Cybercriminals use drones to steal information by hacking the device through various methods.  Is there anything cybercriminals can't use to break into the devices of businesses and individuals? Well, it would suffice to say a non-electronic object, but just the opposite abounds in our lives. We are making more and more use of electronic devices, both for work and for leisure; in many cases, those devices are common.  One of them, which has gained a lot of fame in recent years among children and adults, is the DRONE. Drones have become a work tool thanks to their capabilities, which have drawn the attention of a very dangerous sector, that of cybercriminals. They have become a weapon that they now use to carry out cyber attacks. Drones are another option that cybercriminals use to steal information.

Now, what are they capable of doing? Depending on the level of the cybercriminal, cyberattacks can be carried out on companies or institutions, although they are not the only ones. They can also be used to cyberattack ordinary users, specifically to get hold of their data or money, among other options. As if this were not enough, peripherals can be added to these devices to improve their specifications: thermal sensors, microphones or cameras in the case of not come as standard. Cybercriminals, knowing their vulnerabilities, easily hack them and publish how to do it on the networks. Although there are indeed several methods to achieve this, the four most used are Cyber Take-Over, by inhibiting its radio frequency, GPS spoofing and through SkyJack technology, which uses hardware (a Raspberry Pi) and specific software. All of them are easily accessible and achieve satisfactory results.

We will briefly explain what each method consists of. We start with Cyber Take-Over, which is using a packet analyzer to hack the communication signal between the drone and the operator. As it is not encrypted, it is done in a very simple way and allows you to take full control of the device and the system. The second method, inhibition of its radio frequency, consists of altering the communication between the drone and its operator so that the devices lose the video, telemetry or even GPS signal. About the GPS spoofing method, say that software is used to supplant the drone's GPS signal and thus send it to false coordinates and thus take control.

The fourth method, SkyJack, which allows hacking multiple drones with a single drone, is to use a Raspberry Pi and the "SkyJack" app to listen to and monitor other types of drones and thus hack them. As you can see, there are several options and all of them are perfectly valid to gain control of the drone or to use your own for illegal activities. Drone hacking is yet another proof of the capabilities of cybercriminals to take advantage of any electronic device. Perhaps this will serve, in the not-too-distant future, so that drones have better security measures. It is a very widespread object, which can be accessed even by children.

DOUBLE VERIFICATION - MANDATORY
From 1st October 2022 - 2 Factor Authentication (2FA) will be mandatory for all BAT users to be compliant with our high security standards

Alvaro Gonzalez Cyber security expert for BAT