Exposed Dronesense data shows flights of police drones. Dronesense, a company that provides a platform to law enforcement and government agencies as well as private clients for flying drones, accidentally exposed a database of customer data. The information in some cases showed exactly where the police drones had flown.
Exposed Dronesense data shows flights of police drones
Apart from presenting a significant risk for the integrity of law enforcement investigations, the exposed data also provides insight into the number of police departments, safety services, and others that are using drones in the United States.
Some of the data was used by Motherboard to create detailed maps of police drone flights. In one case it showed how an unmanned aircraft had meticulously scoped out an apartment complex in Atlanta, GA. Another drone flight titled “Mapping Mission” showed two dozen capture points, that probably refer to a location that needed to be photographed across a residential neighborhood in Washington D.C.
“If Dronesense was breached, then it’s just another example of law enforcement putting too much faith in new surveillance technologies without fully accounting for the risks,” Dave Maass, senior investigative researcher at the Electronic Frontier Foundation (EFF) said in an email according to Vice. “In addition to potential harms to privacy, insufficient security of law enforcement systems can also undermine the integrity of criminal investigations and even the justice process.”
The database shows various organizations such as the Boise Fire Department, the Atlanta Police Department, City of Coral Springs, Nassau County Police Department, and even the U.S. Army Corps of Engineers.
A flight plan that Motherboard was able to extract from the exposed Dronesense data. Image: Motherboard
The information that was exposed did not contain any actual aerial photos or footage recorded by the drones. It did, however, provide data such as flight path, the brand of drone used, pilot’s name, email address, and other technical data about the drones.
Vice also reports the response from Carlos Campos, a spokesperson for the Atlanta Police Department, who said in an email: “The Atlanta Police Department began using a drone this year to assist us in a number of ways—primarily with providing us a convenient vantage point from which to manage large-scale events such as major sporting events and parades. We contacted DroneSense after your inquiry; the company acknowledged the data exposure and assured us it has taken measures to correct the flaw. We have no reason to believe any law enforcement-sensitive data was compromised as a result of the exposure. Still, the Department values the importance of data security and are discussing the issue further with DroneSense.”
Independent security researcher, Noam Rotem first discovered the Dronesense data and notified both Dronesense and Motherboard.
Maass said that “surveillance vendors often provide sales pitches that emphasize everything that can go right when a technology is deployed but rarely do they address what might happen when the technology fails. This latest incident indicates that law enforcement should exercise more skepticism when acquiring new surveillance systems.”
Dronesense provided Motherboard with a statement that the company had sent to its customers, in response to a number of questions.
“On December 3rd, DroneSense was notified by a security researcher of a potential vulnerability regarding a database located in our cloud-based infrastructure,” the statement reads. “Within minutes of this notification, DroneSense identified and corrected a security flaw which had exposed a list of organization names within the DroneSense platform and, for a limited number of organizations, account data. At no time were live video streams or customer uploaded images, videos, documents, or media of any kind exposed by this flaw.”
Stay in touch!
If you’d like to stay up to date with all the latest drone news, scoops, rumors and reviews, then follow us on Twitter, Facebook, YouTube, Instagram or sign up for our daily email newsletter, that goes out every weekday at 6 p.m. ET.
Buy your next drone directly from manufacturers, such as DJI, Parrot, Yuneec or retailers like Adorama, Amazon, B&H, BestBuy, DroneNerds or eBay. By using our links, we will make a small commission at no additional cost to you. Thank you for helping DroneDJ grow!
Photo: Dronesense
FTC: We use income earning auto affiliate links. More.
Comments