Recent advancements in uncrewed technology are opening new opportunities and applications in various industries across all domains. Uncrewed aircraft systems (UAS), more commonly referred to as drones, are quickly becoming integrated into our everyday lives for commercial and recreational use; however, these advancements also present new cybersecurity challenges as UASs grow in popularity. This article provides an introduction to UAS security, covering the core components of a UAS platform, associated cybersecurity risks, and recommended mitigations.
UAS Hardware Security
A UAS consists of many hardware components, such as a flight controller, ground control station (GCS), radio system, payload, and companion computer. These components play a critical role in the operation of a drone, but they also serve as potential entry points that an attacker can use to gain unauthorized access to a system or network. We will explore the purpose of each component, how they can be attacked, and appropriate defenses.
The flight controller is the central command center for a drone. Its functionality extends beyond flight mechanics to encompass data transmission and reception, thereby opening potential avenues for cyberattacks. Unsecured flight controllers can be exploited by attackers to hijack systems, intercept sensitive telemetry data, or disrupt operational integrity. For example, an attacker can collect geographical coordinates for sensitive assets or direct a drone to collide with critical infrastructure. Appropriate cybersecurity measures are essential to protect these systems from malicious activities. These measures may include secure coding practices, encryption of communication channels, regular software updates, and penetration testing. Any compromise of the flight controller could have dire consequences, potentially leading to loss of system equipment or physical damage in the event of a crash. Flight controller security is therefore vital for safer drone operations.
The GCS provides a user interface for controlling drones and serves as a communication bridge between the drone and the operator. Given its central role in drone operations and its capacity to transmit and receive sensitive data, a GCS is a prime target for cyber threats. GCS vulnerabilities could lead to a variety of issues, including unauthorized control of the system, data breaches, or interruption of system operations. It is crucial to implement robust security measures, such as secure communication protocols, strong authentication mechanisms, and regular security audits. Moreover, using reputable and regularly updated GCS software can help protect against known vulnerabilities. As cyber threats continue to evolve, so too must the security measures employed in a GCS to ensure secure and reliable drone operations.
Radio systems enable communication between the drone and the operator. The choice of a radio system can have a significant impact on the drone’s range, performance, and the overall user experience. For example, 2.4 GHz radio frequency (RF) modules are the most common type for a UAS as they offer a good balance between range and interference resistance with its use of frequency hopping technology. The radio system and its RF link, however, are potential targets for attacks, such as signal jamming or interception. An attacker could potentially take control of the drone or intercept sensitive data transmitted over the radio link. Therefore, it’s necessary to consider radio security when choosing and operating a drone. Measures like signal encryption and secure pairing between the radio and the receiver can help protect against such attacks.
Drones are versatile platforms capable of carrying various payloads, like cameras, depending on mission requirements for sensing, delivery, and communication. Although these payloads extend a drone’s functionality, they also expand its attack surface and must be protected from exploitation. For example, sensor data can be sensitive, with privacy implications if improperly accessed or leaked. Video feeds can expose details about secure facilities or restricted areas. Delivery payloads could also be targeted, with attackers attempting to intercept or alter deliveries. Communication payloads are susceptible to eavesdropping, data interception, or disruption of their communication services. To mitigate these risks, encryption should be used for data in transit or at rest. Access to payload control systems should also be appropriately secured with strong authentication mechanisms and regular software updates installed to patch any security vulnerabilities.
Companion computers are small, embedded systems, like a Raspberry Pi, that provide additional computational power and expand the capabilities of the aircraft. While companion computers bring enhanced capabilities to drone platforms, they also introduce cybersecurity concerns that pose risks to the integrity and security of their systems. For example, companion computers may have insufficient authentication and authorization controls. If an attacker has direct access to the companion computer, they may be able to tamper with the device, extract sensitive information, or implant malicious code. Similar to payloads, companion computers should be configured with proper access controls and the latest software and firmware versions.
Lastly, it is imperative to have physical security protections in place for drones and related equipment when not in use. If left unprotected, an attacker can compromise the system and its peripherals to accomplish their goals before the drone takes flight. UASs should be stored in facilities with physical security controls such as locks, entry and exit logging (badge swiping), and monitoring.
UAS Communication Security
A UAS relies on several communication protocols, such as the Micro Air Vehicle Link (MAVLink), Controller Area Network (CAN) bus, ZigBee, Bluetooth, Wi-Fi, and cellular protocols. MAVLink enables the exchange of information between the flight controller and ground station. The CAN bus protocol is used in drones for intra-vehicle communication. ZigBee is utilized for telemetry data transmission or as a backup communication channel. Bluetooth helps facilitate drone setup and configuration via a smartphone app. Wi-Fi allows communication between the drone and the pilot’s controller or smartphone. Cellular protocols provide drones with the means for high-speed data transmission, enabling real-time video streaming and telemetry, as well as command and control.
Despite their utility, UAS communication protocols also present cybersecurity risks during drone operations. Common risks include traffic sniffing where messages may reveal sensitive data like location and status; unencrypted data transmission since encryption isn’t yet built into drones by default; and susceptibility to spoofing and replay attacks where attackers can trick the system into accepting unauthorized commands or malicious connections. To mitigate these risks, operators should encrypt their communication using a virtual private network (VPN), select secure protocols like WPA3, and ensure secure pairing for wireless connections.
UAS Software and Firmware Security
Similar to computers, a UAS utilizes software and firmware to execute instructions that control the drone’s flight, payloads, and more. The aircraft firmware is the code running on the flight controller. Popular open-source firmware includes ArduPilot and PX4, both of which are designed for a variety of uncrewed systems. UAS software applications allow operators to interact with and control their drone system. Popular open-source GCS applications include Mission Planner and QGroundControl (QGC) that allow for easy programming of autonomous missions and monitoring the drone’s status while in operation.
Whether using open-source or proprietary solutions, software and firmware security are also important. Vulnerabilities in UAS software or firmware could potentially lead to unauthorized control of the drone, breaches of company data, or obstructed drone operations. For example, a significant risk is the exposure of application programming interface (API) keys, which are often used for software authentication and to access additional services. Exposed API keys can potentially enable attackers to gain unauthorized access to both the operator’s and manufacturer’s networks and achieve significant data exfiltration. It’s essential to keep UAS software and firmware up-to-date to protect against known exploitable vulnerabilities.
UAS Android Security
Smartphone and tablet controlled drones continue to be a popular trend, achieving a market valuation of $12 billion in 2023. Several drone components like the drone’s embedded operating system and GCS run on Android, which has a 71% global market share of mobile operating systems and is utilized by the top drone manufacturer, DJI, which currently dominates more than 70% of the global drone market. In 2023, Kaspersky also observed a 50% increase in attacks on mobile devices with a surge in Android malware activity. It’s therefore imperative to understand and take into account Android security vulnerabilities and how they affect the security posture of UASs and drone operations.
ConclusionAs drones increasingly take flight in both civilian and military domains, their dual-use nature underscores the critical need for a paradigm shift towards secure by design principles. This means integrating cybersecurity from the initial stages of UAS development, rather than treating it as an afterthought. Manufacturers, operators, and regulators must collaborate to establish robust security standards, promote secure coding practices, and foster a culture of cybersecurity awareness across the entire UAS ecosystem. Embracing a proactive, security-conscious approach will be paramount in harnessing the full potential of uncrewed technology while mitigating risks and ensuring a future where our skies remain both innovative and secure. To learn more about UAS and Android security, check out the publicly available Drone and Android Playbooks by Dark Wolf Solutions.
