05-14-2019 01:57:15 PM -0400
05-09-2019 05:01:30 PM -0400
05-09-2019 01:41:48 PM -0400
04-18-2019 10:46:35 AM -0400
04-18-2019 10:18:40 AM -0400
It looks like you've previously blocked notifications. If you'd like to receive them, please update your browser permissions.
Desktop Notifications are  | 
Get instant alerts on your desktop.
Turn on desktop notifications?
Remind me later.


Drones Reveal a Treasure Trove of Data about Their Users, Police Investigators Say

Europe, Germany, View Of Drone With Camera Flying, Airborne

Drones have been heralded as an amazing invention to create videos and photos from high above. But its quickly become evident that they can do a lot more. Amazon proposed using them to deliver packages, Chinese entrepreneurs are using them to deliver food, and, not surprisingly, criminals are using them to smuggle drugs and explosives and for spying. One of their appeals to the criminal element is that drones are thought to be anonymous.

But, according to an article in Wired, that’s not necessarily an accurate assumption. Investigators have been able to access information from drones to determine their owners, as well as their personal and financial information. The data comes from both the memory chips inside the drones and the drones' remote control units used to fly them, which are sometimes smartphones.

The article explains, “With drones more regularly getting caught up in criminal activity, the National Institute of Standards and Technology (NIST) has assembled an archive of digital readouts from 14 commercial drones, with the goal of helping law enforcement officials learn how to best extract this little-used trove of data. The NIST reference manual gives step-by-step instructions on how to physically remove the individual SD memory chips from each drone, and what to look for once an agent plugs the card into a computer.”

Stored on the memory chips on the drone's circuit board or inside the remote can be credit card numbers, GPS tracking of the drone’s flights, as well as the owner’s email and physical address.

NIST technicians and VTO Labs, a Colorado-based tech firm, are creating an archive and guide for use by law enforcement analysts to help them understand the information that’s available from specific models of drones.

Barbara Guttman, who leads NIST's software quality group, explains, “When you get the [SD memory] card back, there may be some handshake information with a PC, or there may be some ways to get latitude and longitude of where it was first flown.”

NIST’s drone guides contain the specifications of each drone, including the product’s speed, rotor rotation rate, altitude, and owner information. Their guide contains photographs depicting what kinds of tools the investigators need to take the drone apart.

VTO Labs’ CEO Steve Watson explained that he has been getting an increasing number of requests for analyzing drone information. “As they started to analyze the devices, they wanted to answer the five basic questions of who, what, where, when, and why. One of the first things a person does is take it out of the box and fly it. As soon as they turn it on it acquires a GPS signal and will store the information about where it’s flying. In many situations, law enforcement finds it’s the person’s backyard or a nearby park.” That’s because a drone's first flight often takes place at or near its owner's home.

Forensic analysis of drones is an increasing area of investigation. The University College of Dublin is studying drones and other companies are offering services to individuals who find crashed drones on their property.

Drone security has also become an important issue for those buying drones for government needs. The Department of Defense has prevented federal agencies from purchasing drones made by Chinese company DJI, the largest designer and manufacturer of consumer drones in the world, because they were not secure.

Drone security is a new area of study and we can expect their designs to improve in subsequent generations, particularly if their vulnerabilities are publicized and their sales are affected. What we’re seeing is much like what we saw in the early days of computers. The first generations focused on issues that affected the basic functionality, and subsequent work was required to add layers of security.