Drone Testing Framework in India for Security Vulnerabilities
Drone Testing Framework in India for Security Vulnerabilities
India’s Defence Sector is at a crucial juncture, focusing heavily on achieving self reliance and indigenisation in critical technologies. Recent conflicts and global incidents have indicated the significance of drone and counter drone systems, which are now playing a transformative role in warfare. Insecure drones, however, will pose a significant risk to national security. Drones could have vulnerabilities that enable data theft or facilitate network compromises. Vulnerability identification and mitigation therefore, requires careful consideration to reduce potential risk to operations, networks and sensitive information. Previously many companies were debarred from Army Tenders for giving false information.
Government of India has devised a framework for testing Drones in India . All the critical components will be tested in India for various vulnerabilities . Critical components like Flight Controller, ESC, Remote Controller, Video Transmitter, GPS, Camera etc.
The testing and evaluation framework is applicable for Drones as defined vide HQ IDS letter No IDS/Ops/Jt Ops/2273 (Misc) dt 07 Feb 2023. Drones are defined as all Nano, Micro, Small Drones like quadcopters, hexacopters etc with varying operating ranges and endurance and flying at low altitudes. Primarily, the term, “Drone” will encompass all types of Low, Slow and Small (LSS) Drones. Government has repeatedly mentioned secure by design . India’s Drone policy was also published recently.
PART I: SYSTEM LEVEL VULNERABILITIES & IDENTIFICATION OF CRITICAL COMPONENTS
A. Avenues of Exploitation of Drone System by Adversaries
1. Drones can also be construed as Information and Communications Technology (ICT) devices capable of receiving and transmitting data. Each point of connection is a potential target that could be exploited to compromise operations and access sensitive information. Avenues of potential compromise include: –
1.1. Interception of Communication Links. Adversaries can eavesdrop on unencrypted communications between the drone and the Ground Control Station (GCS), allowing them to gather intelligence on drone operations, inject false commands, or take over control completely. This type of attack can be conducted using techniques such as Man-In-The-Middle (MITM) attacks or Software-Defined Radio (SDR) systems that can hijack the frequency used for communication.
1.2. GPS Jamming and Spoofing. Adversaries can use Global Positioning System (GPS) jamming devices to disrupt the GPS signals required for drone navigation. By jamming these signals, adversaries can force the drone into a failsafe mode, often resulting in its return to the home location or uncontrolled descent. Alternatively, GPS spoofing can be used to send fake GPS signals, tricking the drone into misinterpreting its location. This can be exploited to redirect a drone to a specific location or disrupt its mission.
1.3. Control Hijacking. Control hijacking involves taking unauthorised control of a drone. By exploiting vulnerabilities in communication links or by utilizing malware that has been planted in the drone’s firmware, adversaries can gain control over the drone’s navigation and payload. This form of attack can have severe consequences, particularly for military drones involved in reconnaissance or strike missions.
1.4. Data Exfiltration and Manipulation. Adversaries may attempt to exfiltrate data collected by drones, especially in scenarios involving surveillance or reconnaissance missions. This can be achieved through malware that captures data during transmission or by exploiting vulnerabilities in data storage components. Manipulating the data collected can lead to erroneous decision-making by operators, potentially causing mission failure or even loss of drone system.
1.5. Data Transfer and Collection on Internet. Drone devices controlled by smartphones and other internet-connected devices provide a path for data egress, allowing for intelligence gathering on critical infrastructure.
1.6. Patching and Firmware Updates. While ensuring that networkconnected devices are up to date with the latest patches and firmware is critical for the secure operation of any ICT device, updates controlled by foreign entities could introduce unknown data collection and transmission capabilities without the user’s awareness.
1.7. Broader Surface for Data Collection. As drones and their peripheral devices such as control stations are incorporated into a network, the potential for data collection and transmission increases (for example, Mission plan, flight path, communication protocols, sensitive imagery, surveying data, facility layouts etc). This new type of data collection can allow foreign adversaries to access previously inaccessible intelligence.
