skip to main content
research-article

Tractor Beam: Safe-hijacking of Consumer Drones with Adaptive GPS Spoofing

Published:09 April 2019Publication History
Skip Abstract Section

Abstract

The consumer drone market is booming. Consumer drones are predominantly used for aerial photography; however, their use has been expanding because of their autopilot technology. Unfortunately, terrorists have also begun to use consumer drones for kamikaze bombing and reconnaissance. To protect against such threats, several companies have started “anti-drone” services that primarily focus on disrupting or incapacitating drone operations. However, the approaches employed are inadequate, because they make any drone that has intruded stop and remain over the protected area. We specify this issue by introducing the concept of safe-hijacking, which enables a hijacker to expel the intruding drone from the protected area remotely. As a safe-hijacking strategy, we investigated whether consumer drones in the autopilot mode can be hijacked via adaptive GPS spoofing. Specifically, as consumer drones activate GPS fail-safe and change their flight mode whenever a GPS error occurs, we performed black- and white-box analyses of GPS fail-safe flight mode and the following behavior after GPS signal recovery of existing consumer drones. Based on our analyses results, we developed a taxonomy of consumer drones according to these fail-safe mechanisms and designed safe-hijacking strategies for each drone type. Subsequently, we applied these strategies to four popular drones: DJI Phantom 3 Standard, DJI Phantom 4, Parrot Bebop 2, and 3DR Solo. The results of field experiments and software simulations verified the efficacy of our safe-hijacking strategies against these drones and demonstrated that the strategies can force them to move in any direction with high accuracy.

