As automated drones and robotic vehicles become more popular — and are employed by everyone from Amazon to NASA — new B.C. research suggests the machines can be hacked with relative ease.
Researchers from the University of British Columbia (UBC) faculty of applied science designed three types of stealth attacks that caused drones and robotic vehicles similar to the Mars rover to crash, miss their targets or significantly delay completing their tasks.
Karthik Pattabiraman, an associate professor of electrical and computer engineering who supervised the study, says it took very little for researchers to infiltrate those machines, whether they were real or simulated.
“We’re on the verge of a revolution where these devices are going to be widely deployed in the next few years for deliveries and whatnot, and we need to start thinking about their security,” he said.
More concerning, Pattabiraman says, is the disruptions could also impact other devices controlled remotely, including smart TVs, smart cars and home assistants like Amazon Alexa.
Pattabiraman added many people who own such devices, and maybe don’t take the security precautions that Amazon does, assume they’re the only ones with access. That’s not the case.
“These devices are all connected, meaning anyone can access them remotely, but also the bad guys can access them because they’re connected to the internet,” he said.
The study looked at the special algorithms used by drones and robotic vehicles that keeps them on track while in motion.
While those algorithms are used to flag unusual behaviour to stage an attack, researchers say hackers can exploit natural deviations from the travel plan that are allowed to account for wind and friction.
The UBC team developed an automated process that allows a hacker to quickly learn those deviations, then use that information to launch a series of attacks the vehicle can’t detect until it’s too late.
Pattabiraman says the goal of the study is to warn companies about the security risks posed by not protecting against such easy hacks, and to develop safety measures that can keep the devices moving.
“If your device only has one layer of protection, like a password, and they breach that, then they can do anything they want,” he said.
The research team’s paper on their findings includes suggestions for such countermeasures, including developing self-adjusting deviation thresholds.
The findings will be presented by the team at the annual Annual Computer Security Applications Conference in San Juan, Puerto Rico, next month.