A systematic approach for threat and vulnerability analysis of unmanned aerial vehicles

Abstract

The proliferation of Unmanned Aerial Vehicles (UAVs) is expected to experience a substantial rise in the next years, driven by their ever-increasing application across various domains. However, ensuring secure communication between UAVs and their ground stations is crucial to prevent the unauthorized disclosure of sensitive information that could jeopardize the mission’s integrity when exploited by malicious actors. Despite this importance, several UAV systems currently operate based on open-source command and control technologies, which have overlooked several security considerations while focusing on availability and safety. To address this concern, this study conducts a comprehensive security assessment of UAV-based systems starting with a systematic literature review whose main purpose is building a comprehensive catalog of threats associated with this technology. Particular attention has been paid to the MAVlink protocol, an open-source protocol commonly utilized for telemetry and command and control for multiple UAVs. Therefore, drawing upon the built catalog, a threat modeling and penetration testing technique has been employed to examine the MAVlink implementation on a real UAV. A threat model developed for a specific case study is also presented, leading to the discovery of four new vulnerabilities, some of which were successfully exploited through attacks. By shedding light on these vulnerabilities, this work seeks to encourage further investigation and research to develop robust security mechanisms for UAV communication systems. It is imperative to address these vulnerabilities proactively to enhance the overall security posture and safeguard against potential threats in the UAV ecosystem.