The Lawfare Drone Smackdown started as a kind of joke—a fake grudge match with a friend, in which we both agreed to build drones and hold a dogfight between them. The event—which we decided to publicize on the Lawfare Blog and to which we invited others to join—had a serious side. It was an effort to highlight the proliferation of cheap, powerful robotic technologies to the consumer, technologies that are certain in the not-so-long-run to have important policy implications in areas from privacy to security to aviation safety.
The Smackdown grew; we eventually had five contestants. And after someone else’s drone went missing over Washington, it actually attracted the attention of the Federal Aviation Administration—which asked us to move it out of town.
But in the end, the Smackdown—which finally took place Sunday—came down to cybersecurity. I won it when two children helped me hack my opponents’ drones and ground them.
The video of the event is amusing to watch, but there’s a real lesson in it: Networked computers are vulnerable, and if we depend on something—anything—driven by computers, we ignore the security of its computer systems at our enormous peril. The hacks we used in this instance were elementary—simple enough that children can execute them in real time. They targeted both the on-board computer of the drone itself and the communications channel by which the drone communicates with its controller. I detail all three of them in this post, which also includes these videos—in which I and my youthful accomplices explain each of our attacks:
People tend to think of drones, especially armed drones, as the stuff of government weapons and surveillance systems—tools of foreign policy and military might. That’s right, but it’s incomplete. The Smackdown was a light-hearted way of drawing attention to a facet of the drones debate that gets less attention: We can all have our own personal drone program too, and it doesn’t cost all that much. Prices of hardware are plummeting. Power is increasing. Automation is increasing. Payloads are increasing. We live in a world of distributed threats—one in which you can buy a drone from gadget catalog and control it with your iPhone.
Look at a website called DIYDrones (not a joke), and you’ll see a remarkable number of impressively inexpensive projects of equally impressive power. It is only a matter of time before we have security issues associated with the individual use and development of this sort of technology. And it’s only a matter of time before we come to depend on robotic technologies in a fashion that will make the security of their computer systems enormously important.
The Parrot AR.Drone 2.0—which we all were flying at the Smackdown—is a toy, whose security is unimportant. But the Smackdown is a reminder that we are in the dawn of an era of consumer robotics. And when the robots come, they will make us all more powerful and dangerous. And if we don’t secure them, they will also make us all more vulnerable at the same time.
[On President Moon Jae-in's definition of a 'red line' for North Korea] The only way we will know definitively that North Korea actually has a nuclear-armed missile that works is to demonstrate this capability...It would be considered an act of war which others would see as justifying preemption, and retaliation if preemption or missile defense did not work.