Consumer UAV Cybersecurity Vulnerability Assessment Using Fuzzing Tests
share
Unmanned Aerial Vehicles (UAVs) are remote-controlled vehicles capable of flight and are present in a variety of environments from military operations to domestic enjoyment. These vehicles are great assets, but just as their pilot can control them remotely, cyberattacks can be executed in a similar manner. Cyber attacks on UAVs can bring a plethora of issues to physical and virtual systems. Such malfunctions are capable of giving an attacker the ability to steal data, incapacitate the UAV, or hijack the UAV. To mitigate such attacks, it is necessary to identify and patch vulnerabilities that may be maliciously exploited. In this paper, a new UAV vulnerability is explored with related UAV security practices identified for possible exploitation using large streams of data sent at specific ports. The more in-depth model involves strings of data involving FTP-specific keywords sent to the UAV's FTP port in the form of a fuzzing test and launching thousands of packets at other ports on the UAV as well. During these tests, virtual and physical systems are monitored extensively to identify specific patterns and vulnerabilities. This model is applied to a Parrot Bebop 2, which accurately portrays a UAV that had their network compromised by an attacker and portrays many lower-end UAV models for domestic use. During testings, the Parrot Bebop 2 is monitored for degradation in GPS performance, video speed, the UAV's reactivity to the pilot, motor function, and the accuracy of the UAV's sensor data. All these points of monitoring give a comprehensive view of the UAV's reaction to each individual test. In this paper, countermeasures to combat the exploitation of this vulnerability will be discussed as well as possible attacks that can branch from the fuzzing tests.
READ FULL TEXT
