Computer scientists at the University of California, Irvine have demonstrated how attackers could use an ordinary umbrella to manipulate drones, drawing the aircraft close enough to capture them or cause them to crash.
The researchers developed a novel physical-world attack framework that they call FlyTrap. It exploits deficiencies in camera-based, autonomous target-tracking technology that enables drones to follow selected targets without being directly controlled by humans.
The research group discovered what it calls a distance-pulling attack that physically draws victim drones closer to an attacker. The researchers say an ordinary umbrella covered with a specifically designed visual pattern can deceive neural network tracking systems used by autonomous drones. “The aircraft’s computer logic interprets images on the umbrella as a person moving farther away, even though they are stationary. To maintain its tracking distance, the drone moves steadily closer to the umbrella holder, until the aircraft can be caught with a net or crashed. Unlike other possible attacks that simply cause loss of tracking, this novel approach enables complete elimination of drones through physical capture or collision.”
The UC Irvine researchers’ tests have successfully demonstrated FlyTrap attacks on three commercial drones, the DJI Mini 4 Pro, the DJI Neo and the HoverAir X1. Results showed that an attack could pull drones close enough for capture using net guns or to induce direct physical crashes. The team has responsibly disclosed these vulnerabilities to manufacturers DJI and HoverAir.
The team points to instances in which criminals could use a distance-pulling attack to evade detection by law enforcement drones. “Unpiloted aircraft patrolling border zones could be similarly hampered by a FlyTrap-like attack. On the other hand, people being stalked could use the UC Irvine researchers’ technique to eliminate a harassing drone.”
Shaoyuan Xie, a UC Irvine graduate student researcher in computer science said “if it’s that easy to seize control over an autonomous drone, operating them in public or in critical security or law enforcement settings should be reconsidered.”
The FlyTrap attack methodology achieves its objectives through the ordinary physical act of opening a portable umbrella. The system functions locally without the need for external signaling or wireless data connectivity. It can work in a variety of weather and lighting conditions, and it employs a progressive distance-pulling strategy and manipulates drone-tracking algorithms.
There is comprehensive documentation of the project, including a website, new datasets, metrics, demonstration videos, social media and an extended paper to support future security improvements in the field. The project received financial support from NASA and the National Science Foundation.
For more information