2 Ways Hijackers Can Hack Quadcopters
Part of Petrovsky’s research focuses on attacks targeting the flight controller, a system that consists of several sensors and an embedded processing unit. Some of the most popular flight controller models are ArduPilotMega (APM) and Pixhawk from 3D Robotics, MultiWii, OpenPilot, and DJI Naza.
The fact that these controllers use the same underlying technology is beneficial for development, but it’s also beneficial for potentially malicious actors because it provides them a homogenous attack surface, the expert said.
While in many cases drones are controlled in real-time using a remote control, their flight path is often pre-programmed using so-called ground station software.
The ground station, which is used to wirelessly communicate with the UAV, displays performance and positioning data in real-time, it can be used to upload new parameters and mission commands, and it allows the user to control the vehicle in flight. The problem, according to the researcher, is that UAV telemetry and command protocol implementations are not inherently secure.
Since the protocols allow drones to be configured and controlled remotely, but don’t use any special authentication, an attacker can use malicious software installed on the computer running the ground station to tap into the telemetry link.
One attack method described by Petrovsky involves capturing, modifying, and injecting a data stream into a telemetry link connection over a serial port. Another attack method involves spoofing the connection to the ground station in order to take complete control of the interface.
The telemetry feed can be transmitted using Wi-Fi, Bluetooth, ZigBee or a proprietary radio link. Bluetooth, which is used for short-range communications, and a radio module, which works for much longer distances (e.g. 1 kilometer), are very popular transmission methods, and both of them can be hacked, the expert said.
Using these telemetry and command feed attack methods, a malicious actor can, for instance, upload an arbitrary flight path to the drone.
The hardware testbed, the GPS unit, and middleware also add to the attack surface.
Securing Drones Against Cyberattacks
In an interview with SecurityWeek, Petrovsky pointed out that the attack methods he described are possible due to design flaws rather than actual vulnerabilities in the systems. The expert’s recommendations for preventing such attacks include securing the firmware on embedded UAV modules, using secure bootloaders, and implementing authentication and encryption mechanisms.
The researcher believes that these issues can be addressed only through collaboration between the security community, the hardware and software developers, and regulators. Drones don’t necessarily have to be unhackable — the goal should be to make them difficult and expensive to hack, the expert said.
Other Related Posts:
Article & image source
image 2 source
image 3 source