| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:safeav:as:cybersec [2025/10/28 18:29] – [Table] pczekalski | en:safeav:as:cybersec [2025/10/29 07:53] (current) – ToDo checked: pczekalski |
|---|
| {{:en:iot-open:czapka_b.png?50| Bachelors (1st level) classification icon }} | {{:en:iot-open:czapka_b.png?50| Bachelors (1st level) classification icon }} |
| |
| <todo @pczekalski></todo> | <todo @pczekalski #pczekalski:2025-10-29></todo> |
| |
| Drones' cybersecurity covers all aspects of IT security systems, but due to their autonomous operations and the physical presence of potentially dangerous devices, they could have a far greater impact on outcomes, including life-threatening incidents. | Drones' cybersecurity covers all aspects of IT security systems, but due to their autonomous operations and the physical presence of potentially dangerous devices, they could have a far greater impact on outcomes, including life-threatening incidents. This is related to their physical presence, including commonly relatively high weight (compared to the human body), high operational speeds and thus large impact energy. |
| Below, we briefly describe the most important areas and list domain-specific challenges. UAV applications grow in both well-established and new environments, presenting unforeseen vulnerabilities. A compromise of a single device (e.g., a smart-enabled car on a highway) or multiple devices (e.g., a swarm of drones during a sky show) may have serious, even fatal, consequences not only for their users but also for others. | |
| |
| | Below, we briefly describe the most important areas and list domain-specific challenges. UAV applications grow in both well-established and new environments, presenting unforeseen vulnerabilities. A compromise of a single device (e.g., a smart-enabled car on a highway) or multiple devices (e.g., a swarm of drones during a show) may have serious, even fatal consequences, not only for their owners but also for others. This potential is being used massively during the war in Ukraine, which has been going on since 2022, where drones (UAV, UGV, USV) are one of the primary methods of attacks and defence.\\ |
| Autonomous systems vary in size and complexity, and thus differ in vulnerability to hacking and potential environmental harm in the event of compromise. Unauthorised access may have a dual nature and related consequences: | Autonomous systems vary in size and complexity, and thus differ in vulnerability to hacking and potential environmental harm in the event of compromise. Unauthorised access may have a dual nature and related consequences: |
| * hacking of an unmanaged system and its intentional use with a different target than formerly planned (e.g. flight plan change) - done usually via professional hackers that study the system and its vulnerabilities, | * hacking of an unmanaged system and its intentional use with a different target than formerly planned (e.g. flight plan change) - done usually via professional hackers that study the system and its vulnerabilities, |
| Both cases are raising serious dangers to life and property. | Both cases are raising serious dangers to life and property. |
| |
| Is this danger real? It is - in the table {{ref>table1}} we present a list of recent flying and ground vehicles comprising, | In the table {{ref>table1}}, we present a list of selected, recent incidents involving autonomous or semi-autonomous systems, with a short description. |
| |
| <table table1> | <table table1> |
| <caption>Recent cybersecurity incidents involving UAVs, AGVs and cars</caption> | <caption>Recent cybersecurity incidents involving UAVs, AGVs and cars</caption> |
| ^ **Date** ^ **Domain** ^ **Incident & Description** ^ **Key Takeaway** ^ | ^ **Date** ^ **Domain** ^ **Incident & Description** ^ |
| | **Jul 2015** | Consumer cars | Researchers Charlie Miller & Chris Valasek remotely hacked a Jeep Cherokee (via its Uconnect infotainment system) while the car was on a public highway, taking control of A/C, radio, wipers, transmission and braking. [[https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?utm_source=chatgpt.com|Wired]] | Even mainstream connected vehicles can be remotely controlled if infotainment systems are exposed to the network. | | | **Jul 2015** | Consumer cars | Researchers Charlie Miller & Chris Valasek remotely hacked a Jeep Cherokee (via its Uconnect infotainment system) while the car was on a public highway, taking control of A/C, radio, wipers, transmission and braking. [[https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/?utm_source=chatgpt.com|Wired]] | |
