Creating a Drone Threat Model: Understand the Impact of a Breach


From hobbyist and enthusiast looking for exciting recreation, to air force commanders coordinating military campaigns, Unmanned Arial Vehicles (UAV) – or drones – are in the air and in the news. And as one might expect, where there’s new technology based on wireless computer communications, cyber security issues are sure to follow. Historically, security has followed technology as little more than an afterthought – and with predictable results as one hack follows another. This is why a proactive drone threat model needs to incorporated during the design and prototyping phase.

Why an Integral Drone Threat Model is Needed

No sooner had Jeff Bezos announced Amazon’s launch of parcel delivery via drones than noted Myspace hacker, Samy Kamkar, announced that he created a software package designed to hack into drones and take over their operational functioning.

Currently drones, even those which are military grade, are developed to maximize flight time, maneuverability, and payload capacity while minimizing production and operational costs. With the focus on efficiency, very little forethought has gone into considering potential attack vectors or potential uses of a hijacked drone. This has left drones wide open to cyber threats.

Early this year for example, US patrol drones were easily redirected from their flight path to allow drug traffickers to cross the US-Mexico border with impunity. Another security researcher has demonstrated the ease with which hackers can exploit a drone’s “telemetry box” and take over law enforcement drones from more than a mile away. Because attackers are able to find and exploit design and production-level vulnerabilities, the imperative of cyber security officials, engineers, and even top managers is to create and incorporate a detailed drone threat model at these initial stages. For decades, organizations have developed and implemented software with security as an afterthought. This has allowed cyber criminals to successfully mount spectacular breaches costing targeted companies hundreds of millions and exposing the individuals to inestimable potential collateral damage. If our cyber security history offers any lessons, it’s that patching the vulnerabilities after the exploit is a costly cat-and-mouse game where the attackers control the game dynamics.

Threat modeling is a way of changing the game dynamics by approaching the emerging technology like an attacker: considering potential vulnerabilities and nefarious uses during the design and production stages so that effective countermeasures and security protocols can be integrated into the new software or hardware before the first unit is produced.

Think Like an Attacker

In building a drone threat model, you must start thinking like an attacker. Why would an attacker exert the effort and take the risks of seizing control of a drone? The first thing to consider is that drones are, by design, aerial vehicles often with some manner of payload. By seizing control of the drone, you have at your disposal both the drone and any payload it was carrying.

The payload can be stolen or tampered with in such a way so as to be weaponized. A person anticipating delivery of a legitimately ordered parcel receives instead a bomb, a life-threatening toxin, or an extortion or ransom demand.

The drone itself, because it is an unmanned aerial vehicle and depending upon its size, can be used as a flying weapon against motorists or pedestrians, or loaded with a weaponized payloads and flown to specific targets. Or, of course, the drones can just be forced to crash, damaging both the drone and its payload.

Drones can also be breached for their flight data, which contains geolocation information, product information, and flight path histories.

If designers and programmers can visualize the threats that a compromised done poses and the vectors by which attackers can potentially exploit a drone’s systems, they can then consider and evaluate reasonable defenses against those threats.

Imagine Covert Monetarization

Professional cyber attackers do what they do for one of two reasons: either they seek to target an individual or a specific group with the intent to do them harm, or they seek to covertly gather information which can be monetized. Drones and their easily exploited vulnerabilities provide a vast new array of opportunities for such individuals.

Some drones, such as those used for law enforcement and border patrol, carry a payload of sophisticated visual and electronic surveillance equipment. Such equipment, in legitimate hands, is intended to keep citizens safe and aid in the capture of criminals. But the data feeds and communications of drones are easy to override, putting the drones into the hands of stalkers, drug traffickers, corporate spies, and thieves hoping to look over your shoulder as you conduct business at an ATM. Data gathered by law enforcement agents can be stolen or redirected.

Building an effective drone threat model requires that you think about how information can be breached and monetized or used to harm specific individuals.

Understand Creativity

A key difference between a novice who understands the basics of the game and a seasoned chess master is how far ahead the master thinks compared to the novice. The same is true of cyber attackers. There are those whose sole purpose is to make an immediate profit or find an attended assault target. Then there are those who creatively strategize well beyond the lure of a quick result, looking for game-changing advantages and long-term gains.

To what end, then, could a misappropriated surveillance drone be creatively employed? Understanding criminal creativity provides insights to potential attack vectors and misappropriated uses necessary for an effective drone threat model.

The rapid advancements in hardware technology has brought UAVs out of the exclusive domain of the military and increasingly into our common experience. The inherent threats to drone security can be found long before the operational phase. It is found in the lack of understanding how attackers think and what attackers hope to accomplish. However, by incorporating an effective drone threat model during the early stages of development, security and attack countermeasures can be integrated at an early stage. The end result will be a new class of drones that are both economical and secure.

Creating a Drone Threat Model in ThreatModeler™ only takes Minutes

ThreatModeler™ makes it easy to produce consistent, actionable threat modeling outputs. Users simply need to create a Visio-like diagram. ThreatModeler’s advanced threat framework – automated by the Intelligent Threat Engine and Centralized Threat Library – does all the rest. The following drone threat model was created by a non-securitiy expert in about 15 minutes:

drone threat model

A summary report of the 168 threats and 70 security requirements identified by ThreatModeler™ can be downloaded here.

Interested in learning more about drone threat modeling?

Schedule a live presentation of ThreatModeler™.

Comments are closed.