Jason Reagan of DroneLife recently wrote an interesting piece titled “Chinese Researchers Uncover Drone GPS Hack Threat,” where he discusses the broken GPS standard and it’s impact on drones and drone security. It opens up an important discussion because it means geofencing is no longer a viable anti-drone security measure. (Even though DJI has already used geofencing to “protect” the DC area.)
When a government intelligence staffer managed to crash his DJI Phantom drone on White House property, the Chinese manufacturer took the decision to issue a no-fly zone over the DC area. DJI already used GPS to implement invisible demarcations stopping users flying their machines into no-fly zones like airports, forcing them to land when they hit certain coordinates.
Researchers from China’s Qihoo 360 demonstrated attacks that used freely available open source GNU Radio software combined with other tools to alter the GPS coordinates on a DJI Phantom 3 quadcopter. Their demonstration proved “it’s now inexpensive and relatively straightforward to carry out attacks on GPS.”
If we can’t rely upon GPS, how can we rely upon geo-fencing?
Drone hacking is of course not an unknown entity. Last month, leaked e-mails revealed that Boeing may be developing drones armed with malware designed to infect nearby computers through Wi-Fi.
Brewster reported that Chinese researchers have already shown how a hacker can use open source GNU Radio software to usurp the GPS coordinates on a DJI Phantom 3.
Not only is drone hacking “not an unknown entity,” it’s an area of growing interest. It was the focus on a speaker talk at this year’s DEF CON 23 hacker convention held in Las Vegas, Nevada. The talk, titled “Knocking my neighbor’s kid’s cruddy drone offline,” was given by Michael Robinson Professor of Stevenson University. Here is the description from the DEF CON website:
My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt my electronics, too. In this presentation, we’ll look at some of the research and issues we encountered, when we attempted to force land two commercial drones (the new DJI Phantom 3 and the Parrot Bepop Drone) by sending GPS signals directly at the drones (while staying under the threshold for jamming and not disrupting anyone else).
One thing seems clear, GPS and geofencing, at least in their current forms, are not viable security solutions. So where do we go from here?
Qihoo 360 Technology Co. Ltd., or Qihoo 360, is a Chinese internet security company known for its antivirus software (360 Safeguard, 360 Mobile Safe), Web Browser (360 Browsers), and Mobile Application Store (360 Mobile Assistant). It was founded by Zhou Hongyi and Qi Xiangdong in June 2005. Qihoo 360 had 496 million users for its Internet Security products and 641 million users for its Mobile Antivirus products as of June 2014.