Vulnerabilities and security attacks on drones

drones

More than 10 years ago, most non-military drones were custom-built, remotely piloted aircraft flown by model aircraft enthusiasts for fun. But today, highly capable commercial drones are sold everywhere for a few hundred dollars to a wide variety of enthusiasts.

Many of these drone enthusiasts are interested in more than just flying. Some want a “flying camera” with little or no flight training, while others want to race aircraft using personal point-of-view technology.

With all these good things come the bad. A few operators use drones for illicit or illegal activities, such as spying on neighbors or manufacturing plants, disrupting flight operations, delivering contraband into prison yards, or even harming others.

The drones’ characteristics, such as small size, low cost, and ease of maneuverability and maintenance, make them a preferred choice for criminals and terrorists, mainly due to their nature, making them less prone to detection. Drones can also be armed and modified to carry deadly chemicals or be fit with explosives to attack critical infrastructures.

This post will explore the common drone vulnerabilities that can pose a significant threat to public safety and security.

1. Jamming or spoofing GPS data

The navigation of drones depends on GPS signals received and processed by the onboard GPS receiver. GPS broadcasts are unencrypted and unauthenticated signals freely accessible for civilian use. This open nature of the GPS signals enables spoofing attacks, where fake signals can be generated and fed to the attacked drone to alter the geographical coordinates calculated by the drone’s GPS receiver. Besides, GPS signals can be easily jammed, thus cutting the drone’s external navigation feed, which renders the drones to a disoriented state, eventually crashing.

2. Jamming or spoofing transmissions

Civilian drones are equipped with a system similar to an Automatic Dependent Surveillance-Broadcast (ADS-B) that broadcasts the aircraft’s position and velocity every second to avoid collision with other manned or unmanned aircraft. Similarly to GPS signals, ADS-B signals are unencrypted and unauthenticated. They can be easily replaced or jammed by fake ones, leading the drone into an imminent collision because of the inability to detect or verify the ADS-B warning. Spoofing ADS-B signals can also be used instead of GPS spoofing to take control of the aircraft. In other words, an attacker can continuously feed the drone with malicious ADS-B signals to trick it into diverting its course to avoid collisions and ultimately directing it to the desired territory.

3. Manipulating the captured footage

Autonomous drones rely on the video captured by their cameras for navigation and collision avoidance. Normally, the process starts with the flight controller requesting the captured video from the kernel of the flight controller computer’s operating system by issuing a system call. An attacker who knows the system parameters and can access the flight controller can intercept the system calls issued to the kernel and replace the genuine footage with the fabricated. The consequence of this attack is hijacking by intentionally landing it at a location other than the originally intended one.

4. Injecting falsified sensor data

This type of attack aims to destabilize the drone by compromising sensors by injecting fabricated readings in the flight controller. All external sensors such as radar, infrared, and electro-optical sensors can be manipulated using directed energy to control the electromagnetic spectrum.

5. Malicious hardware/software

Both the ground control unit and the flight controller are vulnerable to hardware and software Trojans that can be either discretely designed in the system or transferred to it. An example of such a virus that infects drones is a software known as Maldrone, which enables the attacker to control the drone once installed on the drone. This malware opens a backdoor connection to receive its commands. The malware then acts as a proxy for the drone’s flight controller and sensor communications, enabling the injection of the desired values for both communications. On the other hand, Hardware Trojans are intentionally designed into the drone’s chips to disable security mechanisms and can have catastrophic consequences when triggered.

6. Unauthorized disclosure of communication

Information exchanged between the drone and GCS includes the telemetry feeds and GCS-issued commands. Such information should be protected against unauthorized disclosure when intercepted. However, attackers can initiate a passive interception attack which can intercept the captured live video feeds sent by the drone to the GCS. Authenticated encryption is the first step in guaranteeing the exchanged data’s confidentiality and integrity on the communication link.

7. Denial of Service

A denial-of-service attack is launched on drones given that the adversary can access the flight controller parameters and, therefore, can disrupt the drone. Such an attacker can manipulate the flight control commands, including the shutdown command, which can be illegitimately invoked while the drone is in operation. Moreover, since some drone models are relatively small, they encompass moderately powered processors. Accordingly, flooding their network cards with random commands via the data link can force such drones to go into an unexpected state and possibly halt their operation.

8. GCS control signals spoofing

In a man-in-the-middle attack, an attacker can inject false wireless control commands using the data link and block legitimate communication between the drone and the ground control station. He then begins commanding the drone herself. Even a covert wireless injection is possible if he tricks both the ground control and the drone into believing they are communicating properly. In other words, the attacker intercepts the actual commands generated by the ground control station, sends his own instructions to the drone, and then communicates the expected responses to the ground control.

9. Theft and vandalism

Drones flying at a visual distance are attractive targets for theft and vandalism, which can be accomplished using various methods, starting from a simple dart gun to an anti-drone rifle. Anti-drone rifles, which the police normally use for catching snoopy drones, are likely to be available to regular civilians soon. Such rifles can disable drones within a distance of 1300ft without damaging them, using radio pulses. Another approach for grounding drones is the adoption of hostile drones. Such a drone acts as a predator drone built by attaching a fishing net to physically catch other drones.

10. Weather and civic challenges

A drone’s ability to maneuver and navigate through different objects and weather conditions is key to a successful and safe drone flight. The effect of weather on a drone is similar to that of a manned aircraft since it depends on the aircraft’s design, size, and power. The effect of some weather conditions depends on the flight time that the drone will endure in such conditions.

Like manned aircraft, harsh weather conditions, such as thunderstorms, turbulence, or freezing rain, can be critical during flights and cause accidents. Notably, mini drones are more vulnerable to such conditions, including extremely low or high temperatures. Another challenge for civilian drones is their need to avoid colliding with different civic constituents such as trees, electric cables, and buildings.