Hacking Drones: 802.15.4 and 802.11

Wireless Wonk

Hacking Drones: 802.15.4 and 802.11

By Barlow Keener, Attorney  |  March 08, 2016

What’s the big deal with new flying battery-powered toys that the FAA is spending our tax dollars trying to regulate? The big deal is that drones are low-cost, extremely mobile IoT devices capable of collecting data and moving goods as we’ve never seen before. They will change everything that we know today from package delivery, farming, warfare, construction, security, trash collection, and public safety.

The Teal Group estimates that drone sales will increase in 10 years from $4 billion to $14 billion annually. The FAA reported that 1 million drones were to be sold in the last quarter of 2015 alone. New generations of drones will fly longer, go further, and be smaller. They will be fully autonomous, not requiring human touch to fly them, just as cars will not need humans at the wheel. Never, in aviation history, has so much constant innovation by so many startups occurred as with drone development. We could potentially have more than 3 million registered drones flying around the U.S. in just three years. We could have even more unregistered, micro-drones weighing less than .5 pounds flying around inside our buildings and homes.

Starting on Dec. 3, 2015, the FAA required drones over 0.5 pounds to be registered. In the first month, users registered 300,000 drones. Drones used for commercial purposes – like selling YouTube (News - Alert) advertisements – are required to go through an expensive and relatively complex filing of a petition for exemption from FAA regulation Section 333. So far the FAA has approved only 3,146 commercial petitions and rejected 399 petitions. Section 333 case-by-case approvals are for drone uses like wedding photos or skiing photos. Why the FAA would undertake such a difficult task of approving on a case-by-case basis thousands of petitions for exemptions for taking photos from battery-powered toys weighing less than a pound makes one question our regulatory system. One drone required to be registered costs a mere $77 on Amazon, weighs 0.8 pounds, and can fly only 9 minutes. It would require a Section 333 exemption if used by a skier to video herself and then receive income from advertisers for her YouTube video.

The typical $1,000 drone is fully equipped with video cameras, microphones, GPS, other sensors like smoke detectors, infrared cams, and Wi-Fi. Some "toy" drones can fly to 400 feet, the height of a 40-story building, and stay up for 30 minutes. Drones can also be modified with larger gain antennas and higher powered Wi-Fi. Drones are controlled with radio controllers using an IEEE (News - Alert) standard 802.15.4 LR-WPAN or Low-Rate Wireless Personal Area Networks on unlicensed 900Mhz or 2.4GHz spectrum. The drone cams and sensors communicate back to the ground using Wi-Fi on 2.4GHz and 5GHz spectrum. There is the issue of unlicensed interference with 2.4GHz heavily occupied, but the small amount of bandwidth needed for 802.15.4 and the ability to use direct sequence spread spectrum and frequency hopping spread spectrum makes the probability of interference low. And there is a commonly used TI chip for the radio controller.  In other words, drones are using common off-the-shelf communication technologies and not proprietary, highly secured wireless connections.

Here is where cybersecurity and wireless comes to play. Those 1 million drones, taken over by bad guys, have the ability to listen in, or live-stream, private meetings without being noticed or to deliver unwanted objects long distances from the point of departure. Because the principle focus of the drone manufacturers has been flight capability and user experience, cybersecurity has generally been low on the list. HP Enterprise Security researcher Oleg Petrovsky presented at the Virus Bulletin conference in 2015 and explained that drone telemetry and typical drone command protocol execution are not well secured. The ground station controlling the drone can be spoofed. The telemetry data can be spoofed over Wi-Fi, Bluetooth, or ZigBee (News - Alert) (802.15.4). Security Week interviewed Petrovsky, who explained that the vulnerabilities could be dealt with by the cybersecurity firms working with regulators to make drones more secure.  

Regulators are addressing IoT cyber vulnerabilities such as Europe's upcoming ENISA's Network and Information Security Directive. Drones are sometimes lumped in with IoT devices; however, drones, crawling robots, and other autonomous moving devices should be treated by regulators as a distinct class for cybersecurity purposes. One other possibility is that, because Wi-Fi cybersecurity is more advanced and because of the sheer force of investment in Wi-Fi, a move to standardize drone control using Wi-Fi may be easier. Because drones by their nature fly and require wireless to do so, the FCC (News - Alert) should be studying the cybersecurity gaps, as the whole of society will suffer if drones are hackable. It is one thing to have malware take over a Nest thermometer; it is another to have a hacked drone flying outside your window.

Barlow Keener (News - Alert) is the principal with Keener Law Group (www.keenerlawgroup.com).

Edited by Rory J. Thompson