Listen: 3 Questions on Consumer Drones & Security

U.S. Marines in Syria in 2017, as seen from an aerial UAV.

screenshot via U.S. Marine Corps video

AA Font size + Print

U.S. Marines in Syria in 2017, as seen from an aerial UAV.

The U.S. Army recently banned soldiers from using a popular brand of consumer drone because of cyber concerns — and that's just one of the new security challenges posed by inexpensive yet capable flying robots.


Small, unmanned aircraft are revolutionizing civilian industries. But they’re posing new risks that are forcing military and security agencies to rethink their operations.

The Pentagon, for instance, just announced it will shoot down drones that threaten its bases.

And just last week, the U.S. Army banned its soldiers from using consumer drones from Chinese manufacturer, DJI — citing a classified “cyber” risk.

So we’re going to investigate three questions about this still-evolving industry to tell you a little bit more about the future — and risks — of consumer drones.

1. How many are already flying in the U.S.?

There are more than 880,000 total registered UAVs in the United States today.

The lion’s share belong to hobbyists. And 2017 has already been a busy year for the commercial side — nearly doubling the registered total since January.

And the companies atop the industry: Chinese drone maker DJI — valued at about $8 billion — has been crushing it, with an estimated market share of 70 %. Five of the top 10 companies come from China. France continues to sit well with Parrot at number two. And the U.S. rounds out the remaining spots.

And where to put your money? In a report put out just last year, the bank Goldman Sachs predicted $100 billion will be spent on both military and civilian drones by 2020. Leading the commercial side: construction, agriculture, insurance and infrastructure inspection.

The FAA’s prediction over the next five years? 3.5 million registered drones; maybe a million more.

The number of registered non-drone aircraft? That’s only about 320,000.

So between buzzing sensitive airfields and secretive military bases, or surveying any one of the Department of Homeland Security’s 16 kinds of critical infrastructure — it’s not hard to see airspace and trespassing problems on the horizon.

Some companies — like 3D Robotics — have already ditched the hobbyist side of drones, focusing more on software to help professionals interpret the data UAVs can collect.

Which leads us to question number two…

2. What can they do?

Among the growing applications—

  • 3D modeling / computer mapping
  • Land / infrastructure survey
  • Aerial inspections of oil and gas facilities, solar power installations, and wind farms.
  • Agriculture and crop monitoring
  • And delivery systems for companies like Amazon

And the more traditional applications—

  • Real Estate
  • Photography
  • Emergency response units.
  • And of course the military — from public relations aerial photography, to surveillance and overwatch on battlefields like the war against ISIS in Iraq and Syria.

Which brings us to…

3. How much does it matter what bad guys can do with them?

One expert who knows a thing or two about terrorists’ capabilities is this guy.

“Hey I’m Brett Velicovich, I’m the founder and CEO of Expert Drones — we’re one of the largest brick-and-mortar consumer drone companies in the United States.

“My background is army. I used to work in the intelligence corps. I worked a lot with drone technology, UAVs, ISR — all the fancy tech that we have to go after terrorists around the world…

And how can terrorists make these things lethal?

“All it takes is really something as simple as this. Ok, right here is a device that is built to trigger a payload. So this actually hooks onto the sides of this, underneath, and this closes. And all you have to do, something for less than a hundred bucks, is literally put it on the bottom of this, and it allows you to trigger a mechanism that will release a payload…”

A delivery system that’s seeing wide interest in emergency and medical services . For good, in other words.

“When you look at the other side and you see how effective drones are and how these cameras can look at irrigation issues, how they can check for disease, how they can do crop monitoring, how they can even spray pesticides now — you’re like, ‘why aren’t you using this?’ But if they’re not using it, it doesn’t matter. And the funding isn’t there to support it.”

Not yet, anyway. Meantime, he said:

“There’s a debate over the lethality of consumer drones being able to drop an artillery shell, or a grenade or a mortar. The problem is, yeah, absolutely it could kill somebody. But it’s not at the lethality that a Hellfire missile would have. The issue is that that’s changing. …all these manufacturers, all day long they’re trying to figure out ways to be able to put heavier payloads on a drone, so you can carry more explosives on it, how to make it lighter, how to make it fly further, how to make the battery last longer… And there’s a gap between government, fancy drone tech and consumer tech is slowly closing. And I think it’s important America gets a handle on that.”

