Dangers of the digital world

We have gone almost fully digital nowadays, in almost every aspect of our lives, the trivial part and the most complicated part. Our cars are computerized and programmed, trains and aircrafts are run by computers, and now unmanned air vehicles, which are also known as drones, are controlled remotely and flown without a pilot on board.

Such revolution has provided tremendous benefits; it has optimised the operations of those costly machines and has reduced operating costs.  

However, this has introduced new types of threats and attacks that we are not accustomed to. Hence, proper security measures and practices must be put in place. Let’s take a brief journey in this realm to see some of the potential threats and how to combat them.

FBI arrested a suspect on April 2015 who claimed on Twitter to have hacked into several aircraft. According to FBI documents, the suspect claimed that he managed to hack into aircraft dozens of times in the past few years, and in one case after taking control over the engine he was able to make it climb upward.  

The suspect has exploited vulnerabilities in major aircraft types along with the weakness in the popular in-flight entertainment systems. These claims have been rejected and denied by the airlines involved, and the manufacturers of both the aircraft and the in-flight entertainment systems.

The suspect explained that he only meant to point out the vulnerabilities for quick resolution, a type of “ethical hacking” practice without any malicious intent. The positive side of this FBI case is that all the parties involved have taken this claim seriously to deter any future attempts and put the public at ease regarding their safety, despite any added costs incurred.

At the end of the spectrum from commercial aircraft, drones have gained wild popularity recently. Those unmanned, remotely controlled small-sized aircraft have opened unlimited frontiers for all types of businesses, including package delivery, agricultural purposes, providing aid and supplies in natural disasters, and military action.  

The usage has also reached individuals at a personal level due to the relevantly low cost of such machines. And along with the increased popularity, the potential threats started to reach the light. In this year there have been two major documented cases where vulnerabilities have been uncovered, luckily both by research scientists.

The first case was by an IBM security researcher who presented the results at the major IT security conference Black Hat Asia 2016 in Singapore in April. He demonstrated his ability with somehow low efforts to control powerful drones that are usually used by police and governmental entities with an average cost of $30,000 with simple equipment that cost merely $40. The IBM security researcher has exploited several vulnerabilities which can be thought of as simple security weaknesses, they should have been avoided in the first place.  

Such weaknesses included a vulnerable encryption protocol between the legitimate end user and the controller module of the drone that can be hacked easily, and a radio communication between the controller module and the drone itself which lacks any encryption (in order to increase the performance and responsiveness of the drone to avoid delay in executing commands).

The second case was identified in June last year by scientists from the famous research university Johns Hopkins in the US, however, their focus was on normal drones that are meant for personal use. One vulnerability is to draw the drone with huge number of requests for wireless connection, in the range of thousands per second, which causes the drone’s system to overload and shut down. Such attacks are known as denial of service attack which can be easily avoided.  

Other vulnerabilities are sending large data packet to the drone which it can’t handle, causing its system to crash, or for an unauthorised person to impersonate the legitimate user by way of intercepting the communication.  

All of these vulnerabilities are not new to the IT world, nonetheless, they do show how drone manufacturers are combining safety and security with better performance and quick-to-market delivery.

The moral of the story is that new, innovative and fully electronic approach can be extremely rewarding for businesses, to achieve their strategic goals and targets. On the other hand, it is of extreme importance to ensure that going down the path of new innovation does not jeopardise any stability or security; quick return in investment should not be at the expense of future disasters. And all manufacturers should take these cases as a lesson, to invest early on to find out all vulnerabilities and weakness in their machines before they are actually exploited by malicious individuals with dire consequences.