Industrial facilities should be on guard against drones. Even off-the-shelf versions of the unmanned aircraft could be used to disrupt sensitive systems.
On Wednesday, Jeff Melrose, a presenter at Black Hat 2016, showed how consumer drones could do more than just conduct aerial spying. The flying machines can also carry a transmitter to hack into a wireless keyboard or interfere with industrial controls, he said.
It’s not enough to place a fence around a building to keep intruders out, according to Melrose, who is a principal tech specialist at Yokogawa, an industrial controls provider. These days, some consumer drones can travel up to 3 miles (4.8 kilometers) or more.
“Drones can tailgate workers easily as people now,” he added. “Many drones can navigate inside buildings.”
That makes them a potential security risk. A hacker could easily pilot one and land it on a building’s roof to secretly conduct surveillance through the onboard camera, he said.
In addition, the machines could interfere with a facility’s computers and other equipment. Melrose has been testing this possibility with DJI Phantom drones, which can be bought for US$500 or more.
He noted that many consumer drones can carry a small payload of a few kilograms or enough to haul a transmitter. That transmitter could be used to jam or send radio transmissions.
Melrose tested this by fitting a drone with a 20 feet-long tether that hauled the transmitter through the air. He found that it could easily hover over a target or follow a moving object while the transmitter operated.
The danger is that a drone could send off enough electromagnetic interference to disrupt the wireless networks controlling important utilities, he said. In the past, naval radar systems have done just that and accidentally forced pipelines to malfunction or burst.
Cybercriminals could also use a drone’s transmitter to hack into wireless keyboards or mice by exploiting the “MouseJack” vulnerability, a problem found up to 100 meters away in peripherals made by Microsoft, Logitech, Dell and others.
“Which is why we told a lot of our customers to get wired keyboards,” Melrose added.
He’s advising that industrial facilities consider incorporating more redundancies in their wireless networks to prevent interference. The security guards on site should also be watchful for drones that might be hovering nearby or snooping over a rooftop.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.