| | **Aug 2015** | Consumer cars | Fiat Chrysler recalled about 1.4 million vehicles after the remote-hack demonstration on the Jeep Cherokee. [[https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix?utm_source=chatgpt.com|Wired]] | Car hacking led to real industry response; shows regulatory and industry shift. | | | **Aug 2015** | Consumer cars | Fiat Chrysler recalled about 1.4 million vehicles after the remote-hack demonstration on the Jeep Cherokee. [[https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix?utm_source=chatgpt.com|Wired]] | |
| | **Aug 2015** | Consumer UAVs | Researchers demonstrated that the Parrot AR.Drone/Bebop could be hijacked via open Wi-Fi or telnet ports and remotely crashed. [[https://arstechnica.com/information-technology/2015/08/parrot-drones-easily-taken-down-or-hijacked-researchers-demonstrate/?utm_source=chatgpt.com|Ars Technica]] | Even low-cost UAVs have weak security, foreshadowing risks for more critical systems. | | | **Aug 2015** | Consumer UAVs | Researchers demonstrated that the Parrot AR.Drone/Bebop could be hijacked via open Wi-Fi or telnet ports and remotely crashed. [[https://arstechnica.com/information-technology/2015/08/parrot-drones-easily-taken-down-or-hijacked-researchers-demonstrate/?utm_source=chatgpt.com|Ars Technica]] | |
| | **Dec 2013** | Consumer UAVs | “SkyJack” drone built on a Raspberry Pi hijacks nearby Parrot AR Drones; can exploit unsecured Wi-Fi. [[https://arstechnica.com/information-technology/2013/12/flying-hacker-contraption-hunts-other-drones-turns-them-into-zombies/?utm_source=chatgpt.com|Ars Technica]] | Demonstrates swarm/hijack risk of UAVs in proximity or shared networks. | | | **Dec 2013** | Consumer UAVs | “SkyJack” drone built on a Raspberry Pi hijacks nearby Parrot AR Drones; can exploit unsecured Wi-Fi. [[https://arstechnica.com/information-technology/2013/12/flying-hacker-contraption-hunts-other-drones-turns-them-into-zombies/?utm_source=chatgpt.com|Ars Technica]] | |
| | **Nov 2024** | Military UAVs | Ukraine reportedly spoofed GNSS of Russian attack drones (Shahed) to divert dozens into Belarus/Russia. [[https://www.euronews.com/my-europe/2024/12/04/lost-and-spoofed-how-ukraine-redirects-russian-drones-to-belarus?utm_source=chatgpt.com|Euronews]] | Navigation/GNSS spoofing is operationally effective and low-cost in warfare. | | | **Nov 2024** | Military UAVs | Ukraine reportedly spoofed GNSS of Russian attack drones (Shahed) to divert dozens into Belarus/Russia. [[https://www.euronews.com/my-europe/2024/12/04/lost-and-spoofed-how-ukraine-redirects-russian-drones-to-belarus?utm_source=chatgpt.com|Euronews]] | |
| | **Sep 2023** | Research-class UGV | Researchers injected “Command Injection” and “ARP spoofing” into a ROS2 UGV test-bed to collect malicious/benign data. [[https://arxiv.org/abs/2311.14496?utm_source=chatgpt.com|arXiv]] | Ground vehicles using ROS2 or similar frameworks are vulnerable to network and command attacks. | | | **Sep 2023** | Research-class UGV | Researchers injected “Command Injection” and “ARP spoofing” into a ROS2 UGV test-bed to collect malicious/benign data. [[https://arxiv.org/abs/2311.14496?utm_source=chatgpt.com|arXiv]] | |
| | **Aug 2020** | Consumer cars | Security researchers found bugs in the telematics system of the Mercedes-Benz E-Class, allowing remote unlocking and engine start. [[https://techcrunch.com/2020/08/06/security-bugs-mercedes-benz-hack/?utm_source=chatgpt.com|TechCrunch]] | High-end vehicles also face remote attack risks via telematics and cloud connectivity. | | | **Aug 2020** | Consumer cars | Security researchers found bugs in the telematics system of the Mercedes-Benz E-Class, allowing remote unlocking and engine start. [[https://techcrunch.com/2020/08/06/security-bugs-mercedes-benz-hack/?utm_source=chatgpt.com|TechCrunch]] | |
| </table> | </table> |
| |
| | Cybersecurity for drones includes all their components (hardware and software), procedures, and operations. Below is in a table {{ref>table2}}, there is a short list of those components with characteristics: |
| |
| | <table table2> |
| | <caption>Drone cybersecurity components</caption> |
| | ^ Area ^ Short Explanation ^ |
| | | Electronics Security | Protection of onboard hardware against tampering, spoofing, physical intrusion, electromagnetic interference, and unauthorised modifications. | |
| | | Firmware Security | Secure bootloaders, signed firmware, controlled update mechanism, and protection against malicious code injection. | |
| | | Communication Security | Encryption, authentication, anti-jamming, anti-spoofing, and integrity protection of telemetry, C2 links, and video feeds. | |
