With three types of attacks directed at these vehicles, the team of researchers from the UBC’s Faculty of Applied Sciences managed to get them to divert their targets, delay their missions or simply crash. The attacks required minimal or no human intervention to succeed.
Robotic vehicles set their route using special algorithms, which seek to stay on the right track while in motion. In addition, they are prepared to respond to the action of external factors, such as wind and friction, by setting alternative paths. It is these deviations that the attackers can exploit to divert the vehicles from their course.
In spite of the fact that most of these unmanned means of transport have mechanisms that detect unusual behaviors, such as eventual attacks, the vulnerability mentioned above goes unnoticed for these guarding systems.
“We saw great weaknesses in the software of robotic vehicles, which could allow attackers to easily interrupt the behavior of many different types of these machines,” said Karthik Pattabiraman, professor of electrical engineering and computer science who oversaw the study. “Of particular concern is the fact that none of these attacks could be detected by the most commonly used monitoring protocols,” he added.
The team after this research developed an automated process that allows an attacker to detect and learn in a short time what are the allowed deviations of robotic vehicles running conventional protection systems. This information in the hands of hackers can be used to launch a series of automatic attacks that the vehicle cannot detect until it is too late. This in addition to affecting drones, could affect other unmanned vehicles, such as the rovers used in the exploration of Mars.
“Robotic vehicles are already playing an important role in surveillance, warehouse management and other contexts, and their use will become widespread in the future,” says Pritam Dash, a graduate student in Electrical and Computer Engineering at UBC and lead author of the study. “We need security measures to prevent drones and other unmanned vehicles from causing serious economic, property and even physical damage”.
This would clearly not only affect Amazon Prime Air drones. They are cited as an example at the beginning of the article due to their popularity, but it should be remembered that companies and services such as Wing (from Alphabet), Uber Eats, DHL, UPS and others, have set their interest in these vehicles to implement them in their delivery systems. In other areas, they are also being used for firefighting, agricultural work and security.
With the publication of this research, a new challenge arises for these actors, as there is a need to strengthen the safety mechanisms behind the drones used in these services.
The researchers, after pointing out the vulnerabilities they found, offer the basis for taking some countermeasures, in a recent article describing their findings. They will present their work next month at the Annual Conference on Computer Security Applications in San Juan, Puerto Rico.