In the past few years, there has been a huge surge in the sales and use of drones.
Also known as unmanned aerial systems (UASs), these devices are much more complex and sophisticated than the older remote-controlled planes or helicopters that people could buy at Radio Shack.
Drones Have Been Cause for Concern Since They Appeared on the Market
As soon as these devices hit the market, there were questions about the potential legal issues as they pertained to damage such as property destruction and bodily injury.
Then, as more and more drones became outfitted with digital cameras, there became more concerns regarding privacy issues and the potential for people to use them to spy on people.
New Concern for Those Who Own and Operate Drones
But now a new report from an Israeli cybersecurity firm, and highlighted by law firm Locke Lord, has raised a new potential problem—drone hacking.
Cybersecurity firms such as Check Point Research perform “white hat” hacking to find vulnerabilities and flaws in a company’s security networks. Check Point Research did an analysis of DJI, the leading manufacturer of drones, and found their website had a vulnerability that allowed access to cybercriminals.
Data Access Vulnerability Found Within Drone Manufacturer’s Website
These hackers could gain access to drone records through the website and obtain personal data. This site flaw allowed hackers to steal personal information of the website’s clients.
This, in and of itself, would be very troubling as has been seen with similar breaches with other companies such as Marriott and Facebook. But the DJI vulnerability also gave access to more data from the drones themselves.
Drones Carry Data That Can Be Hacked
According to the security report, hackers could have access to the following information:
- Flight logs showing where a drone had flown on each trip that it makes;
- Photos and videos taken by the drones during its flight;
- Live video feeds taken from drones in real time during flights;
- Map views from the drone user’s control feed in real time.
Although the drones themselves were not hacked, this is still a significant potential threat that DJI has already moved to close. They have issued a security patch which should have shut down the flaw in their system and they’ve reported there is no evidence that their system has been compromised from actual hackers.
All this underscores that drones (and drone companies) are at risk for attacks from cyber criminals.
Your Company Could Be Liable for Hiring Third-Party Drone Operators
A drone has the potential to take in a plethora of data. Imagine, for instance, just how much personal information could be found from hacking a single drone’s flight photos and videos.
And if a drone company acts as the storehouse for this data, they’re opening themselves to liability issues should hackers be able to access this information (or any of the personal data maintained by the company such as name, address, email, and passwords).
Additionally, companies that hire third-party drone operators may also be held liable if personal information collected in the course of operations is eventually hacked.
Risk Assessments Are Necessary When Dealing with Drones
Ultimately, all of this means that a risk assessment needs to be made by anyone involved with drones—both the companies that make them, the companies that use them, and the individual operators who pilot them. This assessment should be comprehensive enough to include physical risks, privacy risks, and cybersecurity risks.