|Preview drone hacking exploitation and vulnerabilities.pdf|
Drones are a growing threat to law enforcement and security specialists. Low-cost and easy to use, drones can carry out surveillance, capture data, or disrupt networks. Making matters worse, drones are hard to detect and defeat. Their growing popularity is proportional to the number of exploits found in UAVs by hackers. In this edition, we would like to focus on the strong and weak points of drones. What are their vulnerabilities, how to exploit them? On the other hand, you will see what steps to take to secure your UAV.
Let’s see what’s inside!
The first part of this edition is focused on vulnerabilities and exploits that can be found in a UAV. In the article Exploring Security Vulnerabilities of UAV, you will learn how attacks such as Man-in-the-Middle can affect your device (there are other techniques presented as well). How to find Security Vulnerabilities in Unmanned Aerial Vehicles Using Software is another article that will dive into weak points of drones, and help you understand how a UAV can be attacked. Following that, Cyber Attack Vulnerabilities Analysis for UAV is focused on the methods used by hackers while performing an attack. After the analysis, the authors looked closer at the post-attack behavior of the autopilot system through simulation.
Now that we know where to find vulnerabilities and how to exploit them, it’s time to learn more about securing your equipment.
We start with a review of the current situation in Counter UAV strategies. You will learn what are the most important prevention techniques used by specialists to secure drones. Moving forward, Protecting the UAV from Cyber Attacks and Defense Techniques Against Cyber Attacks on UAV are mainly focused on the best techniques against cyber attacks on drones including wireless network encryption and intrusion detection system.
But that’s not all! We recommend the article Security Analysis of FHSS-type Drone Controller that presents an investigation of security in drone controllers. It’s a different approach, surprisingly rarely talked about, so we hope that you will find it interesting. Wireless Communications with UAV will show you, by introducing basic networking architecture and main channel characteristics, how to efficiently use wifi communication to make your drone more effective while performing various tasks. Integration of Machine Learning to simplify the Analysis in Security Operations Center (SOC) will close this edition.
We hope that no matter where you are, you are safe, taking care of yourself and your loved ones. We are all coping with COVID-19 in different ways, and facing different challenges. Those are difficult times, but together, we are strong. Stay safe, stay focused, and don’t give up.
Enjoy the reading,
Hakin9 Editorial Team
Table of Contents
Are drones safe from Humans – What if a drone is hacked!
When we talk about drones the first thing that comes to our mind is a UAV (Unmanned Aerial Vehicle) with a camera which can fly and give us live recording of an event or which can be used to click high definition pictures or videos for tourism of lakes or waterfalls, but there is more to it.
Exploring Security Vulnerabilities of Unmanned Aerial Vehicles
Nils Miro Rodday, Ricardo de O. Schmidt, Aiko Pras
We are currently observing a significant increase in the popularity of Unmanned Aerial Vehicles (UAVs), popularly also known by their generic term, drones. This is not only the case for recreational UAVs, that one can acquire for a few hundred dollars, but also for more sophisticated ones, namely, professional UAVs, where the cost can reach several thousands of dollars. These professional UAVs are known to be largely employed in sensitive missions such as monitoring of critical infrastructures and operations by the police force. Given these applications, and in contrast to what we have been seeing for the case of recreational UAVs, one might assume that professional UAVs are strongly resilient to security threats. In this demo, we prove such an assumption wrong by presenting the security gaps of a professional UAV that is used for critical operations by police forces around the world. We demonstrate how one can exploit the identified security vulnerabilities, perform a Man-in-the-Middle attack, and inject control commands to interact with the compromised UAV. In addition, we discuss appropriate countermeasures to help improve the security and resilience of professional UAVs.
Finding Security Vulnerabilities in Unmanned Aerial Vehicles Using Software Verification
Omar M. Alhawi, Mustafa A. Mustafa , Lucas C. Cordiro
Here we investigate software verification techniques to detect security vulnerabilities in typical UAVs. In particular, we investigate existing software analyzers and verifiers, which implement fuzzing and bounded model checking (BMC) techniques, to detect memory safety and concurrency errors. We also investigate fragility aspects related to the UAV communication link. All UAV components (e.g., position, velocity, and attitude control) heavily depend on the communication link. Our preliminary results show that fuzzing and BMC techniques can detect various software vulnerabilities, which are of particular interest to ensure security in UAVs. We were able to perform successful cyber-attacks via penetration testing against the UAV both connection and software system. As a result, we demonstrate real cyber-threats with the possibility of exploiting further security vulnerabilities in real-world UAV software in the foreseeable future.
