Drone invasion offers solutions – and new headaches – for cybersecurity
At this week's Black Hat hacker conference in Las Vegas, cybersecurity researchers showed how drones can help secure wireless networks but also how the flying gadgets can be used in attacks.
The drones have arrived. They're flying over parks, neighborhoods, and occasionally crashing near the White House lawn.
And as the number of commercial drones is expected to top 7 million by 2020, researchers are working quickly to build new defenses against the potential misuse of unmanned aerial vehicles – and trying to figure out how the flying gadgets can actually bolster cybersecurity.
"Drone tech has been advancing rapidly," said David Latimer, an analyst at the cybersecurity firm Bishop Fox. “It’s a lot of fun and very exciting, but it’s also the next step for security research."
At this week's Black Hat hacker conference in Las Vegas, Mr. Latimer demonstrated the Danger Drone, a custom-built aircraft the size of a credit card that anyone with enough technical knowhow can build for about $500.
"It’s a fully functional hacker’s laptop that can fly," he said.
The idea behind Danger Drone is that cybersecurity professionals would deploy it to remotely test the resiliency of Wi-Fi or Bluetooth networks outside office buildings, attempt to penetrate the networks using the drone, and then patch the vulnerabilities.
But while some hackers at Black Hat demonstrated how drones can bolster cybersecurity, others pointed to the myriad security concerns that will come with their rapid proliferation over American cities.
What happens if bad guys use drones to attack power plants or water treatment facilities or oil production plants, asked Jeff Melrose, principal technology strategist for cybersecurity at Yokogawa US, an electrical engineering and software company.
"For people in my industry these things are just showing up and nobody quite knows how to deal with them," said Mr. Melrose, who said between as many as 40 Yokogawa clients have reported drone incidents over the past few years.
Mr. Melrose has spent the past several months exploring potential dangers of drones – from the use of drones for surveillance to actually using them to attack workers in the field. Or, in the worst-case scenario, small drones could also become part of a cyberattack headed up by a nation-state.
While there aren't any known instances of attackers deploying commercial or hobbyist drones for this kind of assault, Melrose says increasingly small and powerful drones could inflict significant damage if in the wrong hands.
Essentially, with an attacker controlling a drone from far away, he says, it becomes "my little minion within your boundary."