John Edwards of Semiconductor Engineering recently penned an article that explores the security risks associated with drones. The biggest drone threat of all, says Edwards, may turn out to be attacks made against the vehicles themselves.
“Drones, also known as UAVs (unmanned aerial vehicles) and UASs (unmanned aerial systems), need a variety of internal components to work effectively. The list includes MEMS (such as accelerometers, gyroscopes, magnetometers and pressure sensors), GPS modules, processors and digital radios,” he explained.
“Together, these components tell a drone where to go, how to orient itself and how to avoid collisions, among other things. Yet many of these same components can also be exploited to wrest control away from a drone’s authorized operator or onboard navigation system.”
Indeed, as Oleg Petrovsky, a senior research engineer at HP Enterprise Security Services points out, drones are typically packed with a wide variety of hardware modules, along with supporting software and firmware used for various configurations.
“Overall, each UAS has to have a flight controller, a receiver, electronic speed controllers, motors and, perhaps, a telemetry module,” he told SemiEngineering. “Each could be vulnerable to a number of physical and electronic type of attacks.”
Perhaps not surprisingly, Petrovsky has identified multiple security vulnerabilities, including using Mission Planner to capture, modify and insert a data stream into a telemetry link connection over a serial port. Another attack conducted by the security researcher involved spoofing the ground station link to assume full control of the interface. Telemetry feeds, says Petrovsky, can be transmitted via Wi-Fi, Bluetooth, ZigBee or a proprietary radio connection.
“Using telemetry and command feed attack methods, a malicious actor can, for instance, upload an arbitrary flight path to the drone,” he added.
According to Asaf Ashkenazi, a senior product management director in Rambus’ security division, drone threats are likely to increase unless effective security protocols are implemented.
“You will see more and more connected drones, or drones that are connected to a device that is connected to the internet,” he told the publication. “And once you have this link, you can attack the drones from anywhere in the world.”
Many semiconductor vendors, says Ashkenazi, are serious about adding security mechanisms to their silicon.
“To enable a security system, you can’t have just the silicon manufacturer involved. There needs to be collaboration with the drone manufacturers and the drone manufacturers have to have motivation to add security,” he concluded.
Interested in learning more? “Making Drones Secure” can be read on Semiconductor Engineering here.