Philip Craiger, CoPI of NCyTE and Associate Professor of Cybersecurity in the Department of Security Studies and International Affairs at Embry-Riddle Aeronautical University has created a multi-part video series on small unmanned aerial system (sUAS or "drone") cybersecurity. These videos discuss: commercial uses of drones; potential cyber threats; cybersecurity vulnerabilities and penetration testing of a drone. Available at the NCyTE Center YouTube Channel or view them here using the links below:
The Federal Aviation Administration (FAA) predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 7 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as ‘drones,’ are comprised of aeronautical hardware, a CPU, RAM, onboard storage, Wi-Fi or radio frequency communication links, sensors, a camera, and a controller used by the pilot-in-command. Some have suggested that a drone is essentially a flying computer. As such, drones are potentially susceptible to attacks that are often used on computers attached to a network. Potential attacks on drones include de-authentication (i.e., terminating the link between the drone and controller); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications link; and contaminating the drone’s geofencing mechanism. The result of these types of attacks include: theft of the drone; flying the drone into sensitive/off-limits areas; purposefully crashing the drone to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data). In this presentation we will discuss cybersecurity vulnerability testing of a commercial-off-the-shelf drone, and describe the successful attacks against the system.