Drone-Related Cybersecurity Risks Abound Both in the Air and on the Ground

Locke Lord LLP

As the use of drones (small unmanned aerial systems or UASs) has continued to expand, a great deal of ink has already been ‎spilled over two categories of risk associated with their operation: 1) bodily injury and property damage caused by negligent ‎and/or malicious operations; and, 2) claims for invasion of privacy, nuisance and trespass. Cybersecurity, however, has not re‎ceived nearly as much attention. Yet it represents a significant risk that must be considered by the industry. Take for example ‎the recent report by an Israeli cybersecurity firm, Check Point Research, which highlighted a troubling vulnerability with the ‎website of DJI, the world’s largest manufacturer of commercial drones.‎

Check Point identified that a vulnerability with DJI’s website (as opposed to the software used in the drones themselves), if ‎exploited, would allow hackers to obtain access to flight logs showing exactly where a drone had travelled, as well as the pho‎tos and videos taken by the drone. Moreover, under certain circumstances, hackers could have gained access to live camera ‎views and map views during flights. Finally, hackers were able to access information associated with a DJI user’s account, including user profile information. After DJI was notified of the vulnerability, it responded with a patch and further reported ‎there was no evidence the vulnerability had actually been exploited. ‎

Check Point’s identification of the vulnerability demonstrates that, as with all other data collected and stored, data derived ‎from drones is exposed to cybersecurity concerns. To that end, while many focus on the regulatory issues relating to where ‎and how drones may operate, the industry cannot lose sight of the fact that drones are very efficient data collection plat‎forms, generating significant amounts of sensitive data that have value and must be protected. Thus, drone operators and ‎service providers are attractive targets for hackers before, during and after conducting flights. The collected raw or processed ‎data sitting on a local server or in the cloud could very well be subject to ransomware seizures demanding cryptocurrency ‎payments to release, other malware or Trojan horse infiltrations, and spoofing of accounts and/or destinations to which client ‎data is to be sent. ‎

Accordingly, those who are operating drones in their day-to-day business, or who are operating drones as third-party service ‎providers for others, must take care to assure that the data, particularly that containing sensitive account activity and personally identifiable information, are protected. Appropriate risk management efforts are essential, such as assessing insurance ‎needs and available coverages, reviewing or including indemnitees and disclaimers in contracts, and assessing regulatory ‎compliance obligations to assure that you are protected in the event you experience an issue with data you have collected. If ‎you are a drone owner or operator, or use the services of one, do you know what obligations you have to monitor the security ‎of the data you collect? If your, or your client’s, data have been seized by hackers, do you know what obligations you have to ‎notify your clients, the authorities, your insurance carriers? As with all matters relating to cybersecurity, it is not a question of ‎if, but when the need to address these questions will arise for drone operators.‎

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.