Exploring vulnerabilities, threats, and exploits in small unmanned aerial systems (sUAS)
PI John Craiger
Small unmanned aerial systems (sUAS), also known as drones, have been called flying computers given the overlap in their technologies. The purpose of this research is to conduct cybersecurity vulnerability assessments of several sUAS to identify vulnerabilities, threats, and associated exploits to the sUAS. Cyber vulnerabilities could theoretically allow a bad actor to take control of the sUAS, cause it to malfunction while in flight, and more.
The Federal Aviation Administration (FAA) predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as ‘drones,’ are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command. Some have argued that a sUAS is essentially a flying computer. As such, sUAS may be susceptible to many of the types of attacks that are often used on personal computers attached to a computer network. Potential attacks on sUAS include de-authentication (i.e., ‘terminating’ the sUAS from the network); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications channel (resulting in the possible loss of the sUAS); and contaminating the sUAS geofencing mechanism (allowing the sUAS to fly in a ‘no-fly-zone’). The result of these types of attacks include theft of the sUAS; flying the sUAS into sensitive/off- limits areas; purposefully crashing the sUAS to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data).
The purpose of this research is to identify potential threats, vulnerabilities, and exploits for a subset of consumer/hobby sUAS that were included in the 2016 ERAU sUAS Consumer Guide. The research will apply a threat modeling approach to identify cyber-based vulnerabilities; potential attack vectors; commercial-off-the-shelf and “home-built” equipment required to effectuate attacks; cyber and kinetic ramifications of attacks; and mitigating strategies for protecting sUAS from cyber-attacks. Vulnerability assessments are to be conducted via network scanning tools to identify open network ports, vulnerability scanners that identify system vulnerabilities, and tools used for the associated exploitation of these vulnerabilities. The exploitation (i.e., attack) architecture will use an attack proxy consisting of a Raspberry PI running Kali Linux OS, and specifically outfitted with multiple network interface cards, allowing the proxy to capture and manipulate network traffic in either managed or monitor (i.e., active vs. passive) mode. Given that most personal computers are known to suffer from various cyber vulnerabilities, and many of the components and software are the same as used in personal computers, we expect to observe the same for the sUAS.
Identifying threats and vulnerabilities has two purposes, one defensive, and one offensive. From the defensive side, manufacturers, and even users, should be aware of potential threats. Manufacturers should be aware that the design and component decisions can effect the cybersecurity of the sUAS. From the offensive side, sUAS pilots are known to fly them for nefarious purposes, including flying into no-fly zones, violating the privacy of individuals using attached high-definition cameras, etc. Indeed, a new and growing industry involves developing anti-drone techniques to protect against rogue sUAS and their pilots.
07/01/2018 to 06/30/2019