A vulnerability in camera systems allows a simple umbrella to control and even crash a UAV, writes Nick Flaherty.

Researchers at the University of California, Irvine, discovered the security vulnerability in autonomous target-tracking UAVs and developed an attack framework called FlyTrap to exploit it.

FlyTrap exploits deficiencies in camera-based dynamic tracking technology that enables UAVs to follow selected targets without being directly controlled by humans.

“Autonomous target tracking represents both tremendous potential and significant risk,” said Alfred Chen, UC Irvine assistant professor of computer science who led the project. “While law enforcement and security agencies are adopting this technology for border patrol and public safety, it’s also being misused by criminals for stalking and other malicious purposes. Our work is the first comprehensive security study of this widely deployed technology.”

The vulnerability is a distance-pulling attack that physically draws a UAV closer to an attacker. An ordinary umbrella covered with a specifically designed visual pattern can deceive machine learning tracking systems used by a sensor system using a Single-Object Tracking (SOT) module. This SOT is a core component of the autonomous tracking pipeline: it produces the object location estimates used by the UAV for navigation. Modern SOT approaches are built with deep learning where the tracker is given a single template image of the target and then searches for that same target in each incoming camera frame. For each frame, the model produces one or more bounding-box proposals (rectangle coordinates plus a confidence score). The tracker chooses the proposal with the highest confidence as the final reported location for that frame.

In FlyTrap, the aircraft control logic interprets images on an umbrella as a person moving farther away, even though they are stationary. To maintain its tracking distance, the UAV moves steadily closer to the umbrella holder until the aircraft can be caught with a net or crashed. Unlike other possible attacks that simply cause loss of tracking, this approach enables elimination of a UAV through physical capture or collision.

The researchers tested FlyTrap attacks on three commercial UAVs: the DJI Mini 4 Pro, the DJI Neo and the HoverAir X1. Results showed that an attack could pull the aircraft close enough for capture using net guns or to induce direct physical crashes. The team has disclosed these vulnerabilities to the manufacturers.

The vulnerability could be used to evade detection by law enforcement. For example, unpiloted aircraft patrolling border zones could similarly be hampered by a FlyTrap-like attack. Conversely, people being stalked could use the technique to eliminate a harassing UAV.

“Our findings highlight urgent needs for security improvements in [autonomous target-tracking] systems before wider deployment in critical infrastructure,” said researcher Shaoyuan Xie, a UC Irvine graduate student researcher in computer science. “If it’s that easy to seize control over an autonomous drone, operating them in public or in critical security or law enforcement settings should be reconsidered.”