Drone Penetration Kit – The New Attack Vector Hackers Use to Penetrate A Company’s Network

Do you know that a common mistake such as not turning off your smartphone’s WiFi could give out your data to hackers in just a few minutes? Yes, it’s true. Researchers have proven that Remotely Piloted Aerial Systems (RPAS) or UAVs can be easily used to exploit people's privacy when it falls into the wrong hands.

In March 2014, during the Black Hat Asia Cybersecurity Conference, SensePost, a renowned security firm shared its findings about drones. At the conference, Glenn Wilkinson, a developer of a Drone called “Snoopy'' revealed some vital findings about their drone technology to BBC.

Experimentally, Wilkinson was able to use Snoopy to gather information about the attendees at the conferences within minutes. He showed them pictures of their homes and offices – revealing how powerful Snoopy could be.

The revelation wasn’t only shocking, it also raised lots of eyebrows. Well, here are a few of the many findings he shared with BBC about Snoopy drones:

• The drone can steal data from unsuspecting smartphone users.

• The drone uses the company’s software which is installed on a computer attached to the drone.

• The drone can be used to hack Smartphones and steal personal data - all without a user’s knowledge.

• Every device we carry around today emits different signals; so Snoopy exploits these wireless signals to gather personal information including home addresses and bank details.

• While this technology is revolutionary, it also raises security concerns across the globe, as it’s one of the surest paths cyber hackers can use to exploit people’s and companies’ sensitive data.

According to the 2022 updates by Drone Blog, over 21+ countries' governments have prohibited their citizens from flying drones which includes: Uzbekistan, Bahrain, Tunisia, Syria and lots more.

The Benefits of UAVs:

Drones or Unmanned Aerial Vehicles (UAVs)  are amazing technology with so many benefits; to mention but a few:

#1 For quality aerial image capturing: Yes, drones are the new frontier for image capturing, and it’s no longer news that drones are pretty stunning in taking not just high-definition aerial pictures and videos but in collecting image data. This technology enhances visual experiences and its resulting high-resolution images can be used to create 3D models and even 3D Maps.

#2 For easy deployability, especially in hard-to-access areas: Most of the existing drones today do require relatively minimum experience to operate them. One of the primary reasons behind UAV designs is for them to be easily deployable. That’s why they have a greater range of movements and coverage compared to manned aircraft; they’re able to fly lower and in a controlled direction – allowing them to easily access hard-to-access routes.

#3 For security and surveillance: Another advantage of drones is their unbeatable security and surveillance application. With the right regulations and appropriate licence, drone operators can use UAVs to provide security and surveillance to private organizations as well as in sporting events and public gatherings and other avenues.

#4  For accurate precision: The GPS (Global Positioning System) program embedded in UAVs enables them to map locations precisely. This precision feature extends the application of drones. For example, drones are used for several agricultural purposes — from spraying fertilizers and insecticides to identifying weed infestation and monitoring crop growth.

Meanwhile, here are a few of the many demerits of Drone usage as well.

#1 Privacy exploitation: This is one of the core concerns about drones. Drones can effortlessly collect people’s data and images without them knowing. A good example is “Snoppy” as aforementioned.

#2 Safety is another concern: One thing is to own a drone another is to be sure that it doesn’t collide with other manned aircraft or drones. While this could be the case when systems fail, it has raised lots of concerns. Imagine a falling drone in the midst of large crowds — people might get terrified and injured.

Areas Where Drones Can Be Used and Aspects Where They Can Be Functional

Wildlife monitoring and protection: With the thermal cameras and other sensors installed in drones, it’s crystal clear that they can function effectively at night. Therefore, wildlife scientists and researchers use drones to monitor wildlife and gather data on them, especially at night, without disturbing their operations.

Researchers use UAVs to get insights into how wildlife is surviving, how they are adapting, their hunting patterns and so on. The collected data in these cases help the researchers in their approach to sustaining and protecting animals in the given reserve.

Film making /entertainment industry: Many years ago, only big and successful film studios could afford aerial movie shooting—they used cranes and helicopters that cost thousands of dollars just to record a high-quality aerial shot. But thanks to drone technology, even amateur filmmakers can successfully record stunning aerial shots using drones equipped with high-definition cameras.

