| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:safeav:as:cybersec [2025/10/28 18:22] – pczekalski | en:safeav:as:cybersec [2025/10/29 07:53] (current) – ToDo checked: pczekalski |
|---|
| {{:en:iot-open:czapka_b.png?50| Bachelors (1st level) classification icon }} | {{:en:iot-open:czapka_b.png?50| Bachelors (1st level) classification icon }} |
| |
| <todo @pczekalski></todo> | <todo @pczekalski #pczekalski:2025-10-29></todo> |
| |
| Drones' cybersecurity covers all aspects of IT security systems, but due to their autonomous operations and the physical presence of potentially dangerous devices, they could have a far greater impact on outcomes, including life-threatening incidents. | Drones' cybersecurity covers all aspects of IT security systems, but due to their autonomous operations and the physical presence of potentially dangerous devices, they could have a far greater impact on outcomes, including life-threatening incidents. This is related to their physical presence, including commonly relatively high weight (compared to the human body), high operational speeds and thus large impact energy. |
| Below, we briefly describe the most important areas and list domain-specific challenges. UAV applications grow in both well-established and new environments, presenting unforeseen vulnerabilities. A compromise of a single device (e.g., a smart-enabled car on a highway) or multiple devices (e.g., a swarm of drones during a sky show) may have serious, even fatal, consequences not only for their users but also for others. | |
| |
| | Below, we briefly describe the most important areas and list domain-specific challenges. UAV applications grow in both well-established and new environments, presenting unforeseen vulnerabilities. A compromise of a single device (e.g., a smart-enabled car on a highway) or multiple devices (e.g., a swarm of drones during a show) may have serious, even fatal consequences, not only for their owners but also for others. This potential is being used massively during the war in Ukraine, which has been going on since 2022, where drones (UAV, UGV, USV) are one of the primary methods of attacks and defence.\\ |
| Autonomous systems vary in size and complexity, and thus differ in vulnerability to hacking and potential environmental harm in the event of compromise. Unauthorised access may have a dual nature and related consequences: | Autonomous systems vary in size and complexity, and thus differ in vulnerability to hacking and potential environmental harm in the event of compromise. Unauthorised access may have a dual nature and related consequences: |
| * hacking of an unmanaged system and its intentional use with a different target than formerly planned (e.g. flight plan change) - done usually via professional hackers that study the system and its vulnerabilities, | * hacking of an unmanaged system and its intentional use with a different target than formerly planned (e.g. flight plan change) - done usually via professional hackers that study the system and its vulnerabilities, |
| Both cases are raising serious dangers to life and property. | Both cases are raising serious dangers to life and property. |
| |
| Is this danger real? | In the table {{ref>table1}}, we present a list of selected, recent incidents involving autonomous or semi-autonomous systems, with a short description. |
| |
| General concepts of security. Areas to be covered: | <table table1> |
| * electronics | <caption>Recent cybersecurity incidents involving UAVs, AGVs and cars</caption> |
| * firmware | ^ **Date** ^ **Domain** ^ **Incident & Description** ^ |
| * communication | | **Jul 2015** | Consumer cars | Researchers Charlie Miller & Chris Valasek remotely hacked a Jeep Cherokee (via its Uconnect infotainment system) while the car was on a public highway, taking control of A/C, radio, wipers, transmission and braking. [[https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?utm_source=chatgpt.com|Wired]] | |
| * control section | | **Aug 2015** | Consumer cars | Fiat Chrysler recalled about 1.4 million vehicles after the remote-hack demonstration on the Jeep Cherokee. [[https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix?utm_source=chatgpt.com|Wired]] | |
| * operations safety | | **Aug 2015** | Consumer UAVs | Researchers demonstrated that the Parrot AR.Drone/Bebop could be hijacked via open Wi-Fi or telnet ports and remotely crashed. [[https://arstechnica.com/information-technology/2015/08/parrot-drones-easily-taken-down-or-hijacked-researchers-demonstrate/?utm_source=chatgpt.com|Ars Technica]] | |
| | | **Dec 2013** | Consumer UAVs | “SkyJack” drone built on a Raspberry Pi hijacks nearby Parrot AR Drones; can exploit unsecured Wi-Fi. [[https://arstechnica.com/information-technology/2013/12/flying-hacker-contraption-hunts-other-drones-turns-them-into-zombies/?utm_source=chatgpt.com|Ars Technica]] | |
| | | **Nov 2024** | Military UAVs | Ukraine reportedly spoofed GNSS of Russian attack drones (Shahed) to divert dozens into Belarus/Russia. [[https://www.euronews.com/my-europe/2024/12/04/lost-and-spoofed-how-ukraine-redirects-russian-drones-to-belarus?utm_source=chatgpt.com|Euronews]] | |
