WHY THIS MATTERS IN BRIEF
Where did that drone come from? Now we know.
Dunkin Donuts use drones to deliver – guess what!? Donuts. But criminals are using them to deliver much more unsavoury items into prisons. The problem has grown so fast that now one wireless and mobile technology company, Department 13, in what’s thought to be a first, has begun offering a drone forensics service to help authorities find the pilots of those contraband carrying drones and to do so in a way that allows the information to be used in court.
In the past, law enforcement agencies have tried to extract information from drones themselves or have sent the devices back to their manufacturers with a subpoena, said Robi Sen, the founder and CTO of Department 13. But those methods can corrupt the data or break the chain of custody, making any extracted data useless in court.
For the past few years, Department 13 has helped law enforcement track down drone owners. As demand increased, the company launched a commercial service that offers forensics as part of an overall drone defense plan for border patrol operations, prison security and other law enforcement activities.
The company is able to access the sensors, operating system and the memory on drones.
“We have developed our own tools and also use open source and commercial tools to access parts of the drone that are usually off limits and only available to the vendor, and this data allows us to develop a very sophisticated telemetry,” he said.
The exact information that is available depends on the model of drone, but GPS position, altitude, direction and other positioning data are usually stored somewhere, Sen said. There is also often information stored on the operator’s receiver or transceiver. That means when police question someone who denies flying a drone, they can determine if the drone matches the operator’s remote.
What the drone vendors think about a third party hacking into their devices varies, Sen said. One firm is very supportive and works with Department 13 if asked.
“They’re very understanding that it’s a legitimate criminal case for a legitimate need,” he said.
Others, however, aren’t as helpful. Sen said he understands a company’s unwillingness. It distracts from company priorities and can be costly. Additionally, no company wants to think that a third party can “control their drone, or take them over or break their encryption, which we can and we’ve shown it,” he said. That undercuts part of their value proposition, which includes offering a product that is secure and not hackable.
Drone manufacturers can make their products more secure, Sen said, but it’s hard to make a drone as secure as a computer. A drone simply lacks the computing ability to handle sophisticated encryption technology, he said.
In order to get into encrypted drone systems Department 13 accesses the memory directly, extracts the encryption key and then decrypts it.
“And there’s not much the companies can do about that,” he said.
“They can make it harder, but can’t stop it.”