Cyber Attack Vulnerabilities Analysis for UAV
Brandon Wampler, James Goppert, Inseok Hwang
In order to develop a cyber-secure autopilot architecture, we have run a study on potential cyber threats and vulnerabilities of the current autopilot systems. This study involved a literature review on general cyber attack methods and on networked systems, which we used to identify the possible threats and vulnerabilities of the current autopilot system. We then studied the identified threats and vulnerabilities in order to analyze the post-attack behavior of the autopilot system through simulation. The uses of UAVs are increasing in many applications other than the traditional military use. We describe several example scenarios involving cyber attacks that demonstrate the vulnerabilities of current autopilot systems.
Counter UAV strategies – A current day review
One of the greatest challenges associated with UAVs, is the ability to accurately monitor and track their movements. UAVs, in particular Small Unmanned Aerial Systems, is no bigger than an average bird and can be as small as an insect. As a result of this, using traditional radar systems would likely result in identifying too many false positives. Additionally, Manned Monitoring Systems can be costly to operate, with the requirement for 24 hour cover, shift patterns, holiday pay, and other considerations when employing staff. Given the increase in UAV activity, the only viable option is to create, design and develop an automated technology.
Protecting the Unmanned Aerial Vehicle from Cyberattacks
Jesus Nunez, Vincent Tran, Ajay Katangur
In this article, attacks performed and observations associated with security vulnerabilities in the AR Parrot 2.0, 3DR Solo, and the DJI Phantom 4 Pro drones will be presented. The current auto-pilot systems and security protocols will also be examined for vulnerabilities and cyberattacks that are common in network systems. Currently, the AR Parrot 2.0 drone communicates through an open Wi-Fi connection, making it vulnerable to multiple forms of attacks. The 3DR Solo works through a password protected Wi-Fi signal, however, it is possible to obtain such a password with the use of specific tools discussed later in the article.
Defense Techniques Against Cyber Attacks on UAV
Charan Gudla, Md. Shohel Rana, Andrew H. Sung
Securing the communication network between the operator and the UAV is therefore crucial. So far, the networks used in most UAV applications are static, which allows more time and opportunity for the adversary to perform cyber-attacks on the UAV. In this article, we propose to study Moving Target Defense (MTD) techniques against cyber-attacks on drones including wireless network encryption and intrusion detection system. MTD techniques change the static nature of the systems to increase both the difficulty and the cost (effort, time, and resources) of mounting attacks. For illustration purposes, a well-known cyber-attack is performed on a popular commercial drone and results are presented to show the network vulnerabilities, damages caused due to the attacks and defense techniques to prevent the attacks.
Security Analysis of FHSS-type Drone Controller
Kibum Choi, Youngseok Park
As a first step toward analyzing these security issues, we investigate security in drone controllers, especially controllers that adopt Frequency Hopping Spread Spectrum (FHSS). In order to affect an FHSS-type controller, an attacker first has to access its physical layer. This is difficult because of the pseudorandomness of the hopping sequence and the rapidly changing channels. However, these difficulties can be relaxed when the attacker acquires the hopping sequence and when the hopping speed of the target system is not significant. In this article, we propose a general scheme to extract the hopping sequence of FHSS-type controllers using a software-defined radio (SDR). We also propose a method to address the issue of the limited bandwidth of the SDR. We implemented our scheme on a Universal Software Radio Peripheral (USRP), successfully extracted the hopping sequence of the target system, and exposed the baseband signal.
Wireless Communications with UAV: Opportunities and Challenges
Yong Zeng, Rui Zhang, Teng Joon Lim
Wireless communication systems that include unmanned aerial vehicles (UAVs) promise to provide cost-effective wireless connectivity for devices without infrastructure coverage. Compared to terrestrial communications or those based on high-altitude platforms (HAPs), on-demand wireless systems with low-altitude UAVs are in general faster to deploy, more flexibly re-configured, and are likely to have better communication channels due to the presence of short-range line-of-sight (LoS) links. However, the utilization of highly mobile and energy-constrained UAVs for wireless communications also introduces many new challenges. In this article, we provide an overview of UAV-aided wireless communications, by introducing the basic networking architecture and main channel characteristics, highlighting the key design considerations as well as the new opportunities to be exploited.
Integration of Machine Learning to simplify the Analysis in Security Operations Center (SOC)
Chirath De Alwis
When it comes to security operations, this machine learning can play a huge role in simplifying the analyst’s tasks. But in order to get the advantage of using machine learning technology it is required to have an understanding of both data science and security operations.