drone – IOActive

I recently published the full technical details to the research in this IOActive whitepaper.

The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs.

IOActive has been researching the possibility of achieving code execution on a commercially available drone with significant security features using non-invasive techniques, such as electromagnetic (EM) side-channel attacks or EM fault injection (EMFI). For this work, we chose one of the most common drone models, DJI’s Mavic Pro. DJI is a well established manufacturer that emphasizes security in their products, such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot.

Read the IOActive Labs’ Blog

Gabriel Gonzalez, IOActive Director of Hardware Security presents full technical detail of his research into drone security and side-channel/fault injection attacks in this whitepaper.

This paper covers IOActive’s work in setting up a platform for launching side-channel and fault injection attacks using a commercially available UAV. We describe how we developed a threat model, selected a preliminary target, and prepared the components for attack, as well as discussing what we hoped to achieve and the final result of the project.

Get the Whitepaper

Tag: drone

Drone Security and Fault Injection Attacks | Gabriel Gonzalez | IOActive Labs Blog

Drone Security and Fault Injection Attacks | Gabriel Gonzalez