More so, besides capturing shots in movies, the drone itself can be used for ‘combat entertainment.’ Two distinguished drone combat clubs could entertain their followers by having their drones combat each other in a cage match. When one drone destroys the other in combat, the owner of the drone is declared the winner.

Agricultural sector: Today, mechanized big farms operating on vast land use drones to assess and monitor the growth stages and height of their crops.

Geographical mapping: Geographers leverage drone technology to collect quality data on and even download high-resolution images of locations that are humanly impossible to reach, like coastlines, mountain tops, and even islands. The resulting data collected can be used to make maps, e.g  3D maps.

Weather forecasting industry: Weather forecasters use drones to track hazardous and changing weather conditions. Since drones are unmanned, inexpensive, and sensitive, weather scientists use them to track tornadoes and hurricanes, as well as to gather new insights into the nature of disasters. The advanced sensors embedded in drones facilitate the gathering of detailed weather parameters for quality weather reports.

Product package delivery and feedback: This is an amazing application of drones that beats road traffic and still satisfies customers by delivering their packages on time. It’s no longer news that major corporations like Amazon, UPS, DHL, and a lot more are using drones to deliver small packages like parcels, food, drinks, letters, beverages and so on.

Hazard environmental report: Since Drones are designed to easily navigate through places humans can’t penetrate, advanced tech countries today use drones to swiftly garner reports and data in locations that have experienced natural or man-made disasters. Here, drones can be used to search for wounded and dead victims as well as record other events.

The Most Recent Drone-enabled Incidents Raised Eyebrows.

The US East Coast Financial Firm was attacked. Towards the last quarter of 2022, Greg Linares, a cybersecurity researcher, as part of his work, interacted with those involved in this financial firm, and he mentioned the details to The Register.

Linares said: this hacking incident was discovered when the firm discovered an unusual activity on its internal Atlassian Confluence page which originated from within the company network. The search for the WiFi signal behind this network activity led the team to the roof, where a ‘modified DJI Matrice 600’ and a ‘modified DJI Phantom’ series were discovered.

After further investigation, the company’s security team discovered that one of the internal users' MAC addresses was used to gain partial access to the company’s Wifi network and was also logged in at his/her home several miles away. While the user at the company was active offsite, someone within the WiFi range of the building was trying to wirelessly use that user’s MAC address to gain access to the company data—and that was a red flag.

Digging further, it was discovered that the Phantom drone was in good shape and it had a modified WiFi Pineapple Device used for penetration testing, according to Linares. While the second drone–the Matrice–was carrying a case that contained several batteries, Raspberry Pi, a 4G network, a GPD mini laptop, a WiFi device and a cooling system. In the course of the investigation, this drone was found to be functioning properly while appearing damaged.

Linares further affirmed that the components or tools on these drones were used by the attacker to target the company’s internal Confluence page to penetrate other internal devices using credentials stored there. The attacker specifically targeted the limited access network (of an internal user) that was not secure due to the recent changes at the company. Meanwhile, the attack was a “limited success, and the hacker's identity could not be traced.“

Possible cyber risks and threats attached to drones and how it can be controlled:

Drone hacking isn’t technically too difficult for sophisticated hackers because many drone operators widely open their drones to attack unknowingly. More importantly, it is best we understand that hackers don’t necessarily need their own drones to hack your drone as they wish and still make it serve their primary purposes. One of the major tactics hackers leverage to make this happen is GPS Spoofing.

What is GPS Spoofing: GPS Spoofing is an act of feeding drones with false GPS coordinates. It’s a slimy way hackers leverage to hijack drones and redirect them to a destination or location of choice. Once a drone is under such attack, it could be instructed by the hacker to crash other drones or to crash into persons or homes or even land near the hacker's location for easier exploitation.

Basic facts about drone attacks:

I) Drone can be hacked or hijacked from its owner from miles away without the real owner knowing. In other words, hackers can hijack the command and control signal between the drone operator and the drone itself from miles away.

II) Most drones are built with unencrypted radio signals making it easier to decode with a “pocket analyzer”.