B.Drone Testing Framework Component Level Vulnerabilities
Drone system is categorised into three subsystems ie. Aerial systems, Ground Data Terminal and Ground Control Station. The vulnerabilities and challenges in critical components in these subsystems, which can be manipulated by the adversaries to take over the control of drone system are as given in succeeding paras.
Aerial System.
1. Electronic Speed Controller (ESC).
1.1. ESCs are programmable where programming means configuration. It is done via so called “cards”, separate (serial) ports.
1.2. If compromised, adversary will be able to control the speed of Brushless Direct Current (BLDC) motors through ESC, which may be manipulated and change the speed of propellers. This could lead to malfunctioning of motors and eventually loss of aerial vehicle.
2.2. Flight Controller (FC).
2.2.1. Flight Controller manages the drone operations, implementing actions necessary to perform flight and introduce commands.
2.2.2. The design of the microchip controller inside the flight controller can be tampered and eventually manipulated during the operation of drone.
2.2.3. Further control of other sensors and payloads of the system can be handled by the adversary.
3.3. Flight Controller Firmware.
3.3.1. Dedicated FCs are pre-configured for particular drone model and version and usually cannot control another model / frame. They are prone to being hacked. Adversary may replace firmware and manipulate FC causing instability and even loss of drone.
3.3.2. Malware or firmware backdoors can allow attackers to take control of the drone, disrupt its operations, or even extract sensitive data. Compromised firmware could enable adversaries to bypass encryption and inject malicious commands eventually leading to leakage of secured data.
3.4. Transmission & Reception (Tx & Rx) Unit.
3.4.1. Drone communication links, which include connections between the drone and its Ground Control Station (GCS), are a prime target for adversaries. Drone Testing policy will change the entire eco system in India. Many companies will be blacklisted and debarred in India.
3.4.2. Rx & Tx units are used to remotely control Unmanned Aerial Vehicle (UAV) as well as switch flight modes and even upload ad hoc flight plan through uplink and downlinks. Tx & Rx are Wireless and Frequency Modulation (FM) based, which can be breached.
3.4.3. Weak encryption, insufficient authentication, or unprotected protocols can allow attackers to intercept, jam or spoof signals.
3.5. Inertial Navigation System (INS) / Global Positioning System (GPS).
3.5.1. Jamming of INS/ GPS system, creating local GPS and manipulation of INS/ GPS pose criticalities.
3.5.2. The GPS navigation system, commonly used in drones are susceptible to jamming and spoofing attacks. Adversaries can block GPS signals or send counterfeit signals to mislead the drone regarding its actual location, leading to loss of control or misdirection.
3.6. Sensors Unit.
3.6.1. The sensor unit controls Inertial Measurement Unit (IMU), barometer, magnetometer, thermometer, Navigation unit and resource monitoring (fuel, battery and rotation).
3.6.2. Adversaries may attempt to manipulate sensor data and giving wrong inputs to flight controller which may disrupt the drone’s operations. For example, spoofed visual data can lead to incorrect obstacle avoidance maneuvers.
4.Drone Testing Framework Ground Data Terminal.
4.1. Ground Communication Controller (GCC).
4.1.1. All communication components are integral units of Ground Communication Controller which is responsible for entire communication of Ground Control Station with aerial vehicle.
4.1.2. The communication system is in duplex mode and can be compromised.
4.2. Tx & Rx Unit. Same as given above in para 13.4.
5. Ground Control Station (GCS) Software
5.1. A direct connection to the Flight Controller is used to control the other subunits of the system through the GCS software. It is responsible for flight and mission planning, uploading and then monitoring via telemetry channel.
5.2. In case the FC firmware malfunctions through hacking or intrusion of trojan, then it may further mislead the GCS software, which may eventually lead to loss of drone or sabotage the drone operation.
C.Drone Testing Framework for Critical Components
1. Electronic Speed Controller
2. Flight Controller
3 Flight Control Firmware
4. Transmission & Reception Unit
5. INS/ GPS
6. Sensors Unit
7. Ground Data Terminal
8. Ground Control Station Software
Part 2- Link
