Why UAV telemetry data is a cyber/physical security risk
UAV lawnmower pattern
Image courtesy of Jarlath O’Neil-Dunne, Director of the University of Vermont Spatial Analysis Laboratory. Appeared in Vol.5 No.5 of LIDAR Magazine
I’ve been talking about the potential risks of an adversary gaining access to your UAV data for awhile. People are most concerned about their sensor data, the actual imagery or chemical levels or whatever the sensor is collecting. Yes, this is very valuable data but it is relatively easy to determine if it is being exfiltrated surreptitiously due to the bandwidth required to move it and due to the fact that the normal logging mechanisms generally do not make it accessible to the vendor’s application or on board flight systems. (DJI Go does store image thumbnails in its logs. You knew that, right?)
During these conversations I often point out that the telemetry information may pose a greater risk. Why?
- It is much more compact. The launch point alone reveals a lot of information and it, plus the time stamp, will fit in three floating point numbers, or integers if you don’t care too much about precision.
- The location where you are flying says “There is something interesting here.” The more often you fly, the more interesting it is to you, and thus to an adversary.
- How you are flying tells an adversary something about what you are interested in.
- If you are doing lawnmower tracks at 100m twice a day, you are performing some sort of change detection task, perhaps crop health or stockpile monitoring or building construction.
- If you are flying a semi-random profile that often ends in an abrupt termination of control or of the flight, you may be testing counter UAS systems.
So, let’s consider that last point. Test flights against counter UAS systems will likely:
- Take place at the same facility on more than one occasion but usually in clusters
- Generally start from a variety of points but fly towards a small number of common points
- Almost always terminate away from where they started
- Often terminate in an unexpected manner
Using just the telemetry from the UAV or from the GCS application you can determine a set of characteristics that indicate that a particular flight represents a counter UAS test flight and set up an automated search for that pattern. Each time you get a hit, you know that a counter UAS test was done and, in combination with other collected data, you may be able to start determining which CUAS systems are being tested and how effective they are.
Kind of useful information, I think. I used counter UAS systems as an example, but this type of analysis can be performed to identify many other sorts of UAS activity.
And here is a concrete example of this type of analysis at work, shedding light on flight operations that U.S. agencies would prefer not be discussed in public. “… BuzzFeed News trained a computer to find [surveillance aircraft] by letting a machine-learning algorithm sift for planes with flight patterns that resembled those operated by the FBI and the Department of Homeland Security.”
Now, think about how many companies we share telemetry with. Not just the vendor but with UAV flight management and cloud based mapping services among others.
Should you be worried? In most cases, probably not. Some quick questions should help you decide.
- Does anyone really care about your project? If you are flying for normal crop health analysis a) using that data to play financial markets or develop a competitive advantage would be hard and b) a nation state could get the same data in a much larger volume using satellites. But, if you’re working on some proprietary seed that will eliminate famine then you might want to be more careful.
- Do you know what data you are collecting (sensor and telemetry, generally), where it is stored, where it is transmitted, and how it is protected while at rest and in motion? If you are doing all of the processing yourself and if you wipe all telemetry information prior to connecting to the vendor’s servers, you’re going a long way towards protecting your data. If you are processing your data with a third party, then you need to trust them so spend some time talking with them to understand why you should trust them.
In closing, two points to keep in mind:
- Revealing where, when, and how you fly may pose a risk similar to revealing the actual sensor data.
- Know your data, where it is, where it goes, and how it is protected
Note – I wrote an entire post without mentioning DJI. Why is that relevant? Because your telemetry data is valuable no matter what vendor you are using, and vulnerable even if you don’t share it with the vendor. This isn’t about DJI, it is about protecting your data and operations from adversaries be they nation states or local competitors.