Cyber experts warn of hacking capability of drones
Hackers could employ flying drones to buzz office buildings and intercept corporate communications, cyber security researchers have warned ahead of the industry’s annual gathering.
A simple drone can be used to attack WiFi, bluetooth and other wireless connections such as those used in contactless payment cards, making it as easy to intercept information in a private building as it is in a public café.
Francis Brown, a partner at cyber security consulting firm Bishop Fox, said drones can be made that are the equivalent of “laptops that can fly”. He and his researchers have developed a drone that can be used by security professionals to test their connections and protect against a hacker using a drone.
The drones could be most easily used to target guest WiFi connections and short-range WiFi and bluetooth devices, such as bluetooth-connected keyboards, which might not otherwise be protected because current security measures assume no one could get close enough to compromise them.
David Latimer, a researcher on the project, said large companies have not properly prepared for this threat.
“A drone could just go land on the roof, sit there and record people’s keystrokes, and access the internal network over the wireless,” he said.
As drones become more widespread, organisations have searched for ways of restricting their use in the airspace above their buildings after even the White House had a drone crash in its grounds last year.
Some including the Tokyo police and Michigan Tech University have developed drone catchers, larger drones with nets, while US company Battelle has created the DroneDefender that knocks drones out of the sky with radio waves. Others have resorted to lower-tech methods with police in Holland training an eagle to grasp drones with its talons.
Bishop Fox will be presenting its research this week at Black Hat, the annual conference in Las Vegas where cyber security professionals unveil vulnerabilities they have discovered in everything from cars to elevators.
The company will share the design for its drone for free so people across the industry can try to use it to protect their networks. However, it is next to impossible to ensure that it is used only to defend, not attack, networks.
“I think it has been proven time and time again that the benefits [of testing] far outweigh the potential negative. Hackers already have these things in the world, so it is just levelling the playing field for the average security professional,” Mr Brown said. “These people are really behind the curve.”