UC Irvine Researchers Uncover Major Security Flaw in Drones

Experts demonstrate how an ordinary umbrella can manipulate autonomous target-tracking drones, raising concerns about public safety and privacy.

Published on Feb. 26, 2026

Got story updates? Submit your updates here. ›

Researchers at the University of California, Irvine have discovered a critical security vulnerability in autonomous target-tracking drones that could enable attackers to capture or crash the aircraft using a simple umbrella. The team developed a novel physical-world attack framework called FlyTrap that exploits deficiencies in the camera-based tracking technology used by many consumer and commercial drones.

Why it matters

The findings highlight urgent needs for security improvements in autonomous drone technology before wider deployment in critical infrastructure like border control, security surveillance, and law enforcement operations. The vulnerability could be exploited by criminals to evade detection or by victims to eliminate a harassing drone, raising concerns about public safety and personal privacy.

The details

The UC Irvine team demonstrated how an ordinary umbrella covered with a specifically designed visual pattern can deceive the neural network tracking systems used by autonomous drones. The aircraft's computer logic interprets the images on the umbrella as a person moving farther away, causing the drone to steadily move closer until it can be captured or crashed. The researchers successfully tested the FlyTrap attack on three commercial drones, the DJI Mini 4 Pro, the DJI Neo, and the HoverAir X1.

  • The UC Irvine team's findings were presented this week at the Network and Distributed System Security Symposium in San Diego.
  • All drone data and experiments were completed before December 22, 2025.

The players

UC Irvine

A member of the prestigious Association of American Universities and ranked among the nation's top 10 public universities by U.S. News & World Report.

Alfred Chen

UC Irvine assistant professor of computer science and co-author of the paper.

Shaoyuan Xie

UC Irvine graduate student researcher in computer science and lead author of the paper.

DJI

A drone manufacturer whose products were tested in the UC Irvine research.

HoverAir

A drone manufacturer whose products were tested in the UC Irvine research.

Got photos? Submit your photos here. ›

What they’re saying

“Autonomous target tracking represents both tremendous potential and significant risk. While law enforcement and security agencies are adopting this technology for border patrol and public safety, it's also being misused by criminals for stalking and other malicious purposes. Our work is the first comprehensive security study of this widely deployed technology.”

— Alfred Chen, UC Irvine assistant professor of computer science (Mirage News)

“Our findings highlight urgent needs for security improvements in [autonomous target-tracking] systems before wider deployment in critical infrastructure. If it's that easy to seize control over an autonomous drone, operating them in public or in critical security or law enforcement settings should be reconsidered.”

— Shaoyuan Xie, UC Irvine graduate student researcher in computer science (Mirage News)

What’s next

The UC Irvine researchers have responsibly disclosed the vulnerabilities they discovered to drone manufacturers DJI and HoverAir, and are calling for urgent security improvements in autonomous target-tracking systems before wider deployment in critical infrastructure.

The takeaway

The UC Irvine team's discovery of a simple yet effective way to manipulate autonomous drones using an ordinary umbrella raises serious concerns about the security and privacy implications of this rapidly advancing technology. As drone use expands in law enforcement, border control, and other sensitive applications, ensuring robust safeguards against such physical-world attacks will be crucial to protecting the public.