Common Attacks
Previous Attacks
These following are some common attacks against civilian drones, as well as some common attacks aimed at WiFi vulnerabilities.
Jamming/Spoofing GPS data
GPS signals are unencrypted and unauthorized, which makes drones vulnerable to spoofing attacks since it’s possible to generate fake GPS signals and feed them to the drone in order to alter its positional coordinates calculated by the drones GPS receiver. GPS signals can also be jammed, which means that the external navigation feed received by the drones GPS receiver gets cut leading the drone into a disoriented state and potentially crashing it [6]
Jamming/Spoofing the UAV transmissions
Civilian drones are expected to be equipped with a system that continuously broadcasts status variables such as velocity, position, speed etc. These signals are also unencrypted and unauthorized since it’s a broadcast, meaning they can be jammed or be replaced by fake ones [7].
Denial of Service
A denial of service attack, often referred to as a DoS attack, has the aim of preventing legitimate users of a service, in this case denying the ability for a user to connect to a drone [8]. This could be done by flooding the drones with connection requests, resulting in the drone blocking all requests sent, even requests from the user.
Man in the Middle Attack
A drone could also be the victim of a maninthemiddleattack. The user thinks it is talking to the drone, and the drone thinks it is talking to the user, while they are in fact talking to the attacker. This could be done by forming a fake connection between the drone and the user, having them both talking through the attacker. The attacker could then receive commands from the user, disregard them, forging new commands and sending them to the drone [9].
Intercept Data Feed
If the drone is equipped with a camera it sends that video stream back to the controller in realtime. Attacks like this have been conducted on unsecured communication links with cheap software like SkyGrabber; a product used to intercept satellite feeds. Intercept data feed attack might seem harmless, but there is no way to detect or defend against it. However, the data can be encrypted so that even if an attacker would intercept the data it would not be possible to interpret. This attack has been used in warfare such as by Hezbollah on an Israeli drone, which resulted in assisting the enemy forces to ambush and kill Israeli commandos.[11]
Filesystem Backdoor
By using a filesystem backdoor an attacker could access files, change the configuration of the drone or place any malicious code inside the system [10].
Take Full Control of the Drone
Samy Kamkar developed a drone that flies around, seeks the wireless signal of any other drone in the area, disconnects the wireless connection of the owner and authenticates with the target drone pretending to be its owner, then feeds commands to it, resulting in full control of the flight. This project only used a Parrot AR. Drone 2 with a Raspberry Pi connected to an Alfa AWUS036H wireless network adapter mounted to it, running his SkyJack software.[12]
Wifi Password Cracking
There are multiple known weaknesses regarding WiFi, but one significant weakness is the WPAPSK encryption. An attacker could deauthenticate a device on the network and capture the transmission of the WPA handshake, which contains the hashed network password. The next step is to conduct either a dictionary attack or simply brute force passwords and hash them until the attacker gets a match, and the password has been cracked [11].
Reverse Engineering the Controller Application
Reverse engineering can be done to inspect the code of the application of which the controller uses in order to communicate with a UAV. In a previous attack, hackers were able to retrieve file structures, java classes and libraries used to encrypt and decrypt flight record data [12].
REFERENCES
Last updated