Investigation of the vulnerabilities of the Wi-Fi based drones and their suggested countermeasures
Abstract
Unmanned Aerial Vehicles, often called drones or abbreviated as UAVs, have been popularized and used by civilians for recreational use since the early 2000s. A majority of the entry level commercial drones on the market are based on a Wi-Fi connection with a controller, usually a smartphone. This makes them vulnerable to various Wi-Fi attacks, which are evaluated and tested in this thesis, specifically on the Phantom 3 standard drone. Several threats were identified through threat modelling, in which a set of them was selected for penetration testing. In this, the security problems of these UAV’s are being analysed and illustrated. It is demonstrated by exploiting the vulnerabilities like performing a Man in-the-Middle attack, and denial of service. The video stream of the drone will also make an attacker interested due to the availability of vital information, it possesses. Therefore, in this project a security threat analysis of UAV was done and analysed. Also, the work is mainly focused on different security vulnerabilities like the unencrypted cation link and simple password. The project also demonstrates the way through UAV can be hacked to hijack. The ultimate aim of this project is to teach the end-user of UAV’s describing the security vulnerabilities in it and also to make the UAV be secured from unauthorized access. This is done in order to answer the research question: How vulnerable are Wi-Fi drones against Wi-Fi based attacks?