup, often using unencrypted communication and many open ports. We predict in 2017 that drone exploit toolkits will find their ways to the dark corners of the Internet. Once these toolkits start making the rounds, it is just a matter of time before we see stories of hijacked drones showing up in the evening news. Even without a dronejacking toolkit in hand, we will begin to see an increase in drone-related incidents. In 2017 we will see a local news report about a person getting fed up with one of the neighborhood kids flying a drone over his back yard. But instead of using a shotgun loaded with birdshot, the drone will be taken out of the sky by software running on a laptop with a directional antenna. Given the viral nature of the Internet, this will soon show up on Facebook walls all over the world with arguments for and against the action, causing heated debates and snarky memes.
During 2017, we will also see more drones used by law enforcement agencies to monitor crowds. Initially protesters will react by throwing objects at police drones, but drone takedown hacks will be launched by protesters as a way to quickly remove surveillance drones from the equation. How will policymakers respond to these incidents? Already the US Federal Aviation Administration is scrambling to put rules into effect that govern when and where commercial drones can fly, but there are still a lot of uses that need to be addressed and surely some we have not yet thought of. Whereas commercial aviation grew slowly over time, commercial drone usage is on a steep flight path that will leave regulators struggling to get off the ground.
SAPRITALIA RPL Remote Pilot License Specific operation risk assessment SORA