References

  1. 3DR. 2018. 3DR Solo Drone. Retrieved from https://3dr.com/solo-drone/.Google ScholarGoogle Scholar
  2. ArduPilot Dev Team. 2019. Copter Home—Copter documentation. Retrieved from http://ardupilot.org/copter/.Google ScholarGoogle Scholar
  3. Battelle Memorial Institute. 2018. Counter-UAS technologies. Retrieved from https://www.battelle.org/government-offerings/national-security/aerospace-systems/counter-UAS-technologies.Google ScholarGoogle Scholar
  4. BBC. 2015. Japan radioactive drone: Tokyo police arrest man. Retrieved from http://www.bbc.com/news/world-asia-32465624.Google ScholarGoogle Scholar
  5. BBC. 2017. Drone causes Gatwick airport disruption. Retrieved from https://www.bbc.com/news/amp/uk-40476264.Google ScholarGoogle Scholar
  6. Kai Borre, Dennis M. Akos, Nicolaj Bertelsen, Peter Rinder, and Søren Holdt Jensen. 2007. A Software-Defined GPS and Galileo Receiver: A Single-Frequency Approach. Birkhäuser, New York, NY.Google ScholarGoogle Scholar
  7. Wenxin Chen, Yingfei Dong, and Zhenhai Duan. 2018. Attacking altitude estimation in drone navigation. In Proceedings of the IEEE INFOCOM 2018-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS’18). IEEE, 888--893.Google ScholarGoogle ScholarCross RefCross Ref
  8. Wenxin Chen, Yingfei Dong, and Zhenhai Duan. 2018. Manipulating drone dynamic state estimation to compromise navigation. In Proceedings of the 2018 IEEE Conference on Communications and Network Security (CNS’18). IEEE, 1--9.Google ScholarGoogle ScholarCross RefCross Ref
  9. James R. Clynch. 2006. Geodetic coordinate conversions I. Retrieved from https://www.oc.nps.edu/oc2902w/coord/coordcvt.pdf.Google ScholarGoogle Scholar
  10. CNN. 2019. Dubai airport temporarily halts flights due to “drone activity.” Retrieved from https://edition.cnn.com/2019/02/15/middleeast/dubai-airport-drone-intl/index.html.Google ScholarGoogle Scholar
  11. Youjing Cui and Shuzhi Sam Ge. 2003. Autonomous vehicle positioning with GPS in urban canyon environments. IEEE Trans. Robot. Autom. 19, 1 (2003), 15--25.Google ScholarGoogle ScholarCross RefCross Ref
  12. Dedrone. 2018. DroneTracker now features an integrated jammer. Retrieved from https://www.dedrone.com/press/dronetracker-now-features-an-integrated-jammer.Google ScholarGoogle Scholar
  13. Dedrone. 2018. DroneTracker software. Retrieved from https://www.dedrone.com/products/software.Google ScholarGoogle Scholar
  14. Dedrone. 2018. Event kit overview. Retrieved from https://www.dedrone.com/products/hardware/event-kit/event-kit-overview.Google ScholarGoogle Scholar
  15. DJI. 2015. Phantom 3 Standard User Manual. Retrieved from http://dl.djicdn.com/downloads/phantom_3_standard/en/Phantom_3_Standard_User_Manual__V1.4.pdf.Google ScholarGoogle Scholar
  16. DJI. 2016. Phantom 4 User Manual. Retrieved from https://dl.djicdn.com/downloads/phantom_4/en/Phantom_4_User_Manual_en_v1.0.pdf.Google ScholarGoogle Scholar
  17. DJI. 2017. DJI and UNDP use latest drone technology to protect vulnerable communities. Retrieved from http://citizenship.dji.com/humanitarian/dji-and-undp-use-latest-drone-technology-to-protect-vulnerable-communities.Google ScholarGoogle Scholar
  18. DJI. 2019. Phantom 3 Standard—Drone for beginners. Retrieved from https://www.dji.com/phantom-3-standard.Google ScholarGoogle Scholar
  19. DJI. 2019. Phantom 4—DJI’s smartest flying camera ever. Retrieved from https://www.dji.com/phantom-4.Google ScholarGoogle Scholar
  20. Drone Defence. 2019. NetGun X1 | short range drone protection. Retrieved from https://www.dronedefence.co.uk/products/netgun-x1.Google ScholarGoogle Scholar
  21. DroneShield. 2018. DroneSentry. Retrieved from https://www.droneshield.com/sentry/.Google ScholarGoogle Scholar
  22. DroneShield. 2018. DroneShield. Retrieved from https://www.droneshield.com/.Google ScholarGoogle Scholar
  23. DroneShield. 2018. How DroneShield works. Retrieved from https://www.droneshield.com/how-droneshield-works/.Google ScholarGoogle Scholar
  24. Express Newspapers. 2017. Laser weapon called the “Silent Hunter” that can slice MISSILES unveiled by China. Retrieved from https://www.express.co.uk/news/uk/774268/Defence-China-US-Laser-Weapon-Tank-Slicing-Defence-Abu-Dhabi.Google ScholarGoogle Scholar
