• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Security
  • Hacking drones by exploiting design flaws

Hacking drones by exploiting design flaws

Pierluigi Paganini October 04, 2015

At the Virus Bulletin 2015 conference, the security researcher Oleg Petrovsky detailed methods that can be used to hack drones with pre-programmed routes.

The drone industry is growing at a rapid pace, the aerospace research company Teal Group estimated that sales of military and civilian drones will total over $89 billion in the next 10 years. The possible fields of application for UAVs are unlimited in both military and civil industries.

The rapid diffusion of drones raises many concerns related to their security and the threat they could represent to the privacy.

We have discussed several times about the possibility to hack these complex systems and related consequences.

At the Virus Bulletin 2015 conference, the security researcher Oleg Petrovsky of HP Security Research detailed methods that can be used to hack the unmanned aerial vehicles (UAVs).

Oleg Petrovsky demonstrated how to hack a drone by targeting its flight controller, the expert has analyzed the controllers for various multi-rotor drones and discovered various of weaknesses that could be exploited in cyber attacks.

Despite there are numerous models of drones available on the market, they usually are composed of the same basic components, including motors, batteries, sensors, a GPS unit, a gyroscope, a remote control radio receiver, electronic speed controllers (ESC), and the flight controller.

Petrovsky focused its research on attacks targeting the flight controller, which are systems composed of several sensors and a processing unit.

The majority of drones uses the same flight controllers such as the ArduPilotMega (APM) and Pixhawk from 3D Robotics, MultiWii, OpenPilot, and DJI Naza.

A potential attacker can focus its efforts in hacking these controllers in order to target a wide range of models.

Petrovsky utilized for its test an ArduPilotMega (APM) flight controller on a drone built by himself and a Mission Planner, which is a ground station application.

drones mission planner

The researcher detailed the following attack scenarios against drones with pre-programmed routes using the ground station software:

  1. Capturing, modifying, and injecting a data stream into a telemetry link connection over a serial port.
  2. Spoofing the connection to the ground station to take complete control of the interface.

The ground station application is a crucial component of the flight of a drone, it enables communication with the aerial vehicle and allows the user to wirelessly control it.

The researcher highlighted the lack of authentication in the protocols used to remotely control the drones could be exploited by attackers to gain control of the vehicles.

The attacker can use a malicious software installed on the computer running the ground station to tap into the telemetry link.

The expert also explained that telemetry feeds for wireless remote data transmission, and monitoring of the drones could be easily intercepted and modified by attacks interfering with flight routes of the vehicle.

Petrovsky remarked that attacks he demonstrated aren’t caused by vulnerabilities in the system, rather he exploited design flaws in the UAV systems.

“Securing the firmware on embedded UAV modules, using secure bootloaders, and implementing authentication and encryption mechanisms,” could be some points that…

…an attacker can bypass any security measures, as nothing can be completely secured; similarly “Drones don’t necessarily have to be unhackable the goal should be to make them difficult and expensive to hack.” 

During his speech, Petrovsky showed how his drone’s propellers can easily shred a stack of papers even at half of the speed needed to take off from the ground.

“We have to realize that paying the cost for securing firmware and embedded devices upfront can prove much cheaper than trying to mitigate a disaster resulting from inadequate security measures — especially in the case of UAVs,” the researcher said.

Petrovsky also demonstrated attacks against bootloaders, which are not protected by mechanisms to secure the code such as the encryptions and digital signature of the firmware code.

Despite the numerous research conducted in hacking drones, Petrovsky explained that there aren’t significant improvements for the security of drones because there haven’t been any real-world attacks on commercial vehicles.

Pierluigi Paganini

(Security Affairs – drones hacking, security)


facebook linkedin twitter

you might also like

Pierluigi Paganini August 20, 2025
DOJ takes action against 22-year-old running RapperBot Botnet
Read more
Pierluigi Paganini August 20, 2025
Google fixed Chrome flaw found by Big Sleep AI
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    DOJ takes action against 22-year-old running RapperBot Botnet

    Cyber Crime / August 20, 2025

    Google fixed Chrome flaw found by Big Sleep AI

    Security / August 20, 2025

    Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

    Data Breach / August 20, 2025

    A hacker tied to Yemen Cyber Army gets 20 months in prison

    Cyber Crime / August 20, 2025

    Exploit weaponizes SAP NetWeaver bugs for full system compromise

    Security / August 20, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT