NCyTE members were treated to a special April NCyTE Member Webinar on April 24 at 9am (PDT). Our guest speaker was Philip Craiger, CoPI of NCyTE and Associate Professor of Cybersecurity in the Department of Security Studies and International Affairs at Embry-Riddle Aeronautical University.
The Federal Aviation Administration (FAA) predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 7 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as ‘drones,’ are comprised of aeronautical hardware, a CPU, RAM, onboard storage, Wi-Fi or radio frequency communication links, sensors, a camera, and a controller used by the pilot-in-command. Some have suggested that a drone is essentially a flying computer. As such, drones are potentially susceptible to attacks that are often used on computers attached to a network. Potential attacks on drones include de-authentication (i.e., terminating the link between the drone and controller); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications link; and contaminating the drone’s geofencing mechanism. The result of these types of attacks include: theft of the drone; flying the drone into sensitive/off-limits areas; purposefully crashing the drone to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data). In this presentation we will discuss cybersecurity vulnerability testing of a commercial-off-the-shelf drone, and describe the successful attacks against the system.