A group of security researchers are flying a drone over Texas in order to expose the security vulnerabilities of connected smart devices, which are rapidly becoming a greater part of our daily lives and potentially carry a lot of sensitive data that could be exploited.
Researchers from Texas-based security firm Praetorian are flying a drone over Austin in their spare time in order to locate and pinpoint Internet of Things (IoT) devices, in a similar way to the Shodan scanner, which highlights security vulnerabilities in everything from power plants and wind turbines to internet routers, VoIP phones, smartphones and tablets.
So far, they have identified 1,600 unique IoT devices, with 1,235 of the devices discovered in residential areas, while 351 were discovered in commercial areas. The researchers were even able to detect the 465 manufacturers who made the devices, including 110 devices made by Philips and 453 were made by Sony.
An autonomous drone searching for vulnerabilities
Gartner estimates that there are currently 1.1 billion connected devices being used to create smart cities around the world, and this figure will rise dramatically to 9.7 billion by 2020.
Many of these IoT devices are programmed to operate on the popular ZigBee communications protocol based on the IEEE 802.15.4 standard, which creates small personal area networks around the device and data is transmitted through a mesh network of devices nearby to reach more distant ones.
The researchers are using a six-rotor drone carrying a GPS device and a ZigBee radio, according to the Register.
The drone is fully autonomous and runs on software that logs the location of all connected things within a 100m range, which are then analysed to identify the connected device's security settings, manufacturer ID, channels, and other attributes.
Interested web users can track where the drone is currently flying in real time on an interactive map on Praetorian's website, and to give you an idea, in just one 18-minute-long flight, the drone was able to pick up 726 unique connected things.
Concerns about the safety of IoT devices
"At its core, this project is driven by exploration. Where are these things? Who made them? What do they do? Are they secure? These are some of the questions we hope to answer," the researchers told the Register.
"The first step of our exploration involves locating and fingerprinting ZigBee-enabled smart devices and networks. We're starting local and expanding from here. It's a big world to explore and billions of things to discover."
IoT devices send huge amounts of data that can be very useful in decision making, but there are risks that smart connected devices can be hacked and remotely hijacked.
In January 2014, cloud security provider Proofpoint uncovered that smart fridges, TVs and routers were being infected by malware and hijacked to send out malicious emails.
And on 31 July, the US Food and Drug Administration (FDA), which governs the release of new medical devices and drugs, issued an alert about security vulnerabilities discovered in a smart medical pump used to deliver drugs to patients that could easily be hacked to remotely change the dosage being administered to a patient.