Commercial use of drones for tasks like surveillance and aerial photography/videography creates business efficiencies and new opportunities, but it’s important to understand drones’ inherent security risks and their potential impact on a company.
Even industrial drones are based on simplistic computing architectures that were not designed to be highly secure, much like IoT devices, making them vulnerable to even average-caliber hackers. Adversaries can use standard debug tools to circumvent the software and hack the drone to control it, preventing it from completing its tasks.
If the drone is running on the company’s wireless network, the hacked drone can cause network interference, impacting business operations and the functionalities of sensors or smart devices.
Some drones collect and store data (such as video) locally, and this data is unencrypted in almost every case. If the drone crashes, anyone could access the memory element inside it and view this data. Additionally, an adversary can hack into the drone to see what data it is collecting or what tasks it is performing.
A hacked drone can create a back door into a company’s wireless network, threatening profitability and productivity. In the event of a data breach, the downtime incurred can cost millions in lost productivity and damage a business’s relationship with its customers. Adversaries also can obtain access to proprietary information or intellectual property, allowing competitors to access trade secrets.
The Federal Aviation Administration is creating new laws to help defend against malevolent drones, but nothing is standardized at this time. Security executives can help protect their companies by ensuring drones utilize a hyper-secure wireless network that includes role-based access; more than one admin account to manage the network devices’ security configurations; encryption and authentication protocols; and secured key distribution. This will minimize the risks of being hacked and ensure the drones stay on task and secure.