We have gone almost fully digital nowadays, in almost every aspect of our lives, the trivial part and the most complicated part. Our cars are computerised and programmed, trains and aircraft are run by computers, and now unmanned air vehicles, which are also known as drones, are controlled remotely and flown without a pilot on board.
Such revolution has provided tremendous benefits; it has optimised the operations of those costly machines and has reduced operating costs.
However, this has introduced new types of threats and attacks that we are not accustomed to. Hence, proper security measures and practices must be put in place. Let’s take a brief journey in this realm to see some of the potential threats and how to combat them.
The FBI arrested a suspect some time ago who claimed on Twitter to have hacked into several aircraft. According to FBI documents, the suspect claimed that he managed to hack into aircraft dozens of times in the past few years, and in one case after taking control over the engine he was able to make it climb upward.
The suspect has exploited vulnerabilities in major aircraft types along with the weakness in the popular in-flight entertainment systems. These claims have been rejected and denied by the airlines involved, and the manufacturers of both the aircraft and the in-flight entertainment systems.
The suspect explained that he only meant to point out the vulnerabilities for quick resolution, a type of “ethical hacking” practice without any malicious intent. The positive side of this FBI case is that all the parties involved have taken this claim seriously to deter any future attempts and put the public at ease regarding their safety, despite any added costs incurred.
At the end of the spectrum from commercial aircraft, drones have gained wild popularity recently. Those unmanned, remotely controlled small-sized aircraft have opened unlimited frontiers for all types of businesses, including package delivery, agricultural purposes, providing aid and supplies in natural disasters, and military action.
The usage has also reached individuals at a personal level due to the relevantly low cost of such machines. And along with increased popularity, potential threats started to see the light. In this year there have been two major documented cases where vulnerabilities have been uncovered, luckily both by research scientists.
The first case was by an IBM security researcher who presented the results at the major IT security conference Black Hat Asia in Singapore in April. He demonstrated his ability with somehow low efforts to control powerful drones that are usually used by police and governmental entities with an average cost of $30,000 with simple equipment that cost merely $40.
The second case was identified in June last year by scientists from the famous research university Johns Hopkins in the US. However, their focus was on normal drones that are meant for personal use. One vulnerability is to draw the drone with a huge number of requests for wireless connection, in the range of thousands per second, which causes the drone’s system to overload and shut down. Such attacks are known as denial of service attack which can be easily avoided.
All of these vulnerabilities are not new to the IT world, nonetheless, they do show how drone manufacturers are combining safety and security with better performance and quick-to-market delivery.
The moral of the story is that new, innovative and fully electronic approach can be extremely rewarding for businesses, to achieve their strategic goals and targets. On the other hand, it is of extreme importance to ensure that going down the path of new innovation does not jeopardise stability or security; quick return in investment should not be at the expense of future disasters. And all manufacturers should take these cases as a lesson, to invest early on to find out all vulnerabilities and weakness in their machines before they are actually exploited by malicious individuals with dire consequences.