Security researchers at Johns Hopkins University are intentionally crashing commercial drones in the hope of persuading manufacturers to improve the security of their devices.
Drone sales have skyrocketed in recent years, proving popular with photographers, industry and even racing enthusiasts. But Lanier A. Watkins, who led a team of students in the research, says that manufacturers have left many security weaknesses in their haste to get products to market.
"You see it with a lot of new technology," he added. "Security is often an afterthought. The value of our work is in showing that the technology in these drones is highly vulnerable to hackers."
Over the past year, Watkins tasked a group of master's students with finding a security exploit in an unspecified popular drone model. They found not just one, but three major flaws in its software.
In the first, they sent the drone 1,000 wireless connection requests in quick succession, each asking for control of the device. The bombardment overloaded the drone's CPU, causing it to shut down and fall out of the air.
In the second, they sent it an exceptionally large data packet - larger than the capacity of its memory buffer. Again, this caused a crash.
For the third, they sent digital packets to the drone's controller from their laptop, tweaked so they appeared to be coming from the drone itself.
After a while, the controller began to mistake the laptop for the drone, severing its connection to the aircraft, leading the drone to make an emergency landing.
"We found three points that were actually vulnerable, and they were vulnerable in a way that we could actually build exploits for," Watkins said. "We demonstrated here that not only could someone remotely force the drone to land, but they could also remotely crash it in their yard and just take it."
Earlier this year, the team notified the manufacturer of the targeted device of their findings, but the company had not responded by the end of May.
Watkins says that he hopes that publishing his group's work will serve as a wake-up call so that future devices come with better security precautions built in.