Helping us get a handle on it even further — I spoke to a man who studies weapons of the future. He even wrote a book about it. And he keeps writing about it every week over at Popular Science.

His name: Peter W. Singer, strategist at New America.

The problem is we’re playing catch up to a trend that we could see coming at us for multiple years…

it’s in many ways parallel to the story of IEDs where IED was not a new technology. We knew about it. We also knew that bad guys were using them we should have put two and two together got hold it…

Now you have base commanders inside the United States going hey guess what. The same kind of thing can happen here…”

Hackers have been drawn to those Chinese-made DJI drones for years. At 2015’s DefCon23 hacking conference in Las Vegas, security expert Michael Robinson showed how to break into and manipulate the GPS software for DJI’s Phantom 3 drone — and the industry’s number two leader, the Bebop drone from French drone-maker Parrot.

Other researchers in Baltimore — Duncan Woodbury and Nick Haltmayer, who call themselves “the Drone Slayers” — illustrated similar problems in January of this year. They were sponsored in part by U.S. Special Operations Command.

It gets a little technical, but here’s a bit of what they found:

“You can log in as such — and get root access to the entire file system that we see here. It logs into the temp directory… You can enter some of the crucial directories, such as the prod folder, and actually drop this little FTP bomb — where delete the whole prod folder in-flight, and crash the drone.”

And those no-fly-zones?

“We were able to find the geo-fencing data in the folder res raw, and in the fly-forbid dot JSON file. By modifying this file, we were able to increase the radius of the Baltimore-Washington International airport so that we were not able to fly the drone. It was also possible to modify the geo-fencing data such that you can fly in otherwise restricted areas, or to make other areas that were potentially unrestricted restricted in a similar fashion.”

There is a clear interest in grasping how many different ways these things are vulnerable — a topic the consumer industry as well as the U.S. military learned a bit more about after DJI made a surprise announcement in April.

“And here’s the dangerous part about that is DJI started telling everyone you have to register with us. And if you don’t register your information with us, we’re gonna throttle your drone so that it doesn’t fly like it should.

Days later, the U.S. Army published a classified report on security vulnerabilities of DJI drones, in particular.

“So think about that: a company can literally make this drone fly at ⅓ of its capacity and also they said they would disconnect the livestream video…unless you register with them. If they can do that, what else can they do?”

By the time DJI made that announcement, a month had passed since the company added portions of Iraq and Syria to its drone network’s geofence system. It was a move sure to have alarmed not just ISIS using DJI products in those two countries, but also U.S. special operators fighting them there, too — at times using DJI drones ahead of assaults.

And back stateside — what about a would-be bad guy, or an unwitting hobbyist may fly near U.S. military bases? Or ones where stealth aircraft like F-22 Raptors fly for training? Someone buzzed one of those earlier this year, Gen. Mike Holmes, the head of U.S. Air Combat Command said in July, without going into specifics.

For these problems, there are a few systems already on the market. Things like Israeli-made detectors, and jamming weapons like the DroneDefender gun.

For its part, the U.S. military announced on August 7th that it reserves the right to shoot down any drones that may threaten troops on its bases in any way.

And that — like the U.S. Army decision — is a start for addressing the many problems posed by consumer drones.

Read more: America’s Top Drone Company Just Teamed Up with a Chinese Industry Titan

But Peter Singer says more will be required to shore up defenses on sensitive infrastructure and military bases — and that could present a whole new set of challenges as technology gets smarter and smarter.

“Where this is going to get different and more difficult for the defender is as systems become more and more autonomous. As they become less reliant on someone joystick in it from afar and even become able to operate without pulling down information from a GPS or the like words you know using visual recognition for its flight — which by the way the U.S. military is developing for its own systems because it knows its adversaries are trying to jam or take away GPS.”

Close [ x ] More from DefenseOne