In the past, The Hacker News (THN) reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones (MalDrone), or Weaponized drones getting legal, or Drones hacking smartphones.
And now the reports depict…
Security Researcher has showcased a method that can be used to hack and hijack Unmanned Aerial Vehicles (UAVs), more commonly known as DRONES.
Senior AV researcher at HP Security Research Oleg Petrovsky demonstrated scenarios of cyber attacks targeting the flight controller of drones with analysis explaining how drones could become victims of cyber attacks.
Petrovsky has analyzed configurations and controllers for various popular multi-rotor unmanned aerial vehicles (UAVs) to discover the weaknesses present in the already implemented cyber attacks.
The research focuses on the flight controllers which is a microprocessor and comprises of:
The flight controller of a Drone handles data processing, calculations, and signals and is also known as its “Brain.”
However, technology that Petrovsky has utilized is:
Other than APM, the researcher points out that this design flaw is meant for other flight controller systems as well.
The two attack scenarios which the researcher has demonstrated on drones with pre-programmed routes are:
The ground station application enables communication with the Drone, which allows the user to wirelessly control the vehicles in the real time.
Therefore, the researcher said protocols implemented are not secure and allow an attacker to install malicious software on the system running the ground station.
Also, Telemetry feeds for wireless remote data transmission, and monitoring of the vehicle could be intercepted and flight route of the Drone are shown a different path.
Researcher’s experiments only targeted drones that fly pre-programmed routes, UAVs specifically used in product delivery systems (such as mail, medical tests and food).
While discussing the cyber attacks on Drones, Petrovsky emphasized that those attacks are happening not because of actual vulnerability in the system, rather because there are design flaws in the UAV systems.
> Further he added, “Securing the firmware on embedded UAV modules, using secure bootloaders, and implementing authentication and encryption mechanisms,” could be some points that…
> …an attacker can bypass any security measures, as nothing can be completely secured; similarly _“Drones don’t necessarily have to be unhackable the goal should be to make them difficult and expensive to hack.” _
Petrovsky also warned about the security concerning Drones by analyzing their development and usage commercially.
During his presentation, he also displayed:
Petrovsky presented his research at the Virus Bulletin conference in Prague.
Though, the complete research paper is yet to be published on Virus Bulletin’s Website. Meanwhile, you can go through the abstract posted by the researcher.