General security

Security Concerns of Flying Motorcycles [Updated 2019]

Daniel Dimov
August 14, 2019 by
Daniel Dimov

Section 1. Introduction

Flying motorcycles resembling the flying machines from Star Wars are about to be placed on the market. A number of developers are working on designing large-scale aerial platforms that can lift and carry humans and heavy packages. Simpler than helicopters and convenient as motorbikes, flying motorcycles may expand the range of transportation means in the future. However, since such machines are equipped with a number of sophisticated sensors and advanced operating software, they can be susceptible to cyber threats.

This article will overview the technological specifications of flying motorcycles (Section 2) and identify potential security concerns of their systems (Section 3). At the end of the article, a conclusion is drawn (Section 4).

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Section 2. Technological specifications of flying motorcycles

At present, several types of flying motorcycles are being tested by developers. Hoverbike, a machine based on drone technology, is presented as "world's first flying motorbike." The machine is capable of transporting people and items weighing up to 130 kg over remote and non-easily accessible places, such as mountains, waters, and buildings. The creators of Hoverbike expect that the vehicle will serve as a more flexible version of a helicopter. The main difference between Hoverbike and helicopter is that, due to the simplicity of its design, Hoverbike can operate near obstacles and may be operated by people without extensive flying experience. The device is capable of flying by itself without human intervention on a pre-determined flight path when coupled with a 3DR Pixhawk flight controller. The developers of Hoverbike claim that future versions of Hoverbike will use additional sensors and software that will allow them to avoid obstacles in their operational environment. Thus, the vehicle will be self-driven.

Another flying motorcycle that is currently being developed is Aero-X. Aero-X is an unmanned vehicle that can fly up to 10 feet off the ground and reach the speed of 45 miles per hour. Similar to Hoverbike, the operation of Aero-X does not require extensive skills. The developers claim that a weekend-long course will be enough to learn how to ride the vehicle. Aero-X can be adopted not only for outdoor transportation but also for surveying and research, rescue, border patrol, and aerial agricultural purposes, among other uses. The device is capable of carrying two persons or up to 140 kg of load. It contains safety features, such as airbags and redundant control system. The flying motorcycle can take off vertically, thus not requiring runways or forward speed.

The motorcycle producer BMW Junior also attempted to develop a full-scale flying motorcycle based on a Lego model. Although the vehicle will be showcased in various exhibitions, it will not be a real operative full-sized version of a flying motorcycle.

As a response to the increasing number of commercial projects involving flying vehicles, Dubai plans to justify its role of an innovation hub by introducing flying drone taxis for transporting passengers shortly (in summer 2017, according to The Telegraph). Such vehicles will be driven by specially designed operational software and will not have a pilot. The taxis will be capable of carrying a single passenger together with a small personal load. They will be capable of offering a journey taking up to 23 minutes.

The many attempts to design and introduce on the market the concept of a flying motorcycle may bring the futuristic image of personal flying transport closer to reality.

Section 3. Potential cyber security risks

Flying vehicles mostly work by technological principles governing drones. Hence, drone-based flying motorcycles may be susceptible to the same security flaws as drones. The fact that flying motorcycles can carry people makes the topic especially sensitive. In this Section, we overview the potential cyber security risks associated with flying motorcycles.

To start with, drone motorcycles may cause physical threats, such as switching off during the flight and causing physical damage to bystanders, buildings, and commercial jets. Moreover, flying unmanned vehicles can serve terroristic organizations for transporting dangerous materials (e.g., explosives, chemical, and biological agents). Finally, drone-like machines can be used for threatening, stalking, harassing, and eavesdropping individuals.

In addition to physical dangers, flying motorcycles are susceptible to information security vulnerabilities due to the use of sophisticated software in their design. By committing wireless network intrusions, capturing sensitive information, conducting unsolicited surveillance, and exercising unauthorized access, cyber criminals may cause a threat to personal and public security. Flying motorcycles may be targeted in a variety of ways, including, but not limited to, Man-in-the-Middle and Distributed Denial of Service attacks, crashing autonomous control, infiltrating into communication, jamming network channels, compromising the availability of real-time data, spreading viruses, and other malicious actions.

In this article, we discuss three types of cyber security risks that can be associated with flying motorcycles, namely, malware in operational systems (Section 3.1), remote control by exploiting security loopholes (Section 3.2), and software bugs (Section 3.3). We also briefly overview data protection issues associated with such devices (Section 3.4).

3.1 Malware in operation systems

Injection of malware in the operational systems of flying motorcycles may result in taking control of the vehicle and causing its drop or hijacking. One of the notable forms of malware targeting drones, namely, Maldrone malware, was used for a demonstration by Indian researchers that revealed that the malware program "causes the motors to stop and the drone falls off like a brick." Maldrone can be injected remotely or over a wireless connection, without the notice of an operator. Once the malware is installed, the attacker is capable of taking control of the vehicle and possibly spreading the malware further to other drone-like machines. Malware is especially dangerous in aircraft that use complex monitoring servers. In 2010, the central computer system of a Spainair plane was affected by a Trojan application, thus rendering the monitoring server useless and causing crashing of an airplane in Madrid. 154 people were killed during the incident.

