Can Amazon drones or Mars rovers be hacked? Very easily, UBC research suggests

WATCH: Security concerns about hacking as drone deliveries start

As automated drones and robotic vehicles become more popular — and are employed by everyone from Amazon to NASA — new B.C. research suggests the machines can be hacked with relative ease.

Researchers from the University of British Columbia (UBC) faculty of applied science designed three types of stealth attacks that caused drones and robotic vehicles similar to the Mars rover to crash, miss their targets or significantly delay completing their tasks.

Delivery by drone growing in remote areas before cities
Delivery by drone growing in remote areas before cities

Karthik Pattabiraman, an associate professor of electrical and computer engineering who supervised the study, says it took very little for researchers to infiltrate those machines, whether they were real or simulated.

READ MORE: Drones might not be flying for Black Friday deliveries, but they are here

“We’re on the verge of a revolution where these devices are going to be widely deployed in the next few years for deliveries and whatnot, and we need to start thinking about their security,” he said.

Story continues below advertisement

More concerning, Pattabiraman says, is the disruptions could also impact other devices controlled remotely, including smart TVs, smart cars and home assistants like Amazon Alexa.

Pattabiraman added many people who own such devices, and maybe don’t take the security precautions that Amazon does, assume they’re the only ones with access. That’s not the case.

Delivery by drone growing in remote areas before cities
Delivery by drone growing in remote areas before cities

“These devices are all connected, meaning anyone can access them remotely, but also the bad guys can access them because they’re connected to the internet,” he said.

The study looked at the special algorithms used by drones and robotic vehicles that keeps them on track while in motion.

While those algorithms are used to flag unusual behaviour to stage an attack, researchers say hackers can exploit natural deviations from the travel plan that are allowed to account for wind and friction.

READ MORE: Gun-toting drones, remotely hijacked cars: Is this the future of murder?

The UBC team developed an automated process that allows a hacker to quickly learn those deviations, then use that information to launch a series of attacks the vehicle can’t detect until it’s too late.

Pattabiraman says the goal of the study is to warn companies about the security risks posed by not protecting against such easy hacks, and to develop safety measures that can keep the devices moving.

Story continues below advertisement
How to keep your personal data safe from hackers
How to keep your personal data safe from hackers

“If your device only has one layer of protection, like a password, and they breach that, then they can do anything they want,” he said.

“If there are multiple layers of protection, then an attacker’s job becomes much harder.”

Tweet This

The research team’s paper on their findings includes suggestions for such countermeasures, including developing self-adjusting deviation thresholds.

The findings will be presented by the team at the annual Annual Computer Security Applications Conference in San Juan, Puerto Rico, next month.