  25. Daniele Giordan, Yuichi S Hayakawa, Francesco Nex, and Paolo Tarolli. 2018. Preface: The use of remotely piloted aircraft systems (RPAS) in monitoring applications and management of natural hazards. Natural Hazards and Earth System Sciences 18, 11 (2018), 3085--3087.Google ScholarGoogle ScholarCross RefCross Ref
  26. GIS Lounge. 2015. Use of drones in GIS. Retrieved from https://www.gislounge.com/use-drones-gis/.Google ScholarGoogle Scholar
  27. Lin Huang and Qing Yang. 2015. Low-cost GPS Simulator - GPS Spoofing by SDR. https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Lin-Huang-Qing-Yang-GPS-Spoofing.pdfGoogle ScholarGoogle Scholar
  28. Todd E. Humphreys, Brent M. Ledvina, Mark L. Psiaki, Brady W. O’Hanlon, and Paul M. Kintner Jr. 2008. Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In Proceedings of the ION GNSS International Technical Meeting of the Satellite Division, Vol. 55. ION, Manassas, VA, 2314--2325.Google ScholarGoogle Scholar
  29. Ali Jafarnia-Jahromi, Ali Broumandan, John Nielsen, and Gérard Lachapelle. 2012. GPS vulnerability to spoofing threats and a review of antispoofing techniques. Int. J. Nav. Obs. 2012 (2012). https://www.hindawi.com/journals/ijno/2012/127072/abs/.Google ScholarGoogle ScholarCross RefCross Ref
  30. Jammerall. 2019. Portable 30 meter 6 Antenna GPS L1 L2 L3 L4 L5 Glonass all bands GPS signal jammer and Lojack WiFi jammer. Retrieved from http://www.jammerall.com/products/Portable-30-meters-6-Antenna-GPS-L1-L2-L3-L4-L5-Glonass-All-Bands-GPS-Signal-Jammer-%26-Lojack-WiFi-Jammer.html.Google ScholarGoogle Scholar
  31. Andrew J. Kerns, Daniel P. Shepard, Jahshan A. Bhatti, and Todd E. Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. J. Field Robot. 31, 4 (2014), 617--636. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Aaron Luo. 2016. Drones Hijacking - Multi-dimensional Attack Vectors and Countermeasures. https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Aaron-Luo-Drones-Hijacking-Multi-Dimensional-Attack-Vectors-And-Countermeasures-UPDATED.pdfGoogle ScholarGoogle Scholar
  33. Juliette Marais, Marion Berbineau, and Marc Heddebaut. 2005. Land mobile GNSS availability and multipath evaluation tool. IEEE Trans. Vehic. Technol. 54, 5 (2005), 1697--1704.Google ScholarGoogle ScholarCross RefCross Ref
  34. MarketsandMarkets Research. 2016. Anti-drone Market worth 1.14 Billion USD by 2022. Retrieved from http://www.marketsandmarkets.com/PressReleases/anti-drone.asp.Google ScholarGoogle Scholar
  35. My Security Media. 2018. 70 Australian-made DroneGun Tactical anti-drone devices sold to middle Eastern Country. Retrieved from http://drasticnews.com/70-australian-made-dronegun-tactical-anti-drone-devices-sold-to-middle-eastern-country/.Google ScholarGoogle Scholar
  36. OpenWorks Engineering. 2018. SkyWall. Retrieved from https://openworksengineering.com/skywall.Google ScholarGoogle Scholar
  37. Orolia. 2017. GPS and GNSS satellite simulators—GSG series. Retrieved from https://www.orolia.com/products-services/gnss-simulation/gpsgnss-simulators.Google ScholarGoogle Scholar
  38. Paparazzi Autopilot Team. 2017. Paparazzi is a free and open-source hardware and software project for unmanned (air) vehicles. Retrieved from https://github.com/paparazzi/paparazzi.Google ScholarGoogle Scholar
  39. Sanghyuk Park, John Deyst, and Jonathan P. How. 2007. Performance and lyapunov stability of a nonlinear path following guidance method. J. Guid. Contr. Dynam. 30, 6 (2007), 1718--1728.Google ScholarGoogle ScholarCross RefCross Ref
  40. Parrot. 2016. Parrot Bebop 2 Drone User Guide. Retrieved from https://parrotcontact.parrot.com/website/user-guides/download-user-guides.php?pdf=bebop-2/Bebop-2_User-guide_UK.pdf.Google ScholarGoogle Scholar
  41. Parrot. 2019. Parrot Bebop 2 drone. Retrieved from https://www.parrot.com/us/drones/parrot-bebop-2.Google ScholarGoogle Scholar
  42. PTS. 2015. Förbud mot störsändare. Retrieved from https://pts.se/sv/privat/radio/utrustning/forbud-mot-storsandare.Google ScholarGoogle Scholar
  43. RACELOGIC. 2018. Labsat 3 GPS Simulator. Retrieved from https://www.labsat.co.uk/index.php/en/products/labsat-3.Google ScholarGoogle Scholar
  44. Aanjhan Ranganathan, Hildur Ólafsdóttir, and Srdjan Capkun. 2016. SPREE: A spoofing resistant GPS receiver. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (MobiCom’16). ACM, New York, NY, 348--360. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Reuters. 2016. Dubai airport shuts airspace for nearly 30 mins due to drone activity. Retrieved from https://www.reuters.com/article/us-emirates-dubai-airport-drone-idUSKCN11Y0TY.Google ScholarGoogle Scholar