| | | **Sep 2023** | Research-class UGV | Researchers injected “Command Injection” and “ARP spoofing” into a ROS2 UGV test-bed to collect malicious/benign data. [[https://arxiv.org/abs/2311.14496?utm_source=chatgpt.com|arXiv]] | |
| | | **Aug 2020** | Consumer cars | Security researchers found bugs in the telematics system of the Mercedes-Benz E-Class, allowing remote unlocking and engine start. [[https://techcrunch.com/2020/08/06/security-bugs-mercedes-benz-hack/?utm_source=chatgpt.com|TechCrunch]] | |
| | </table> |
| |
| Domain-specific cybersecurity challenges and threats. | Cybersecurity for drones includes all their components (hardware and software), procedures, and operations. Below is in a table {{ref>table2}}, there is a short list of those components with characteristics: |
| |
| ^ **Category** ^ **Attack / Threat Type** ^ **Impact** ^ **Mitigation Strategies** ^ | <table table2> |
| | **Communication & Control Links** | Jamming (RF denial) | Loss of command/control, mission abortion | Frequency hopping, spread-spectrum communications, redundancy (LTE/SAT backup) | | <caption>Drone cybersecurity components</caption> |
| | | Spoofing (GPS/Command) | UAV hijacking or route deviation | Encrypted control channels, GNSS authentication, sensor fusion for validation | | ^ Area ^ Short Explanation ^ |
| | | Eavesdropping | Leakage of telemetry or video | End-to-end encryption (AES, TLS), mutual authentication | | | Electronics Security | Protection of onboard hardware against tampering, spoofing, physical intrusion, electromagnetic interference, and unauthorised modifications. | |
| | | Man-in-the-Middle (MitM) | Command alteration or injection | Digital signatures, certificate-based identity, integrity verification | | | Firmware Security | Secure bootloaders, signed firmware, controlled update mechanism, and protection against malicious code injection. | |
| | **Data Security** | Unencrypted transmission | Theft of mission data, privacy violation | Use of VPNs or secure links (TLS/DTLS), data minimization | | | Communication Security | Encryption, authentication, anti-jamming, anti-spoofing, and integrity protection of telemetry, C2 links, and video feeds. | |
| | | Compromised onboard storage | Exposure of sensitive data after capture | Encrypted storage, self-wiping memory, tamper detection | | | Control System Security | Hardening of flight control logic, autopilot algorithms, ground station software, and mission planning tools to avoid unauthorised takeover. | |
| | **Software & Firmware Integrity** | Malicious firmware updates | Persistent compromise, backdoors | Signed updates, secure boot, trusted update servers | | | Operational Safety & Procedures | Secure operator authentication, logging, geofencing, pre-flight checks, and safe mission rules to reduce human-factor risk. | |
| | | Outdated software | Exploitable vulnerabilities | Regular patching, vulnerability scanning | | | Sensor Security | Protection of GPS, IMU, cameras, LiDAR, and barometers from spoofing, jamming, blinding, or data manipulation attacks. | |
| | | Malware infection | Unauthorized control or data theft | Air-gapped maintenance, USB/media controls, antivirus monitoring | | | Payload Security | Ensuring attached cameras, delivery modules, or sensors cannot be hijacked, misused, or leak data. | |
| | **Navigation Systems** | GPS spoofing | False navigation, crash, or theft | Multi-sensor fusion (INS + GNSS + vision), anomaly detection | | | Cloud / Backend Security | Hardening remote servers, APIs, fleet-management dashboards, and databases against breaches or unauthorised access. | |
| | | GPS jamming | Position loss, uncontrolled drift | Anti-jam antennas, inertial backup navigation | | | Supply Chain Security | Verification of trusted hardware vendors, protection against backdoored components, counterfeit parts, or tampered devices. | |
| | **Hardware & Supply Chain** | Hardware backdoors | Hidden persistent access | Supply chain vetting, component attestation, hardware testing | | | Data Security & Privacy | Encryption at rest and in transit, secure storage, access control, and compliance with data protection laws. | |
| | | Physical capture | Reverse engineering, key extraction | Encrypted memory, tamper-resistant enclosures, key rotation | | | GNSS & Navigation Security | GPS anti-spoofing, anti-jamming, inertial backups, redundant navigation sources, and trust scoring for position data. | |
| | **Network & Cloud Systems** | Ground control compromise | Full UAV fleet takeover | Network segmentation, multi-factor authentication, IDS/IPS | | | Power & Battery Safety | Protection from sabotage of batteries or power systems, overload attacks, and unsafe discharge caused by malicious commands. | |
| | | Cloud data breach | Exposure of telemetry or missions | Strong access control, encryption at rest/in transit, audit logs | | | Physical Security / Anti-Tamper | Tamper-evident housings, secure key storage, self-wipe triggers for sensitive data, and resistance to physical compromise. | |
| | | API abuse | Unauthorized remote commands | API authentication, rate limiting, token-based access | | | Redundancy, Fail-safe & Recovery | Secure fallback communication, Return-to-Home, autonomous landing, and crash-safe modes under attack or failure. | |
