Attack on the drones: security vulnerabilities of unmanned aerial vehicles

Wednesday 30 September 14:00 - 14:30, Red room

Oleg Petrovsky (HP)

  download slides (PDF)

Recent advances in the manufacturing of lithium polymer-based batteries, brushless motors, electronic speed controllers, microelectromechanical sensors, and the availability of lighter and stronger composite materials, have driven what was only a little while ago the experimental field of multi-rotor aerial vehicle construction to become a mass-produced technology. As multi-rotors become ubiquitous, so increases the significance of their security against malicious attacks. What would it take for an aerial vehicle to lose control and become a malicious piece of equipment in the skies?

In this paper we will analyse configurations and controllers for various popular multi-rotor unmanned aerial vehicles (UAVs), in search of susceptibility to known and proof-of-concept security attacks.

The study will include analysis of existing malware attack claims and their validity when applied to the world's leading open-source UAV controllers. The controllers we will evaluate include a 3D Robotics ArduPilotMega (APM) system from 3D Robotics, PX4 flight stack, Pixhawks autopilot module, and similar popular flight controllers widely adopted by the UAV industry.

The paper will examine the attack surfaces of existing UAV platforms as exhibited by their different functional modules - software, firmware, hardware, controls, and their environment. Possible future attack scenarios will be considered, as well as ways to potentially harden this category of devices against such attacks.

Click here for more details about the conference.

Oleg Petrovsky

Oleg Petrovsky

Oleg Petrovsky currently works as a senior AV researcher at HP Security research where he is involved in the analysis and mitigation of newly discovered malware trends. His work covers automated malware analysis, data clustering, visualization and security of embedded systems. Oleg holds a Master of Engineering degree in Industrial Electronics from Odessa State Polytechnic University. He started his AV career in 1995, first working for CYBEC, supporting the VET anti-virus product. In 1999 he joined Computer Associates, and in 2007 began working as a senior AV researcher in the Microsoft Malware Protection Centre. In March 2014 he joined HP Security Research. Throughout his career Oleg has concentrated on analysis and protection against malware, developing AV tools and conducting research on emerging malware trends. Oleg has authored patent applications, publications for Virus Bulletin, malware research blogs and malware descriptions and has presented at a number of security conferences. His interests include reverse engineering, analysis of advanced persistent threats, embedded systems design, Unmanned Aerial Vehicles (UAV) and industrial controllers' firmware security. When he is not busy with work he can be found playing guitar or hanging from the bouldering wall of a local climbing gym.