Drones a Growing Threat to Network Security

It's just a matter of time before someone is caught using drones to compromise the security of communications networks. "Caught," because in the past year the technology has become readily available and it's likely people are already doing it. Drones can fly undetected in places people never had physical access to, which puts every company at risk, from data centers to financial institutions to retail outlets, warns a startup dedicated to providing countermeasures against drone threats of all kinds.

Dedrone CEO Jorg Lamprecht points out that drones equipped with gear that can eavesdrop on wireless communication have already been demonstrated, and some of it has already hit the market. Drones are available that can track people through their mobile phones.

One example shown at last year's DefCon show is a device called Aerial Assault, a drone designed to find and pinpoint the location of (via GPS) unsecured networks. The developers intend to market it shortly at an expected cost of $2,500.

Another example is Sensepost's distributed tracking, profiling and data interception framework called Snoopy. First implemented in 2012, the company began marketing it last year. It can be used to track users of dual-mode (cell/WiFi) mobile phones.

It is also easy today to use a drone to drop a WiFi access point somewhere utterly unexpected to hijack communications.

Boeing is reported to be developing precisely this technology with a firm called Hacking Team.

"You could take a Wi-Fi access point and fly it to the top of Google's headquarters, and call the access point 'Google Free Public Wi-Fi.' See how many people connect their laptops," Lamprecht told Light Reading. "Or the bank. In the financial district, the office is up on the 61st floor? Fly a drone next to it, and call your access point Citibank Free PublicWi-Fi.' You can get close enough to do that now."

And why wouldn't the employees of a company connect? How many people don't attend DefCon every year? How many would stop to think that placing a fake AP is even possible?

"Or cell phones. I can read off all the radios of a cellphone, and I only need to be 200 or 300 feet away maximum," Lamprecht said. "Brave new world, right?"

And good luck identifying, let alone catching, a culprit. Drones are commonly piloted from half a world away. A drone could be programmed and the "operator" need not even be sitting at a terminal.

There are many possible countermeasures, but some are dependent on standards and practices that are hardly universal, while the legality of others is up in the air because the laws and regulations ruling the use of drones are lagging far behind commercial development.

If legally operated drones are equipped with transponders, they can be identified. Anything that can't be identified could be a threat. Dedrone sells a line of detectors called DroneTrackers.

If no-drone zones can be established, then managers of those zones might be able to employ active countermeasures that could include catching drones in nets, jamming them, disabling them (with electromagnetic pulses [EMP], for example) or hacking them to take them over.

— Brian Santo, Senior Editor, Components, T&M, Light Reading

inkstainedwretch 5/11/2016 | 1:06:37 PM
Raspberry Pi-based drone jammer Use only on your own drones. Otherwise it's probably illegal.


kq4ym 2/26/2016 | 9:51:28 AM
Re: Drones = threat The regulatons for flying drones is quickly requiring more and more restriction not to mention all owners are now required to get a "license" from the FAA and post the numbers on the drone. And too, drones are not exactly stealth, they're very lound and it's not likely anyone is going to secretly fly close to gather data without getting caught let alone violate FAA regulations that will most likely be prohibiting flights low over crowds or private property.
inkstainedwretch 2/23/2016 | 12:17:00 PM
drone = threat I focused on what Lamprecht suggested might be one of the most obvious immediate threats to communications networks, but there are so many other possibilities.

He said that no data centers have been attacked yet, but that data center operators are concerned that it's just a matter of time.

It's technologically feasible to mount electronic eavesdropping equipment (NFV, cellular radios, Wi-Fi) on a drone.

Many communications companies own sports networks. People are already flying drones into stadiums to capture film.

Of course a drone can be used to carry explosives. Any network element is now subject to attack, including access points, nodes, aerials and dishes.

Of course, far, far more than communications networks can be threatened, in many different ways. Lamprecht pointed out that a drone crashed near German premiere Angela Merkel at a public appearance in 2013 (the video on YouTube can be easily found), and a Japanese man protesting the government's handling of the Fukushima nuclear plant landed a drone carrying radioactive sand on the roof of PM Shinzo Abe's home. Lamprecht said someone had used a drone to drop things (which he left unidentified) on the roof of one of Dedrone's customers.


One kid has mounted a gun to a drone, which can be fired remotely.

One countermeasure is to hack the incoming drone, rendering it inert. But there is a possibility that some drones could be taken over.

That brings up the potential threat of a malicious hacker taking over a drone otherwise doing something legitimate (making a delivery, observing traffic, etc.) and using it for illegal and/or destructive purposes. It would have a legal transponder in it, which might delay any response to a potential threat from the unit.

It's all quite chilling.

"Everything is open to the sky," Lamprecht reminded.

-- Brian Santo



Michael1992 2/23/2016 | 10:32:28 AM
Drones = threat That's exactly what I was thinking lastly! And what is worse is the fact that you can get yourself a drone so easily...
Sign In