In an “open skies” era in which drones fly among us, a new question arises: how can we tell whether a passing drone is being used by its operator for a legitimate purpose (e.g., delivering pizza) or an illegitimate purpose (e.g., peeking at a person showering in his/her own house)? In this talk, I present a new method that can detect whether a specific point of interest (POI) is being video streamed by a drone. I show that applying a periodic physical stimulus on a target/victim being video streamed by a drone causes a watermark to be added to the encrypted video traffic that is sent from the drone to its operator and how this watermark can be detected using interception. Based on this method, I present an algorithm for detecting a privacy invasion attack. I analyze the performance of our algorithm using four commercial drones (DJI Mavic Air, Parrot Bebop 2, DJI Spark, and DJI Mavic Pro) and show how our method can be used to: (1) determine whether a detected first-person view (FPV) channel is being used to video stream a person by a drone in 2 seconds, and (2) locate a spying drone in space. We also demonstrate how the physical stimulus can be applied covertly.