| | **AI & Autonomy** | Adversarial AI input | Misclassification, unsafe actions | Robust AI training, adversarial testing, sensor redundancy | | | Regulatory Compliance | Meeting aviation cybersecurity standards, radio spectrum rules, Remote ID compliance, and safety certification. | |
| | | Model poisoning | Manipulated learning behavior | Secure dataset curation, signed models, anomaly detection | | |
| | **System Resilience** | Single points of failure | System-wide outage | Distributed control, redundant communication paths | | |
| | | Poor fail-safe design | Crashes during disruption | Secure failover modes, autonomous return-to-base logic | | |
| | **Regulatory & Standards** | Lack of standards | Inconsistent security posture | Adoption of DO-326A / NIST frameworks, international harmonization | | |
| | | Weak certification | Deployment of insecure UAVs | Third-party audits, mandatory penetration testing | | |
| | **Human Factors** | Operator credential theft | Unauthorized UAV access | Multi-factor authentication, training, credential hygiene | | |
| | | Insider threats | Intentional sabotage or leakage | Role-based access, behavior monitoring, background checks | | |
| |
| | </table> |
| |
| Good practices. | Technically, drones are a blend of robotics and ICT and thus pose domain-specific cybersecurity challenges and threats, which we juxtapose in the table {{ref>table3}} along with estimates of potential impact and mitigation strategies. Many of them are identical or similar to the embedded systems, AI and IoT domains. |
| | |
| | <table table3> |
| | <caption> Domain-specific vulnerabilities, threats and their mitigation strategies</caption> |
| | ^ **Category** ^ **Attack / Threat Type** ^ **Impact** ^ **Mitigation Strategies** ^ |
| | | **Communication & Control Links** | Jamming (RF denial) | Loss of command/control, mission abortion | Frequency hopping, spread-spectrum communications, redundancy (LTE/SAT backup) | |
| | | ::: | Spoofing (GPS/Command) | UAV hijacking or route deviation | Encrypted control channels, GNSS authentication, sensor fusion for validation | |
| | | ::: | Eavesdropping | Leakage of telemetry or video | End-to-end encryption (AES, TLS), mutual authentication | |
| | | ::: | Man-in-the-Middle (MitM) | Command alteration or injection | Digital signatures, certificate-based identity, integrity verification | |
| | | **Data Security** | Unencrypted transmission | Theft of mission data, privacy violation | Use of VPNs or secure links (TLS/DTLS), data minimisation | |
| | | ::: | Compromised onboard storage | Exposure of sensitive data after capture | Encrypted storage, self-wiping memory, tamper detection | |
| | | **Software & Firmware Integrity** | Malicious firmware updates | Persistent compromise, backdoors | Signed updates, secure boot, trusted update servers | |
| | | ::: | Outdated software | Exploitable vulnerabilities | Regular patching, vulnerability scanning | |
| | | ::: | Malware infection | Unauthorized control or data theft | Air-gapped maintenance, USB/media controls, antivirus monitoring | |
| | | **Navigation Systems** | GPS spoofing | False navigation, crash, or theft | Multi-sensor fusion (INS + GNSS + vision), anomaly detection | |
| | | ::: | GPS jamming | Position loss, uncontrolled drift | Anti-jam antennas, inertial backup navigation | |
| | | **Hardware & Supply Chain** | Hardware backdoors | Hidden persistent access | Supply chain vetting, component attestation, hardware testing | |
| | | ::: | Physical capture | Reverse engineering, key extraction | Encrypted memory, tamper-resistant enclosures, key rotation | |
| | | **Network & Cloud Systems** | Ground control compromise | Full UAV fleet takeover | Network segmentation, multi-factor authentication, IDS/IPS | |
| | | ::: | Cloud data breach | Exposure of telemetry or missions | Strong access control, encryption at rest/in transit, audit logs | |
| | | ::: | API abuse | Unauthorized remote commands | API authentication, rate limiting, token-based access | |
| | | **AI & Autonomy** | Adversarial AI input | Misclassification, unsafe actions | Robust AI training, adversarial testing, sensor redundancy | |
| | | ::: | Model poisoning | Manipulated learning behavior | Secure dataset curation, signed models, anomaly detection | |
| | | **System Resilience** | Single points of failure | System-wide outage | Distributed control, redundant communication paths | |
| | | ::: | Poor fail-safe design | Crashes during disruption | Secure failover modes, autonomous return-to-base logic | |
| | | **Regulatory & Standards** | Lack of standards | Inconsistent security posture | Adoption of DO-326A / NIST frameworks, international harmonization | |
| | | ::: | Weak certification | Deployment of insecure UAVs | Third-party audits, mandatory penetration testing | |
| | | **Human Factors** | Operator credential theft | Unauthorized UAV access | Multi-factor authentication, training, credential hygiene | |
| | | ::: | Insider threats | Intentional sabotage or leakage | Role-based access, behavior monitoring, background checks | |
| | </table> |
| |
