The Exploit

Notes from the Front Lines of Penetration Testing

Aerial Drones – A New Frontier for Hackers

Aerial Drones – A New Frontier for Hackers

Written by

Drones in the News

Drones have been a hot news topic for a number of years. Individuals and businesses alike are scrambling to leverage these digital devices for everything from aerial photography to package delivery. Their inexpensive cost makes them readily accessible, and the uses are virtually unlimited – even for the malicious actor.Perhaps you saw in the news where a drone was used to get within range of a home and hack into the automation features to control the lights. While that stunt was simply annoying, it shines a spotlight (pun fully intended) on the bigger issue security professionals face when seeking to implement this new technology securely.

Aerial Hacking

Recently Raxis conducted a security assessment where we employed a drone to intercept aerial signals in transit between two locations. The drone was positioned in the line of sight of the transmission and intercepted the signal as it flew by.The drone relayed the data to our security engineer on the ground and the captured data was reviewed for exploitable content.Similarly, drones can be used for proximity attacks where they can get close enough to a target to intercept the radio signal. This information can be saved onboard or relayed to a remote location for analysis and use.Drones can be readily equipped to receive and transmit data across a myriad of transports. This creates an interesting array of attack vectors for the creative hacker.

What Can You Do?

Drones offer an entirely new attack vector for hackers. As a security engineer, you need a comprehensive plan that incorporates drone-related threat profiles:

  • Establish a no-fly zone and prepare countermeasures for safely landing a rouge drone (where legally available).
  • Maintain vigilant surveillance of critical areas.
  • Ensure that all data is highly encrypted and that no plain text passwords or other information is being transmitted through the air.
  • If a drone is spotted, consider ceasing all data traffic until the drone is no longer a threat.

Beyond intercepting data, drones are employed for general surveillance with increasing frequency. An attacker preparing to infiltrate your physical property can gain a substantial amount of information by reviewing aerial footage obtained during overhead flights.Drones can be small, quiet, and hard to detect. It’s possible a drone could surveille your property without attracting undue attention. Even if the device is noticed, it’s likely that employees would simply assume its presence is recreational without considering the security implications regarding such a device in proximity to a given facility.Training and attentiveness are critical to maintaining a robust security posture against these aerial attacks. The old slogan from US Homeland Security, “If you see something, say something” applies here. Encourage your employees to report drone sightings and develop a legal and safe plan for handling drone flights in your area.Above all else, realize that drone-based attacks can pose a significant threat to your security posture and should be managed accordingly.


Brad Herring

Posted on

Categories: , ,

Also by Brad Herring

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.