Recent advances in the manufacturing of lithium polymer-based batteries, brushless motors, electronic speed controllers, microelectromechanical sensors, and the availability of lighter and stronger composite materials, have driven what was only a little while ago the experimental field of multi-rotor aerial vehicle construction to become a mass-produced technology. As multi-rotors become ubiquitous, so increases the significance of their security against malicious attacks. What would it take for an aerial vehicle to lose control and become a malicious piece of equipment in the skies?
In this paper we will analyse configurations and controllers for various popular multi-rotor unmanned aerial vehicles (UAVs), in search of susceptibility to known and proof-of-concept security attacks.
The study will include analysis of existing malware attack claims and their validity when applied to the world's leading open-source UAV controllers. The controllers we will evaluate include a 3D Robotics ArduPilotMega (APM) system from 3D Robotics, PX4 flight stack, Pixhawks autopilot module, and similar popular flight controllers widely adopted by the UAV industry.
The paper will examine the attack surfaces of existing UAV platforms as exhibited by their different functional modules - software, firmware, hardware, controls, and their environment. Possible future attack scenarios will be considered, as well as ways to potentially harden this category of devices against such attacks.