UAVs are making their way into the Internet of Things world. Drones are already deployable to distant places. For instance, DroneDeploy integrates telemetry devices into UAVs avionics. This permits to transmit data in real-time. It is possible to plan missions in a web-browser and upload tasks to your drone.
Drones may carry numerous types of sensors for multispectral and UV cameras, thermal imaging, microphones, and sniffers. PrecisionHawk creates a wide range of swappable sensors, you simply have to snap them into place.
Drones are reprogrammable in the mission. With SenseFly’s software, you can pick any place on the map redirect the drone, order it to accomplish an alternative mission, after that resume and do the initially programmed task, etc.
Drones are also effective at measuring everything and wherever you need it. Like in the case with LiDAR (Light Detection and Ranging). At the GIS market, you can find high-performance UAVs capable of doing unmanned distant laser scanning.
Present day drones incorporate many things in order to fly: ground control stations, avionics, communication systems, processing and data collection software, and certainly GPS. They are multifunctional flying vehicles that can be called IoT in motion.
Cyber security risks of IoT and drones
Cybercriminals change their focus to a new malware variety roughly every three or five years. The biggest cyber threat of the present day is called ransomware. Ransomware authors infect devices, encrypt valuable data and then ask to make ransom payments.
After initially targeting individual computers the next wave of ransomware attacks does not go for our data files but instead our IoT devices. UAVs are exposed to these risks more than ever. This ransomware transformation makes it more damaging and harmful due to the special nature of IoT security.
Besides their anonymity, the major strength of the most successful ransomware such as Thor is their irreversibility. These viruses use unbreakable RSA and AES crypto. Victims have no other option than to pay if they want to get their files back.
Some may think that if IoT devices store minimum or no data at all, that makes them economically unprofitable to ransomware authors. It is not really so. IoT ransomware may turn off cars, burn your home, or stop manufacturing lines. This prospective to bring greater destruction and problems indicates cybercriminals will be able to demand larger ransom sums, turning ransomware into an attractive marketplace to dive into.
You may say that IoT hacks may very well be stopped by a quick product reset. It is not the case here, people are going to pay not because they may just loose (sometimes cheap Chinese) drones forever but rather because of potential harm and losses in the event of inability to use their devices for any period of time. Like in the case with thermostat - you may lack valuable time to get home to prevent it burn you house.
Extrapolating ransomware on UAVs a bit more, imagine you want to make photos of your neighborhood. After several successful shots, the hackers begin blackmailing you into paying a ransom threatening to put photos online for your neighbors to see themselves naked. Your drone is in the sky, possibly not visible, and already not responding your commands. Even if you do not care about its price and ready present it to crooks, you should care about neighbors’ photos.
It is still early to declare the IoT ransomware is already a big threat. The IoT firmware and UAVs, in particular, are fragmented, usually missing standardized processes, communication, and operating systems. Each new offense may affect only a certain kind of device. This fact substantially decreases the quantity of objects that may be attacked simultaneously. However, this condition is sure to change in the upcoming years and maybe months, since IoT tends to be more widespread.
Any IoT gadget is not made to stay secure all the time, it should be patched and updated. And it should be done securely, otherwise, update signals may themselves turn into channels to invade systems with viruses.
Secure updating implies locking the firmware and processor and encrypting the communication. There is a strong reason to use solid authentication techniques to minimize IoT cyber assaults. In many situations, IoT products are not even authenticated, which makes them easy to spoof.
For now, the bad guys are still researching the potential economic value that IoT viruses can possibly provide. At the same time, security attempts made by creators and adopters of IoT tools leave much to be desired.