Oh look, a hacked package delivery drone

We read that Amazon–the online retail giant, not the huge river–is developing a drone-based delivery service. They’re calling it PrimeAir. Hopefully it won’t become known as Prime Target, but some folks are already stepping up to take a shot. In my corner of the world, there are plenty of shotgun-toting and slightly suspicious denizens of security who might (when they aren’t pimping their bunker) get all giddy at the prospect of taking out a drone or two with some buckshot.

In a similarly situated community in Colorado some folks are itching to pass an ordinance allowing (legal) drone hunting (as opposed to the use of drones for hunting, which Colorado is thinking of banning).

Amazon.com, presumably lax in their viewing of the flocks of drone-based sci-fi movies (which I think you can access through Amazon, ironically enough), has set to work on a proof-of-concept flock of their own, this time delivering the latest tech hotness to a yard near you.

Only it’s not quite ready for prime time. And while taking to the skies with their own micro fleet to improve customer service seems strangely laudable, some folks (even those who don’t tote shotguns) have their doubts.

First objection that leaps to mind? Airlines have worked for years to avoid sucking ducks, geese, and other airborne terrorists into their expensive jet engines (followed by the ensuing mayhem and even water skiing lessons for one memorable passenger jet back east). The folks who rule the skies can be expected to want to know more about Amazon’s plans, a lot more. While geese and other feathered things disdain centralized control schemes (and control tower communications), ordering delivery drones out of the flight path for JFK seems like it would be very important.

Second, the prospect of hobby store aficionados picking up all the parts to impersonate the delivery drones and causing mayhem seems totally obvious, possibly resulting in a nightmare for more than a few folks. (I think you can even pick up fake Amazon stickers for a few bucks online.)

Need a drone-takeover proof of concept? One hacker has already released details of how this might work (we wouldn’t be good antivirus researchers if we neglected to mention the same hacker was once convicted of releasing a worm that affected tens of thousands of social media profiles).

Jamming control or positioning signals seems obvious to the slightly more tech-ambitious who may seek to hack the platforms, and maybe even pick up a donor drone in the process for future hacking endeavors. (Hey, let’s send a package to the neighbors and then claim we didn’t get it, and so on, and so forth).

And while the micro drone engineers are finding a way to tote more capacity for longer distances (in case you ordered size 12 boots instead of size 6 slippers), gluing on an hacking platform as extra payload is another plausible exploit. Sending the “enhanced” drone back across the town on it’s return trip to the warehouse could harvest digital credentials, a boon thing for less-than-ethical hackers. To victims it might look like Amazon just hacked your WiFi and then did bad things.

Amazon itself would need to be highly scrupulous in the coding of these things. Remember the “accidental” harvesting of data by Google Street View camera cars?

And if the idea of delivery drones still seems promising, where are the FedEx drones? After all, FedEx, UPS and other familiar names have been toting packages for a living for a long time now, usually in boxy trucks that make particularly bad aircraft, but carry lots of weight down tiny bumpy roads, crowded streets and a host of other nasty environments. For decades, boxes got high speed delivery from hub to hub over the air every day, but last mile delivery is still a bit murky (or snowy) – sometimes literally.

Still, it’s good to see Amazon ambitiously plodding forward, and hey, new tech is always worth exploring, (and subsequently debugging). And whether or not the FAA will come to terms with the potential liabilities of unleashing a swarm of civilian drones in the future, it seems likely that some flavor of drone will be flying in an area near you sooner than you might be comfortable with. Though if you’re in a tiny town in Colorado, there’s still time to perfect your aim at airborne targets.

(Disclaimer: We are not advocating the shooting of  drones. Shooting at airborne man-made objects other than clay pigeons is likely to remain highly illegal in every jurisdiction in America.)

How do you feel about drone-based deliveries? Invasion of privacy or personal airspace? Blight on the landscape? See any potential problems? Leave a comment and let us know what you think.

Author Cameron Camp, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.