3.2 Remote control by exploiting security loopholes

Like other unmanned aerial vehicles, flying motorcycles may be used by hackers to kill people or put them in risky circumstances (e.g., on the roof of a skyscraper). The only way to avoid such threats is to ensure that their security is made impeccable during the development process. In this regard, it is worth mentioning that the security of unmanned drones is a growing concern. During the scientific research in Johns Hopkins University, a group of security researchers demonstrated how easy it is to hack and crash a drone. The research aimed to demonstrate that robotic devices, such as drones, can ignore their human controllers due to intervention in drone's computer system. The team demonstrated three attacks allowing attackers to interfere with the operation of a drone by using a laptop. In the first attack, the drone was bombarded with 1000 wireless connection requests asking to control the device. Due to the digital deluge, device's central processing unit was overloaded and caused it to shut down and land uncontrollably. The second attempt to hack a drone was based on an attempt to transmit an exceptionally large data packet to the drone. Since the capacity of aircraft's buffer allocated was surpassed significantly, the device was forced to crash. Finally, the third hack demonstrated how sending a fake digital packet from a laptop, which indicated that the packet's sender is the drone itself, could deceive drone's controller.

By using the three hacking methods described above, terrorists can use flying motorcycles to conduct attacks similar to the attacks in which two planes were used to destroy the North and South towers of the World Trade Center. An army of hacked flying motorcycles can be used to destroy buildings, trains, ships, and airplanes. Such experiments convey a clear message to developers stating that the devices should "leave the factories with enhanced security features already on board, instead of relying on later "bug fix" updates, when it may be too late."

3.3 Software bugs

Bugs in operational systems of flying aerial devices can be especially dangerous. By way of illustration, the crash of the military Airbus A400M in Spain in 2015 was caused by a faulty software configuration, namely, a bug in the engine control software. Such fault caused three out of four aircraft's engines to power-off shortly after takeoff.

The most common sources of bugs in drone software relate to wrong interactions between multiple controllers/modes, mathematical mistakes in control laws, and memory issues. Developing high-quality software, conducting a high number of test operations, and commitment to safety are the factors that may help to limit the number of software bugs in flying motorcycles.

3.4 Data collection and privacy concerns

Currently, drones serve in journalism, search-and-rescue missions, agriculture, and videography. In other words, the essential function of unmanned aerial devices is collecting data. Although flying motorcycles promise to transport people in a cheap and hassle free manner, they may also be used for collecting data and interfering into people's private lives. The flying motorcycles would operate over private properties and public lands. Thus, privacy and data protection issues related to the use of such vehicles should be taken into consideration. There are some drone regulations established in the US and other jurisdictions that respond to the shifting landscape of technology and proliferation of electronic surveillance means. However, the legal framework for personal transportation aerial vehicles is still in its infancy.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

4. Conclusion

In this article, we overviewed the current state of flying motorcycle technology, which focuses on the promising yet extravagant way of traveling. A responsible and comprehensive attitude towards cyber security of aerial devices throughout their development process may help to reduce the risk of crashes, illegitimate control, and threats to public security.

References

  1. Boon, K., Lovelace, D., 'Terrorism: Commentary on Security Documents Volume 133: The Drone Wars of the 21st Century: Costs and Benefits', Oxford University Press, 2014.
  2. Butnix, J.P., 'BMW Develops Real-Life Flying Motorcycle Concept', The Merkle, 22 February 2017. Available at https://themerkle.com/bmw-develops-real-life-flying-motorcycle-concept/ .
  3. Custers, B. (Ed.), 'The Future of Drone Use: Opportunities and Threats from Ethical and Legal Perspectives', Springer, 2016.
  4. Davies, S., Hertig, C., Gilbride, B., 'Security Supervision and Management: Theory and Practice of Asset Protection', Butterworth-Heinemann, 2015.
  5. DeLaOsa, J., 'The Promising Yet Vulnerable Reality of Unmanned Aerial Vehicles', ECN, 31 January 2017. Available at https://www.ecnmag.com/article/2017/01/promising-yet-vulnerable-reality-unmanned-aerial-vehicles .
  6. Gallagher, S., Airbus confirms software configuration error caused plane crash', ArsTechnica, 1 June 2015. Available at https://arstechnica.com/information-technology/2015/06/airbus-confirms-software-configuration-error-caused-plane-crash .
  7. Gibbs, S., 'Airbus issues software bug alert after fatal plane crash', The Guardian, 20 May 2015. Available at https://www.theguardian.com/technology/2015/may/20/airbus-issues-alert-software-bug-fatal-plane-crash .
  8. Gregory, M., Glance, D., 'Security and the Networked Society', Springer Science & Business Media, 2014.
  9. Hoverbike, Kickstarter. Available at https://www.kickstarter.com/projects/1524806320/hoverbike .
  10. Hoverbike. Available at http://www.hover-bike.com .
  11. 'Johns Hopkins scientists show how easy it is to hack a drone and crash it', Johns Hopkins University, 8 June 2016. Available at http://hub.jhu.edu/2016/06/08/hacking-drones-security-flaws/ .
  12. McGoogan, S., 'Self-flying taxi to transport passengers in Dubai', The Telegraph, 15 February 2017. Available at http://www.telegraph.co.uk/technology/2017/02/14/self-flying-taxi-transport-passengers-dubai/ .
  13. Shin, H., Choi, K., Park, Y., Choi, J., and K., Y., 'Security Analysis of FHSS-type Drone Controller', In: 'Information Security Applications: 16th International Workshop, WISA 2015, Jeju Island, Korea, August 20-22, 2015, Revised Selected Papers', Kim., H. (Ed.) and Choi, D., (Ed.), Springer 2016.
  14. Ryver, K., 'A Future Full of Drones — and the Advanced Threats They Present', IBM Security Intelligence, 29 April 2016. Available at https://securityintelligence.com/a-future-full-of-drones-and-the-advanced-threats-they-present/ .
  15. Završnik, A., 'Drones and Unmanned Aerial Systems: Legal and Social Implications for Security and Surveillance', Springer, 2015.

    Co-Author

    Rasa Juzenaite works as a project manager in an IT legal consultancy firm in Belgium. She has a Master degree in cultural studies with a focus on digital humanities, social media, and digitization. She is interested in the cultural aspects of the current digital environment.

Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.