The Drone Renaissance: The Attack Surface Now Includes the Sky

Luke Canfield · 24:32 · 2025 · Track 2

threat-intelred-team

Luke Canfield on the drone renaissance. A Track 2 session from Simply CyberCon 2025.

Open this segment on YouTube ↗ · jumps to 1:11:23 in the Track 2 livestream

The Drone Renaissance: The Attack Surface Now Includes the Sky

Luke Canfield's framing is dry and accurate: the attack surface has included the sky since World War I. What changed is who can build and fly something dangerous. Cheap 3D printers, open-source flight controllers, Telegram design groups, and a hot war in Ukraine collapsed the gap between hobbyist and nation-state capability. Luke's talk is a tour of what that means for cybersecurity people who still picture the rogue access point in a van down the street.

The Gutenberg Comparison

Luke compares consumer 3D printing to the printing press. A four-thousand-dollar high-end printer from ten years ago is outclassed by an eight-hundred-dollar Bamboo Labs P1S today. Industrial gear dropped from a quarter million to roughly thirty thousand. Files for full drone airframes are free or under fifty dollars. The bill of materials sits at any Micro Center. The constraint is no longer money or expertise — it is imagination and the laws of physics.

Ukraine as the R&D Lab

Fiber-optic drones, autonomous waypoint navigation, M40 grenade launchers slung under quadcopters — designs iterate in days on GitHub and Telegram instead of the 18-month military procurement cycle. Hobbyists, cosplayers, engineers, and military strategists are all contributing in public. When the war ends, tens of thousands of skilled builders and pilots disperse worldwide carrying that knowledge. Luke's prediction: critical infrastructure, financial institutions, and individual executive protection are the underappreciated targets coming next.

Perch and Stair Drones — The Quiet Threat

The interesting category is not the kamikaze quadcopter. It is the perch drone — a small unit that flies in, attaches to a flat surface or sits on a water tower, and waits. Solar trickle-charged. Looks like a weather station. Could be a Wi-Fi Pineapple, a signal repeater, or a long-range relay. Luke shows a British prototype that lands at a 90-degree angle using thermal adhesive and glue extruders. The DIY version is PVC pipe and stop-sign solar panels.

Three publicly known cases of drones carrying Wi-Fi attack rigs: ThreatLocker covered one last year, Glitchtech wrote about another in 2018, and Eastern Financial in 2022 found a DJI Matrix 600 parked on their roof running a rogue access point. That last attack cost the operator about fifteen thousand dollars, mostly because they used a ten-thousand-dollar drone they did not need.

Why Defense Is Hard

You cannot jam — FCC violation, they will find you fast. You cannot shoot — felony, plus discharging a firearm in public. Radar reads small drones as birds. Acoustic detection drowns in urban noise. Human attention spans are terrible at tracking small fast objects above 45 degrees of elevation. Forensics on a kit-bashed drone means component-by-component analysis with no unified toolkit, unlike DJI or Autel where commercial software can rebuild flight paths. Worse, commercial drone delivery — Amazon, Walmart, Door Dash, Part 108 next year — means a sticker on the side will make any drone look like it belongs.

What You Can Actually Do

Treat drones as rogue access points, because that is what they are when they show up on your wireless attack surface. Use spectrum analyzers. Maintain the wireless hygiene you should already have. Walk your roof and perimeter looking for things that should not be there. AI-driven optical detection is coming but is not here yet.

Who Should Watch

Physical security teams, wireless red teamers, anyone responsible for critical infrastructure or executive protection, and anyone who still thinks of drones as toys. Especially valuable if you are doing threat modeling for facilities with large outdoor footprints or rooftop equipment.