III) Drone signals could be jammed by hackers, leaving it with no way to navigate itself.

How to secure your network against UVAs attack:

While there is no alpha way to secure a drone, there are still ways you can secure your drone network from constant hacking. Kaspersky, a renowned security company, highlighted the following helpful tips:

1: Use of complex passwords: One way to get your drones hacked easily is by using weak and predictable passwords. However, when you use complex password patterns of character mix–small letters, big letters, special characters and so on–it’ll control the malefactor hacking of the drone signal.

2: If you’re using a Smartphone or a laptop as your controller, ensure you keep it secure and don’t let it get affected by malware. According to this post, several US military drones were reported to have been infected by malware. After deeper investigation, it was discovered that the drone got infected after the operator used the drone computer to download and play a video game. As a drone operator, be mindful of what you download on your device to avoid dodgy programs and apps. Malware is real!

3: Leverage virtual private network: When you use VPN, you stop hackers from accessing your communication when connected to the internet because VPN is not only a secured gateway to the internet, it encrypts your connection.

4: Set a limit of one for the number of devices that can connect to your base station. This is also an effective technique for preventing your drone signal and control from being hijacked.

5: Update the drone’s firmware regularly: Major drone manufacturers issue patches when new security threats emerge, so users should regularly update their drones' firmware to help keep their drones ahead of the hackers. (DJI issued a security patch after hackers accessed the manufacturer's website, allowing them to access flight logs, videos, photos and map views from drone users in real time. Yet, some clients refused to install it–giving hackers potential access to all their data)

6: Have your drone set on RTH (return to home) mode: This is one of the features advised to check for before buying a drone. Once your drone has this feature, you have to activate the RTH mode—this enables it to return to you if the signal is jammed or the battery is low or it loses signal. Please note that RTH depends on GPS, and it’s not immune to GPS Spoofing.

The Future of Drones: Does Big Opportunity Await Drone Technology?

You’ll agree with me that the application of drone technology to ease operational activities cannot be over-emphasized. Already, it’s widely utilized in industries like entertainment, logistics, agriculture, military and so on, and its know-how is on the rise. In fact, according to this piece, the drone market is predicted to be worth over $500 billion by 2030 considering its development phase which is pretty crystal.

Nevertheless, the following are three major market trends to show how much the future holds for Drone Technology:

1: The Drone Engine:

There have been a lot of ongoing discussions on the drone market, and one of them is that the drone market will be providing over 50,000 job opportunities in a few years. While this forecast could be true, drone developers are battling on resolving the challenges of flight time and load-carrying capacity, which are determinants of engine capacity and battery. Already, the lightweight wing type can only cover short distances due to the inbuilt engine capacity and lithium batteries.

For other tasks like longer-distance transportation, the power of lithium batteries won’t be enough. While bigger batteries used in electric cars are not suitable for drones (they’re bigger than drone sizes), experts in this field and engineers are looking for alternative methods to power drones for bigger tasks. And the two front runners seem to be “hybrid electric-gasoline and Hydrogen engines.”

2: Drone will get smarter thanks to AI:

The rate at which AI is revolutionizing technology sectors is amazing and drone technology is not left out. Therefore, it’s no faux to conclude that the drones of the future would be fully autonomous with no operator involved but based on AI systems.

At this stage, drones should be able to make independent decisions based on the information they analyzed while flying with other drones, around natural obstacles, or on the tops of buildings.

There is so much ongoing research on how to improve drones' manoeuvrability in highly dense areas and self-destruct systems–which is necessary when a damaged drone goes haywire.

3: DaaS will be the new business model:

With the way drone technology is growing rapidly, it is forecasted that drone providers will create on-demand solution ideas, which is drone-as-a-service, for businesses of different sectors.

You no longer have to spend so much to buy a powerful drone that meets your needs. Instead, with the help of DaaS, you can hire drones to carry out every assignment. For example, an organization that wants to study the map of a large area can leverage DaaS without spending so much to buy a drone to actualize its aim.

Considering the ongoing trend in the drone world, it’s just a matter of time before drone projects operate in this format: energy efficiency, little or no human involvement, seamless operability, and maximum business results.