Drone Security and Fault Injection Attacks is a paper by Gabriel Gonzalez.

IOActive conducted a comprehensive exploration into the potential for achieving code execution on a commercially available drone. Their research focused on utilizing non-invasive techniques, including electromagnetic (EM) side-channel attacks and EM fault injection (EMFI), to exploit publicly disclosed vulnerabilities. The objective was to assess the feasibility of compromising devices with no known vulnerabilities, employing a completely black-box approach.

DJI, a well-established manufacturer known for prioritizing security in their products, was selected as the target for this investigation. DJI implements various security measures such as signed and encrypted firmware, Trusted Execution Environment (TEE), and Secure Boot. IOActive conducted the research within a controlled environment to assess the impact of side-channel attacks and EMFI techniques.

The findings demonstrated that it is indeed possible to compromise the targeted device by injecting a specific EM glitch during a firmware update, thereby enabling an attacker to gain code execution on the primary processor. This access would allow unauthorized entry into the Android OS, which forms the core functionality of the drone.

This paper covers IOActive’s work in setting up a platform for launching side-channel and fault injection attacks using a commercially available UAV. We describe how we developed a threat model, selected a preliminary target, and prepared the components for an attack.

Publication Date: June 2023

Drone Security and Fault Injection Attacks contains the following major sections:

  • Introduction
  • Attack Surface
  • Technical Background
  • First Approach
  • Second Approach
  • Future Work
  • Mitigations
  • Appendix A- Additional Information
  • Appendix B- Java Code
  • Appendix C- FIPY Controller Code

C-UAS Hub does not own this content and provides a link for users at the bottom of the page to access the document in its original location. This allows the author(s) to track essential metrics related to their work. All credit goes to its rightful owner.

Author:  Gabriel Gonzalez

For additional multimedia resources, please visit the Multimedia Library.

Stay on top of industry news, developments, resources and articles- Sign up for a free C-UAS Hub Membership to bookmark your favorite content and receive the weekly newsletter and important industry updates!