Written byPatrick Howell O'Neill
It sounds a little bit sci-fi, but make no mistake: The next front in cyberwar is literally above your head.
Military technology companies from around the world are rushing to design, build and sell drones that hack and track, while others want to own the business of hacking of the drones themselves. The burgeoning market is foreshadowing battles that could play out in the skies and, for some companies, bring significant profits.
It’s an immature set of technologies — lots of marketing, precious few finished products — but there is a growing appetite for them.
“This market is about to blow up,” said Francis Brown, a partner at the cybersecurity consultancy Bishop Fox. “Everybody’s trying to grab market share. The next year or two is going to decide who will become Pepsi and Coke out of all these products.”
As an act of research, as opposed to selling a product, Brown and Bishop Fox put together a “Danger Drone” last year that was essentially a $500 penetration testing setup with a Raspberry Pi computer duct-taped to the top. It was simple — and tantalizingly effective. A video shows it hijacking a wireless mouse from outside a building.
After demonstrating the tactic at last year’s DEFCON security conference, Brown said he was approached by high-profile people in the government and commercial sectors looking to buy and build their own. Those conversations proved to Brown that he was on to something.
The versatility of drones is the key: Their ability to hover out of sight, unmanned, makes them attractive to militaries, spies, government agencies and criminals alike. Their reliance on wireless connections and computers, meanwhile, makes them vulnerable to cyberattacks, whether it’s from other drones or hackers on the ground. There’s money to be made in using them to attack and in defeating them.
Selex Galileo, a multibillion-dollar American-Italian tech military contractor, is designing a small drone expressly for electronic warfare and cyberattacks. First spotted in a patent application, the 20-foot-wide unmanned aerial vehicle boasts the NASA-designed Prandtl wing — originally meant to be used on Mars — as well as hydrogen fuel cells, carbon fiber wing skin and electronic and cyber payloads carried in the fuselage.
Galileo wouldn’t answer questions about the drone, but patent documents show it’s designed primarily to electronically disrupt surface-to-air missile systems. Carrying an electronic warfare device weighing just about 8.8 pounds, it would fly at speeds just below 150 miles per hour and stay aloft for at least an hour. In that time, the drone could interfere with communications systems like Bluetooth or disrupt Wi-Fi on targets.
The drone is also designed to handle a suicide mission: The electronic warfare unit would self-sanitize its memory if it crashes.
Late last year, the Israeli firm Septier Communications announced the first drone to intercept and listen in on phone calls and data passing through smartphones.
First unveiled at the Milipol Homeland Security industry show and covered by Intelligence Online, Septier’s unmanned aerial vehicle advertises a 90-minute flight time and a max speed of around 30 miles per hour. The company has been in the snooping business for years, so it outfits the drone with one of its network interceptors, which can listen in on 2G, 3G and 4G networks. The Septier drone’s max interception range of 1 km is meant to make it physically undetectable by its snooping target.
The drone most likely utilizes close proximity downgrade attacks that force a device on a high-security network like 4G to downgrade to older, lower quality and less secure networks like 2G. It acts in some ways like an airborne Stingray, the cellular surveillance device in wide use by police across the United States and around the world.
Is this actually a big upgrade on Stingrays on the ground or is it mostly marketing fluff taking advantage of the ongoing drone boom? Septier isn’t talking. Bishop Fox’s Ryan Naraine said that the market is definitely preparing for the next iteration of electronic surveillance tools.
“We don’t view drones as unmanned aerial vehicles,” Naraine told CyberScoop. “From a threat vector standpoint, we view them as vehicles for high-end cameras for physical spying or hacking tools.”
Selex Galileo and Septier are not the only interception companies putting new surveillance tools into the sky. The French company ECA is putting an IMSI catcher, interceptor and high definition video camera on to drones this year.
While the market for military drones is taking off, the counterweight is the booming anti-drone market. For as long as there have been drones, people have wanted to take them down. There are a long list of marketed methods, from DroneGuns and nets and weights to “Sky Net shotgun shells.”
The most interesting anti-drone tactic, however, may be hacking into them.
Co-founded in 2015 by two veterans of Israel’s cutting-edge intelligence Unit 8200, ApolloShield sells a “CyberBox” which it advertises as doing “all the magic” of detecting and taking over drones that wander into a customer’s territory.
ApolloShield’s engineers build out and maintain an arsenal of radio frequency jamming techniques, denial-of-service attacks and zero day exploits that either brick the drone, trick it or take it over completely.
Calling it “magic” might be a bit much. As is the case with a lot of Internet of Things devices, commercially available drones don’t have much security built in — if any at all. In some cases they go from store shelves to critical missions, without much attention paid to their vulnerabilities. For a sophisticated hacker, taking one over isn’t necessarily a tough job.
“There is no drone security,” Robert Nickel, a researcher at the mobile security firm Lookout, said. “No one is even doing any of that stuff. It’s just not thought about. It’s more about radio interference and signal problems in the field rather than security because until recently they weren’t doing anything important.”
That means anyone in government or big business will want to test new drones thoroughly or risk spending millions only to fall into the security traps that affect so much of the market today.
Whether it’s easy or not to hack into a drone, the world is starting to see the appeal of the idea, ApolloShield CEO Nimo Shkedy told CyberScoop.
“We’re at this stage now where a lot of our customers have more and more evidence that drones cause problems for more and more types of secure sites, whether it’s a matter of irresponsible or nefarious operators flying the drones above prisons, private estates, corporate headquarters, taking photos where you shouldn’t be taking photos or putting people on the ground at risk,” Shkedy said. “At places like stadiums or oil refiners, a crash can be fatal. Of course, all these places all have terrorism threats too.”
Shkedy views ApolloShield to be like “anti-virus for the sky” in that it’s continuously, endlessly searching for new threats and keeping customers up to date. One comparison is Cellebrite, the smartphone hacking company that employs teams of engineers to look at every new smartphone on the market and, as quickly as possible, figure out how to crack it.
ApolloShield has a lot of company in the market. Selex has its own drone hacking product called Falcon Shield. Another Israeli company, Elbit Systems (most known for hacking political dissidents in Africa) sells its ReDrone product that hacks and diverts targeted drones. Israel Aerospace Industries has been selling its Drone Guard product since 2016.
There are something like 89 major products in the drone defense market. It’s crowded right now and experts expect the winners to whittle the market down soon.
“The next two years are going to be big time,” Brown said. “Everyone is dumping money into this.”