| | | Control System Security | Hardening of flight control logic, autopilot algorithms, ground station software, and mission planning tools to avoid unauthorised takeover. | |
| | | Operational Safety & Procedures | Secure operator authentication, logging, geofencing, pre-flight checks, and safe mission rules to reduce human-factor risk. | |
| | | Sensor Security | Protection of GPS, IMU, cameras, LiDAR, and barometers from spoofing, jamming, blinding, or data manipulation attacks. | |
| | | Payload Security | Ensuring attached cameras, delivery modules, or sensors cannot be hijacked, misused, or leak data. | |
| | | Cloud / Backend Security | Hardening remote servers, APIs, fleet-management dashboards, and databases against breaches or unauthorised access. | |
| | | Supply Chain Security | Verification of trusted hardware vendors, protection against backdoored components, counterfeit parts, or tampered devices. | |
| | | Data Security & Privacy | Encryption at rest and in transit, secure storage, access control, and compliance with data protection laws. | |
| | | GNSS & Navigation Security | GPS anti-spoofing, anti-jamming, inertial backups, redundant navigation sources, and trust scoring for position data. | |
| | | Power & Battery Safety | Protection from sabotage of batteries or power systems, overload attacks, and unsafe discharge caused by malicious commands. | |
| | | Physical Security / Anti-Tamper | Tamper-evident housings, secure key storage, self-wipe triggers for sensitive data, and resistance to physical compromise. | |
| | | Redundancy, Fail-safe & Recovery | Secure fallback communication, Return-to-Home, autonomous landing, and crash-safe modes under attack or failure. | |
| | | Regulatory Compliance | Meeting aviation cybersecurity standards, radio spectrum rules, Remote ID compliance, and safety certification. | |
| |
| | </table> |
| |
| | Technically, drones are a blend of robotics and ICT and thus pose domain-specific cybersecurity challenges and threats, which we juxtapose in the table {{ref>table3}} along with estimates of potential impact and mitigation strategies. Many of them are identical or similar to the embedded systems, AI and IoT domains. |
| |
| General concepts of security. Areas to be covered: | <table table3> |
| * electronics | <caption> Domain-specific vulnerabilities, threats and their mitigation strategies</caption> |
| * firmware | ^ **Category** ^ **Attack / Threat Type** ^ **Impact** ^ **Mitigation Strategies** ^ |
| * communication | | **Communication & Control Links** | Jamming (RF denial) | Loss of command/control, mission abortion | Frequency hopping, spread-spectrum communications, redundancy (LTE/SAT backup) | |
| * control section | | ::: | Spoofing (GPS/Command) | UAV hijacking or route deviation | Encrypted control channels, GNSS authentication, sensor fusion for validation | |
| * operations safety | | ::: | Eavesdropping | Leakage of telemetry or video | End-to-end encryption (AES, TLS), mutual authentication | |
| | | ::: | Man-in-the-Middle (MitM) | Command alteration or injection | Digital signatures, certificate-based identity, integrity verification | |
| Domain-specific cybersecurity challenges and threats. | | **Data Security** | Unencrypted transmission | Theft of mission data, privacy violation | Use of VPNs or secure links (TLS/DTLS), data minimisation | |
| | | ::: | Compromised onboard storage | Exposure of sensitive data after capture | Encrypted storage, self-wiping memory, tamper detection | |
| ^ **Category** ^ **Attack / Threat Type** ^ **Impact** ^ **Mitigation Strategies** ^ | | **Software & Firmware Integrity** | Malicious firmware updates | Persistent compromise, backdoors | Signed updates, secure boot, trusted update servers | |
| | **Communication & Control Links** | Jamming (RF denial) | Loss of command/control, mission abortion | Frequency hopping, spread-spectrum communications, redundancy (LTE/SAT backup) | | | ::: | Outdated software | Exploitable vulnerabilities | Regular patching, vulnerability scanning | |
| | | Spoofing (GPS/Command) | UAV hijacking or route deviation | Encrypted control channels, GNSS authentication, sensor fusion for validation | | | ::: | Malware infection | Unauthorized control or data theft | Air-gapped maintenance, USB/media controls, antivirus monitoring | |
| | | Eavesdropping | Leakage of telemetry or video | End-to-end encryption (AES, TLS), mutual authentication | | | **Navigation Systems** | GPS spoofing | False navigation, crash, or theft | Multi-sensor fusion (INS + GNSS + vision), anomaly detection | |
