Frontline
“While the consumer may save a few dollars by procuring a (cheaper) product, the actual cost to them in terms of compromise and information loss may be significant, not to mention potential for reputational damage”
have updatable firmware, as a result of using low-cost items. “While the consumer may save a few dollars by procuring a (cheaper) product, the actual cost to them in terms of compromise and information loss may be significant, not to mention potential for reputational damage”. Ensuring IoT devices are secure is just the first step though, with the Work Stream also developing guidelines for the actions and notifications that need to take place when a breach is detected. The second half of the evening was dedicated to drone security. Key speaker Mike Monnik is a Senior Consultant at PrivasecRED and director of DroneSec, and his passion for drone technology is obvious, being an avid drone-user himself. “I absolutely love flying my own drones and hope that stricter regulations do not stifle innovation or remove the ability for commercial or hobbyist flyers to enjoy this technology”. Given that drones as we currently know them are basically flying computers, Mr Monnik explained why it’s important that these devices need to be held to the same strict security regimes as other devices, especially given their ability to penetrate once-secure areas. “Drones are unlike planes or cars where the operator is within the vehicle, ownership is clear and fines enforce regulation. Operators are disconnected from drones and penalties are harder to enforce
– and (easier to) bypass.” Some of the key areas Mr Monnik identified as upcoming security threats involving drones include their use in counter-surveillance of police and military operations, quoting the recent use of a US$3 million Patriot missile to take down a small consumer drone being used to observe US armed forces during an overseas military operation. Many drones can now also be equipped with Wi-Fi sniffing devices, allowing operators to remotely access networks that are behind secure perimeters or in skyscrapers. While some drones already have GPS-based geofencing, stopping them from flying into certain restricted areas, this can easily be bypassed by hacking the drone’s firmware. To combat this, Mr Monnik thinks it may be necessary to install dedicated anti-drone infrastructure. “I don’t believe geofencing is a sufficient defense mechanism when reliant on the manufacturers, and so dedicated anti-drone infrastructure does become more appealing. It’s also advantageous in that it’s protecting a specific site.” Australian company DroneShield is one such manufacturer of these devices, which recently received Airport Environment Certification ensuring that its anti-drone technology does not interfere with aircraft or ground control avionics. Another security threat concerning drone use is that of a user’s camera feed or drone controls being hijacked by a third-party. Highlighting just how easy it is to take over a
drone, 200 people at recent events including PlatypusCon, GoGirlGo4IT at Deakin University and SecTalks managed to do so in under two hours. Yet introducing heavy encryption between the user and the drone can result in increased latency and higher processing requirements, both of which lead to a less than optimal user experience. Mr Monnik hopes that work in this field might lead to, “…innovation in encryption standards that require being robust while providing speedy communication.” Overall, Mr Monnik believes that drone users with enhanced security needs should have security embedded into the drone program, be it via encrypting the drone’s storage devices, customising the operating system in Wi-Fi based systems, as well as other methods that require a specialist to focus on the issue. With cybersecurity still lacking in many traditional computer-based networks, it seems there is an entirely new field of security yet to be tackled. It’s heartening to see Australian groups are already forming to take this realm headon, with the end goal of a safer, secure cyber-ecosystem. With smart-devices, autonomous vehicles, and armed drones becoming ever more popular, the need is greater than ever.
Australian Security Magazine | 19