What is DroneSec?
DroneSec is a security company dedicated to solving problems in the drone and UAV space. We’re a mix of drone and cyber security experts who’ve been analysing the industry for the last few years, assessing the best offensive and defensive measures in the world.
DroneSec is a subsidairy of Privasec, utilising their hackers and industry knowledge to provide consulting services to a wide range of organisations and departments throughout Australia and the world.
To top it all off – we cover the latest and greatest drone security news, research and analysis via our news portal dronesec.xyz.
What kind of drones are we focusing on?
Most Commercial-off-The-Shelf (CoTS) drones under 30kg. This means drones that are used by businesses, hobbyists and of course, malicious operators. These can be purchased quite cheap and provide significant capabilities, most of which are being developed with more intensity than most emergency services and military can keep up with. When we mention drones, it can also be understood as UAS, UAV, or even RPAS.
What is the current state of drone security?
Well, it is split into the usual offensive/defensive matrix.
Businesses around the world use drones for a variety of reasons. Farmers, film companies, critical infrastructure, emergency services and more. For these organisations, they want their drones to be safe and secure against hijacking, video and data interception, damage and accidentally causing harm to the public. In addition, they want their drones and fleet management software to be protecting against prying eyes, data leakage and manipulation.
Protecting against malicious drones
The flip side is that drones can be used by malicious operators to cause harm. It’s not just a privacy issue – drones can be used to spy, drop ordinance and payloads, hack into remote networks and halt mass-transportation. There have been many use cases of harmful use, DroneSec has hundreds of articles on this.
The industry is looking at ways to protect against malicious drones through a variety of Counter-Drone software, hardware and systems. These can be kinetic (such as eagles and net-guns), electronic (such as frequency and GPS jammers), and even cyber-specific (such as hacking).
What are the chances the drone security business will become a multi-million dollar business?
Rather than make assumptions based on similar industries, you can get an idea of the landscape by looking at current Drone Security companies.
Some of these companies have IPO’d, or gone public in the stock market looking for investors to buy shares in their company. Some are looking to raise funds over $7 million dollars, and others on hiring frenzies. These are examples of companies who have analysed the area, and created a business plan based on their forecast of possibly millions of dollars in revenue.
To get an idea of the current industry leaders in this area, here are some of the top Drone Security companies. Their main goals are Drone Detection, Prevention, Response and (more recently) protection.
Department 13 ()
ZONE APS ()
Some of the bigger players, such as Lockheed Martin have also begun work in the area with their ICARUS system. If such an industry looks profitable, we may see the rise of larger companies looking into the area than just boutique Drone-Security startups.
While it’s hard to determine the exact cost of these systems, you can analyse profitability via a combination of stock market and media releases. Recently, DroneShield saw purchases by an Asian government security agency and the Turkish NATO presidential body ().
Now with that in mind, we have to look at the various areas of drone security and the sectors they might affect.
Counter-Drone: Business in this area looks to protect areas such as stadiums, airports, government building and public places from threats drones may pose. This is currently the largest area (affecting multiple sectors), and big examples include protecting the Boston Marathon from Drones with drone-detection capabilities by company DroneShield ().
Currently this area is heavily invested in detection technology, with anti-drone response technology being largely new, untested or illegal in some areas ()
With most companies looking to protect against drones, the reality is that drones are being quickly adopted by companies such as Amazon for major use (). These drones are susceptible to a number of threats, including public hacking tutorials and methodologies ( ).
The next area which is loosely connected to drone security could possibly be one of the largest in the next few years. Drones are being used to spot and prevent forest fires, give police viability in dangerous areas, and even act as security guards () for private and public grounds. This area affects quite a large spectrum of industry sectors, and would require counter-drone and drone-protection measures stacked onto asset-protection.
You must remember that drones started to attract the consumer market for hobbies and fun, but soon got the attention of the commercial, agriculture and transportation space. I believe with retail giants like Amazon and Dominoes looking to gain access to this area, it will create a lot of business for companies that can minimize risk and increase their profit margins.
Similarly, drones are computers inside flying objects controllable by anyone. This isn’t just a computer anymore, or a vehicle – it has minimized capabilities of an aeroplane run by an operating system and communication channel most likely vulnerable to hacking (depending on the software). Some drones such as the DJI Inspire are worth a lot of money and used by film & media companies – if they don’t have the skills to harden or protect their drones, they’ll look to outsource those solutions.
