A Study on the Methodology of Finding Vulnerabilities to Reduce the Damage of Drone Security Accidents
Basic Configuration
- Drone Board: Fixhawk is widely used for large/special purpose drones, so Fixhawk 4 boards are used for research.
- Electronic speed control: Electronic speed control is used to control motor speed.
- Motor/Propeller: Motor has a fixed rotation direction and is divided according to the presence or absence of a brush.
- Battery: The output of the motor is determined by the number of cells.
- Charger: The motor does not work without a battery.
Additional Configuration for Flight
- GPS & Compass: Provide location information.
- Transmitter, Receiver: Generally, 2.4GHz band are used.
- Telemetry: The location and state of the drone are provided to a PC on the ground, using a 915 MHz or 433 MHz wireless channel.
- Frame: Fixing the boards and sensors.
- Operating System(OS)
- Managing the drone's system hardware and applications.
- Ground Control Station(GCS)
- Controlling drones on the ground.
- e.g.) QGroundControl, Misson Planner, etc.
- Micro Air Vehicke Link(MAVLink)
- Protocol for Communicating with small unmanned vehicle.
- Deodorization
- Eavesdropping and Filming
- Construction: Casualty
- Agriculture: Crop or Economic Damage
- Military: Crime, Terrorism, etc.
It targets both open and closed sources used in drones.
Hardware has selected devices that are compatible with the software.
- Sensors for Instrumentation
- RC Communications
- Flight controller software(PX4, Ardupilot)
- OS(Nuttx)
- GCS(QGroundControl, Mission Planner)
We aimed to explore new vulnerabilities and verify existing threat scenarios to improve the security of drone platforms.
Existing threat scenarios have verified vulnerabilities by attempting attacks on hardware such as major sensors and modules.
- The method was classified as Non-Compromised because it could attack from outside without specific conditions.
The new vulnerability search verifies the vulnerability by attempting an attack with the drone/GCS in control.
- When attacking drones, it is assumed that the GCS is in control.
- When attacking the GCS, it is assumed that the drone is in control.
When an attack is possible from outside without any set conditions.
When the drone's network is accessible.
- Making a hacking scenario.
- Report on vulnerabilities, issue CVE.
- Extracting Guideline.
- contribution to a paper.