Tags:cyber-attacks, drone, system analysis and vulnerabilities
Abstract:
A drone is a complex hardware (HW) and software (SW) system that uses various wireless data transmission technologies (Wi-Fi, LTE, 5G, Bluetooth, etc.). To transfer data, it uses various communication protocols: both specific and generally known. Drones can use digital protocols and embedded systems such as I2C, SPI, Serial, CAN, 1-wire, etc. The flight controllers used in the drone: popular microcontrollers Atmega, STM (ARM), Intel Movidius, sometimes low voltage Intel/AMD x86/x64. Drones use communication protocols, operating systems (OS) in the control device, which are similar to other digital systems. Vulnerabilities of the drone's main subsystems (both HW and Sw) can be used by attackers to carry out cyber-attacks on them. Drones can perform complex tasks, and some cyber-attacks (for example, Denial-of-Services - DoS) can lead to the failure of individual components of the drone and the entire system. Guidelines for protecting against drone attacks are provided by many organizations that develop cyber-security standards (NIST, CERT, CISA, etc.). Measures to prevent cyber-attacks can be applied to drones, with some adjustments to their parameters and architectural features. There are also recommendations for protecting drone components and also methods of communication protocols protection from cyber-attacks. The authors of this study offer a comprehensive approach to the analysis of vulnerabilities of drone subsystems, which includes a system analysis of drone architecture, vulnerability analysis by different vulnerability databases, and their systematization. The purpose of this study: analysis and systematization of the most serious vulnerabilities of drone subsystems and cyber-attacks that can affect them, and recommendations for their prevention, detection and mitigation.
Analysis and Systematization of Vulnerabilities of Drone Subsystems