Light Hallucination Hack Could Make Amazon Delivery Drones Vulnerable To High-Tech Porch Pirates
Imagine it's the year 20XX. Hopefully you're healthy. You're also sitting on your front porch watching Amazon's package drones whiz through the skies while awaiting your own delivery. It slowly starts to prepare for landing before suddenly veering off somewhere else! What happened!? Well, Michigan State University (MSU) Computer Science & Engineering Assistant Professor Qiben Yan might just have the answer.
As with many professors in science related fields at universities, Qiben has research projects. One of those research projects just so happens to involve drones and making them see things that are not there. Or, you know, hallucinate (in a manner of speaking). In the early stages of experimentation and testing for this project he states that he hand his team "...accidentally broke a drone." The project actually is intended to come up with a simple attack that exploits a vulnerability in drone camera systems that could, in theory, allow a hacker to seize control of a drone from its pilot.
Yan, a member of MSU's Secure and Intelligent Things Lab, contacted the drone manufacturer (DJI), which was very interested in the project after he outlined what he and his cohorts were attempting to do. The basic premise is to utilize the autonomous drone's own sensor system against itself by shining specific lights, or types of lights, into those sensors to make it think that there is a building or other object in the way. The team did manage to target quadcopters from dozens of yards away, which would be more than enough distance for someone with the right equipment to force a drone to go somewhere it wasn't intended to go in the first place.
"Imagine that an Amazon delivery drone is under such an attack," Yan said. "Your packages would be effectively seized by the attacker, while the drone pilot has no idea why it’s happening."
The folks at DroneDJ reached out to DJI, probably the most well known manufacturer of drones, to ask if there was a risk of complete remote control take over from this "light hacking" method. The company's answer was that this "light trick" isn't really "hacking" the drone, rather it's "clever but limited" in scope. Ultimately DJI has stated that the researchers did ping its R&D team and will consider the info during further product development.
The good news is Yan's research team, which calls the trick DoubleStar (GitHub), has also provided insight in that it is actually pretty easy to prevent through simple countermeasures. These can include a simple lens hood for the drone's cameras, or even just simple software updates to allow the drone to differentiate between the light from an attack like this and an actual obstacle.
So is there any real risk to losing your package from this little hack or light trick? Ultimately, it seems like a lot of set up and equipment for a low reward potential. And while plausible, it's probably unlikely, as it's not that easy to control either.
While this research does focus primarily on drones, it also provides some additional concern to other forms of autonomous vehicles. That's because many of them rely on similar sensors and cameras at the consumer level, like Apple's upcoming autonomous vehicle.