Securing commercial WiFi-based UAVs from common security attacks

Abstract

We posit that commercial Wi-Fi-based unmanned aerial vehicles (UAV) are vulnerable to common and basic security attacks, capable by beginner to intermediate hackers. We do this by demonstrating that the standard ARDiscovery Connection process and the Wi-Fi access point used in the Parrot Bebop UAV are exploitable such that the UAV's ability to fly can be disrupted mid-flight by a remote attacker. We believe that these vulnerabilities are systemic in Wi-Fi-based Parrot UAVs. Our approach observed the normal operation (i.e., ARDiscovery Connection process over Wi-Fi) of the Parrot Bebop UAV. We then used a fuzzing technique to discover that the Parrot Bebop UAV is vulnerable to basic denial of service (DoS) and buffer-overflow attacks during its ARDiscovery Connection process. The exploitation of these vulnerabilities could result in catastrophic and immediate disabling of the UAV's rotors midflight. Also, we discovered that the Parrot Bebop UAV is vulnerable to a basic ARP (Address Resolution Protocol) Cache Poisoning attack, which can disconnect the primary mobile device user and in most cases cause the UAV to land or return home. Based on the literature and our own penetration testing, we assert that Wi-Fi-based commercial UAVs require a comprehensive security framework that utilizes a defense-in-depth approach. This approach would likely mitigate security risks associated with the three zero-day vulnerabilities described in this paper as well as other vulnerabilities reported in the literature. This framework will be effective for Parrot Wi-Fi-based commercial UAVs and likely others with similar platforms.