From monitoring crops to detecting natural disasters, drones are increasingly being used to gather all kinds of information about the world around us.
And now drones can be used to collect sensitive data about the connected devices in your home, too.
Earlier this month, security researchers from Praetorian, a security company based in Austin, Texas, revealed they used a customised drone to fly above the city to pinpoint the locations of connected devices used in homes and businesses.
The company found about 1,600 connected devices being used in the Austin area, most of which were being used in private homes, and mapped their locations as part of their Internet of Things Map Project.
The drone not only was able to locate the products, but it was also able to sniff out the names of the device manufacturers. Based on this information, the researchers could also determine the device category for each connected gadget.
For example, they could tell if a connected device was a consumer electronic product from Sony or part of smart lighting system from Philips.
While the security researchers used the drone to see how smart products are being deployed in the open, the same data could be used to help hackers attack devices that are a part of the Internet of Things (IOT), Paul Jauregui, vice president of marketing of Praetorian, told Tech Insider.
“This information could certainly be used to target specific devices in homes, businesses,” Jauregui said.
Praetorian partnered with the startup DroneSense to equip the machine with customised sensors capable of sniffing out the wireless networking standard called ZigBee, which is one of the most widely used standards for IOT products like smart lightbulbs or connected locks.
Jauregui said many IOT devices using the ZigBee standards are exposed somewhat because the protocol’s Network Layer is unencrypted by design and thus susceptible to sniffing, which means a hacker can access critical information about the device including its location, manufacturer, and the network the product is connected to.
In other words, there’s a lot of information about connected devices being used in homes and businesses that’s public, and using a drone makes gathering that data much easier.
“The drone greatly extended our capabilities to capture IoT data and identify devices in the field,” Jauregui said.
Praetorian, though, was not the first to think of how hackers might use drones. In July, it was revealed that the surveillance software company Hacking Team is working with Boeing to create drones that can deliver spyware over WiFi.