14 DAY TRIAL // At the Virus Bulletin 2015 security conference in Prague, Oleg Petrovsky of HP Security Research has presented a few scenarios which allow attackers to take control over unmanned aerial vehicles (UAVs), more commonly known as drones.
Petrovsky's research focused on drone models that come with an ArduPilotMega (APM) flight controller, but he also said that the design flaws he uncovered can theoretically be applied to many other systems as well.
His experiments only targeted drones that fly pre-programmed routes, UAVs generally used in product delivery systems (mail, medical tests, food, etc.).
These types of drones need a "ground station" with which to communicate, and in his research, Petrofsky used a popular ground station product called Mission Planner.
The ground station communicates with the drone, relaying information about fly paths and gathering performance metrics. Additionally, it can also be used to send out new orders in real time, altering the drone's pre-programmed flight plan.
Hackers can tap into the drone <-> ground station connection
Because the ground station "talks" to the drone via unsecure protocols, attackers can easily hack their way into controlling the drone by using two methods.
The first is the most obvious and relies on communication spoofing, by performing trivial Man-in-the-Middle attacks.
The second is a little bit more complex, and relies on infecting the computer running the Mission Planner software. By using malicious code, an attacker would be able to tap into the drone telemetry connection, and from there inject their own commands, or intercept data coming from the drone.
As Mr. Petrovksy claims, it does not matter if the drone-ground station connection works via Bluetooth, WiFi, radio protocols, or ZigBee.
Oleg Petrovsky's research will be published on Virus Bulletin's website, but in the meantime, you can read Eduard Kovacs' piece for SecurityWeek.
