Hackers will make drone exploit toolkits available on dark web marketplaces next year, allowing criminals to intercept unmanned aerial vehicles (UAVs), according to Intel Security’s McAfee Labs 2017 Threats Predictions Report.
Retailers including Amazon are known to be exploring the use of drones for making deliveries. If the technology takes off, delivery drones will likely become an attractive target for thieves. The exploit kits will allow cybercriminals to take control of delivery drones flying overhead, allowing them to land the craft and make off with any goods being carried.
Drone hacking technology could also be used to hijack UAVs deployed by police or security services, the report warns. An increasing number of law enforcement agencies are turning to drones to help them monitor protests and other highly-charged situations. If a group or individual had an interest in not being seen, taking control of surveillance drones could help them remain incognito.
Various experts have suggested that drones could be used in terror attacks, which raises the possibility that hijacked UAVs could exploited by extremists, be they right-wing or jihadi-influenced.
“Various researchers have found many consumer drones shipping with open ports and weak authentication methods, allowing a person with the right equipment to send commands to the victim’s drone,” Intel Cybersecurity and Privacy Director Bruce Snell writes.
“So far, this has been a fairly manual process but, as we’ve seen in the past, new exploits typically appear sooner or later in easily reproducible format.
“We predict in 2017 that drone exploit toolkits will find their ways to the dark corners of the internet. Once these toolkits start making the rounds, it is just a matter of time before we see stories of hijacked drones showing up in the evening news. Even without a dronejacking toolkit in hand, we will begin to see an increase in drone-related incidents.”
As well as dronejacking, Intel’s report forecasts that malware targeting Internet of Things devices will open backdoors that could go undetected for years in 2017. The study predicts that hackers will start using ransomware to make money out of IoT devices and the data they contain. The increasing number of connected items being used in healthcare settings will become a major target for hackers, Intel says, as evidenced by recent attacks on the UK’s National Health Service.
“Hospitals are successful ransomware targets partly because they need immediate access to information,” according to the report.
“A pacemaker is an ultimate example of the need for immediate access, so attackers will attempt to find vulnerabilities in these devices as they become internet enabled and will be able to extort a great deal of money if they are successful.”