| | | Man-in-the-Middle (MitM) | Command alteration or injection | Digital signatures, certificate-based identity, integrity verification | | | ::: | GPS jamming | Position loss, uncontrolled drift | Anti-jam antennas, inertial backup navigation | |
| | **Data Security** | Unencrypted transmission | Theft of mission data, privacy violation | Use of VPNs or secure links (TLS/DTLS), data minimization | | | **Hardware & Supply Chain** | Hardware backdoors | Hidden persistent access | Supply chain vetting, component attestation, hardware testing | |
| | | Compromised onboard storage | Exposure of sensitive data after capture | Encrypted storage, self-wiping memory, tamper detection | | | ::: | Physical capture | Reverse engineering, key extraction | Encrypted memory, tamper-resistant enclosures, key rotation | |
| | **Software & Firmware Integrity** | Malicious firmware updates | Persistent compromise, backdoors | Signed updates, secure boot, trusted update servers | | | **Network & Cloud Systems** | Ground control compromise | Full UAV fleet takeover | Network segmentation, multi-factor authentication, IDS/IPS | |
| | | Outdated software | Exploitable vulnerabilities | Regular patching, vulnerability scanning | | | ::: | Cloud data breach | Exposure of telemetry or missions | Strong access control, encryption at rest/in transit, audit logs | |
| | | Malware infection | Unauthorized control or data theft | Air-gapped maintenance, USB/media controls, antivirus monitoring | | | ::: | API abuse | Unauthorized remote commands | API authentication, rate limiting, token-based access | |
| | **Navigation Systems** | GPS spoofing | False navigation, crash, or theft | Multi-sensor fusion (INS + GNSS + vision), anomaly detection | | | **AI & Autonomy** | Adversarial AI input | Misclassification, unsafe actions | Robust AI training, adversarial testing, sensor redundancy | |
| | | GPS jamming | Position loss, uncontrolled drift | Anti-jam antennas, inertial backup navigation | | | ::: | Model poisoning | Manipulated learning behavior | Secure dataset curation, signed models, anomaly detection | |
| | **Hardware & Supply Chain** | Hardware backdoors | Hidden persistent access | Supply chain vetting, component attestation, hardware testing | | | **System Resilience** | Single points of failure | System-wide outage | Distributed control, redundant communication paths | |
| | | Physical capture | Reverse engineering, key extraction | Encrypted memory, tamper-resistant enclosures, key rotation | | | ::: | Poor fail-safe design | Crashes during disruption | Secure failover modes, autonomous return-to-base logic | |
| | **Network & Cloud Systems** | Ground control compromise | Full UAV fleet takeover | Network segmentation, multi-factor authentication, IDS/IPS | | | **Regulatory & Standards** | Lack of standards | Inconsistent security posture | Adoption of DO-326A / NIST frameworks, international harmonization | |
| | | Cloud data breach | Exposure of telemetry or missions | Strong access control, encryption at rest/in transit, audit logs | | | ::: | Weak certification | Deployment of insecure UAVs | Third-party audits, mandatory penetration testing | |
| | | API abuse | Unauthorized remote commands | API authentication, rate limiting, token-based access | | | **Human Factors** | Operator credential theft | Unauthorized UAV access | Multi-factor authentication, training, credential hygiene | |
| | **AI & Autonomy** | Adversarial AI input | Misclassification, unsafe actions | Robust AI training, adversarial testing, sensor redundancy | | | ::: | Insider threats | Intentional sabotage or leakage | Role-based access, behavior monitoring, background checks | |
| | | Model poisoning | Manipulated learning behavior | Secure dataset curation, signed models, anomaly detection | | </table> |
| | **System Resilience** | Single points of failure | System-wide outage | Distributed control, redundant communication paths | | |
| | | Poor fail-safe design | Crashes during disruption | Secure failover modes, autonomous return-to-base logic | | |
| | **Regulatory & Standards** | Lack of standards | Inconsistent security posture | Adoption of DO-326A / NIST frameworks, international harmonization | | |
| | | Weak certification | Deployment of insecure UAVs | Third-party audits, mandatory penetration testing | | |
| | **Human Factors** | Operator credential theft | Unauthorized UAV access | Multi-factor authentication, training, credential hygiene | | |
| | | Insider threats | Intentional sabotage or leakage | Role-based access, behavior monitoring, background checks | | |
| | |
| | |
| Good practices. | |
| |