  46. Fred Samland, Jana Fruth, Mario Hildebrandt, Tobias Hoppe, and Jana Dittmann. 2012. AR. drone: Security threat analysis and exemplary attack to track persons. In Proceedings of the SPIE, Vol. 8301. SPIE, Bellingham, WA, 1--15.Google ScholarGoogle Scholar
  47. Singapore Press. 2017. Drones disrupt over 240 flights in Chongqing. Retrieved from https://www.straitstimes.com/asia/east-asia/drones-disrupt-over-240-flights-in-chongqing.Google ScholarGoogle Scholar
  48. Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC’15). USENIX Association, Berkeley, CA, 881--896. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Spirent. 2018. GSS7000 Series. Multi-GNSS, multi-frequency constellation simulators. Retrieved from https://www.spirent.com/Products/GSS7000.Google ScholarGoogle Scholar
  50. Stuff. 2018. Drone scare delays Auckland Airport flights, turns out to be balloon. Retrieved from https://www.stuff.co.nz/travel/travel-troubles/103111136/drone-scare-delays-auckland-airport-flights-turns-out-to-be-balloon.Google ScholarGoogle Scholar
  51. P. B. Sujit, Srikanth Saripalli, and Joao Borges Sousa. 2014. Unmanned aerial vehicle path following: A survey and analysis of algorithms for fixed-wing unmanned aerial vehicless. IEEE Contr. Syst. 34, 1 (2014), 42--59.Google ScholarGoogle ScholarCross RefCross Ref
  52. Takuji Ebinuma. 2018. Software-defined GPS signal simulator. Retrieved from https://github.com/osqzss/gps-sdr-sim.Google ScholarGoogle Scholar
  53. The New York Times. 2016. Pentagon confronts a new threat from ISIS: Exploding drones. Retrieved from https://www.nytimes.com/2016/10/12/world/middleeast/iraq-drones-isis.html?_r=0.Google ScholarGoogle Scholar
  54. The Washington Post. 2009. Local police want right to jam wireless signals. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2009/01/31/AR2009013101548.html?noredirect=on.Google ScholarGoogle Scholar
  55. Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 75--86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. u-blox. 2014. NEO-7 U-blox 7 GNSS modules Data Sheet. Retrieved from https://www.u-blox.com/sites/default/files/products/documents/NEO-7_DataSheet_%28UBX-13003830%29.pdf.Google ScholarGoogle Scholar
  57. u-blox. 2017. NEO-7 series. Retrieved from https://www.u-blox.com/en/product/neo-7-series.Google ScholarGoogle Scholar
  58. UNA-UK. 2013. Noel Sharkey on drones and the threat of autonomous weapons. Retrieved from https://www.una.org.uk/magazine/spring-2013/noel-sharkey-drones-and-threat-autonomous-weapons.Google ScholarGoogle Scholar
  59. Verizon Media. 2016. “Icarus” machine can commandeer a drone mid-flight. Retrieved from https://www.engadget.com/2016/10/28/icarus-hijack-dmsx-drones/.Google ScholarGoogle Scholar
  60. WIRED. 2015. Welcome to the world, drone-killing laser cannon. Retrieved from https://www.wired.com/2015/08/welcome-world-drone-killing-laser-cannon/.Google ScholarGoogle Scholar
  61. WIRED. 2018. The explosive-carrying drones in Venezuela won’t be the last. Retrieved from https://www.wired.com/story/venezuela-drones-explosives-maduro-threat/.Google ScholarGoogle Scholar
  62. Der-Yeuan Yu, Aanjhan Ranganathan, Thomas Locher, Srdjan Capkun, and David Basin. 2014. Short paper: Detection of GPS spoofing attacks in power grids. In Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless 8 Mobile Networks (WiSec’14). ACM, New York, NY, 99--104. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Tractor Beam: Safe-hijacking of Consumer Drones with Adaptive GPS Spoofing

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Privacy and Security
          ACM Transactions on Privacy and Security  Volume 22, Issue 2
          May 2019
          214 pages
          ISSN:2471-2566
          EISSN:2471-2574
          DOI:10.1145/3316298
          Issue’s Table of Contents

          Copyright © 2019 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 9 April 2019
          • Accepted: 1 January 2019
          • Revised: 1 October 2018
          • Received: 1 May 2018
          Published in tops Volume 22, Issue 2

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!