Cloudy with a Chance of Drones

Stuart Hotchkiss
BSc Forensic Computing

During recent years Unmanned Aerial Vehicle (UAV) usage has grown in military and consumer fields. Whilst we hope that good security practices are being implemented into consumer drones, it seems that this may not be the case, giving the chance for attackers to exploit flaws in consumer drones. This project investigates Drones controlled via WI-FI that have a video feed used for the control of the UAV, as these seem to have a great susceptibility to hijack, jamming and spoofing attacks. It is assumed the video feeds are not protected by any type of encryption and are therefore vulnerable to hacking and/or spoofing. The project also explores whether owners of drones know of these flaws.

As  more and more businesses are investing use of Drones, this project highlights the impacts of the flaws to the businesses if these exploits are not mitigated. A brief pen test is conducted on a targeted drone that is widely used and recommended in the “Drone Community” giving a severity rating, and brief mitigation strategies are suggested for the findings.


This entry was posted in SC2018 and tagged , , , , , , . Bookmark the permalink.