So in conclusion, I believe that your business can certainly be worth $1 million, even if it is within the next few years. You just need to analyse similar businesses that have a model that is seeing buyers. Most of all, you have time on your side, as this is a brand new area – however you’ll have to be fast and identify a niche within the drone security areas of anti-drone, drone-protection or asset protection.
How can a drone user tell if their drone has been hacked?
Depends on the make of drone, but there are different stages of hacking, some may be noticeable and others not so much.
Video Interception; on some drones, you can connect to the communication channel and corresponding port where the video is being transferred to view he video of the drone. The user may detect a bit of packet loss or interruption but for the most part nothing.
File System Access: sometimes a hacker might gain file system access on a drone. If the system allows multiple access sessions, they could run a command to check whether any other users also have access to the file system. If there was only one session allowed at a time, the pilot would be kicked out and would notice.
Hijacking: if the drone was hijacked and the hacker took control of the drone, it may; 1. Use its return to home functionality to return to the pilots location 2. Hover in the same place and send a communication error to the pilot or 3. Drop out of the sky and crash.
Detecting if someone else is sharing the wifi or comms channel to your drone is possible via some operating systems, but not really visible on most controllers or apps. Most apps might just say connection error.
What are some business ideas that utilize drones?
Just some actual uses I’ve come across, these aren’t just ideas anymore.
Using drones for filming movies, advertisements, promo videos, music festivals and real estate.
Using drones to take progression videos of building construction ($1000 each run, 1xper fortnight for 6m-1year, with multiple construction companies)
Using drones to keep an eye on wildlife (such as elephants and rhinos) and detect poachers.
Using drones as security guards to navigate and view your property remotely when away from home.
Using drones for transportation of purchases (amazon) and and food deliveries (dominoes).
Using drones for surveillance of dangerous areas before using humans (police) enemy units and positions in the battlefield (syria).
Using drones to spot wildfires in forests.
Using drones to deliver defibulators to heart attack victims (paramedics).
Using drones to spot people taking illegal dumps of rubbish and human waste (india).
Using drones to spot sharks on popular swimming beaches without the cost and time of a huge helicopter.
There are many, many more, but these are some I remember most off the top of my head.
How can the hacking of drones be prevented?
If the question relates to commercial (<2kg) drones, two main places are of interest:
First: The communications link between the operator (pilot) and the RPAS (drone). Think of the controller like a Command and Control system that requires a form of wireless link to speak to the drone. This can be WiFi, 3/4G network or another type of Radio Frequency path. The first vulnerability here is an unsecured or weak password protected wireless network – hackers can easily break into this communication link, intercept it and likely take control over it.
To secure and prevent against this form of hacking, would require drone manufacturers to secure drones with 1. High security wireless network (if WiFi, WPA2 PSK) and 2. A randomized, complex default password which the operator is required to change before first flight. This would prevent against the ‘first line’ of defense, and in fact make it harder for rogue dronehackers to gain access to the drone via the communication link. Keep in mind, sinply being able to connect to the drone’s wifi channel means access to the drone software like its a computer – ports, services, file system etc are all accessible.
Second: The drone itself could be ‘hacked’ vis disruption to the Radio frequency (RF) of its communication or Global Positioning System (GPS). This could make it perform a number of actions including just hovering in place, returning ‘home’ to the operator or falling out of the sky.
GPS jamming is illegal in many countries, and with the recent release of DroneShield’s ‘DroneGun’ its a question posed by many – how do we protect drones from having unauthorized takedowns by illegal GPS/RF jamming. It’s a question that needs a lot of thought. I believe the answer lies in better drone software hardening – something I haven’t seen much on. A friend of mine who works for NCC group (Michael Johnson) has a neat little setup using a rasberry pi, 4G communication with openVPN and encrypted comm channels for communication to the drone.
Should we replace combatants with drones?
We can already see this occurring in the middle east – if in fact, your question is pointed towards commercial drones (e.g. DJI phantom, custom drones) and not military ones.
Drones are being used for reconnaissance to find sniper positions without risking lives to peak or change locations. ISIL drone-factories have also been found where small explosives are attached to the drones and sent to drop their payloads on fighters across walls or hard-to-reach places.
In terms of combatants, you’re looking for a number of factors which human fighters can achieve, including visibility, security, offensive/defensive actions, communication and logistics. If we get to a point where small drones can accomplish all this, it certainly might be possible. Keep in mind however that the human element is removed, and a remote pilot may not feel, see, or react in the same way as if they were there.
Similarly, if drones are vulnerable to EMP, GPS blocking, software hacking and Radio Frequency manipulation then they may not be the best ‘replacement’ in the trade-off of saving human lives.