22 In conversation | Ronald Broberg systems that affect how they can be protected and attacked. “We draw heavily on the evolving suite of security testing tools and techniques for Linux, Android and RF systems, and apply them to UAS systems. Likewise, malicious hackers can do the same,” Broberg explains. On the other hand, he says, UAS systems can cause physical harm; an attribute they share with other vehicles and many industrial control systems/ operational technology (ICS/OT) implementations, but that is usually not present in something like enterprise network security for corporations, small office/home office and personal devices. In Broberg’s experience, the level of cyber awareness in the uncrewed systems industry varies widely. “The team of which I am part has seen some of the most insecure products of our careers in the UAS domain – and some of the most secured systems. Unfortunately, an in-house security team is expensive, but those companies with the ability and desire to build such a team are delivering more secure products,” he says. Attack surface All the components of a UAV system, including computer hardware, software and protocols have their vulnerabilities, and together they comprise a large attack surface, made larger still by the interfaces between them. “For the middle of my LM career, I was a ‘systems integrator’,” Broberg says. “Understanding systems architecture and integration is a strong basis to start finding the security faultlines in systems I had not seen before. It is often in the junction of disparate systems that security vulnerabilities appear.” The key pieces of hardware aboard UAVs include flight controllers, companion computers, payloads and software-defined radio (SDR) systems, with the ground-control station the key offboard component. In addition to the microcontroller at its heart, a typical flight controller contains a set of motion sensors and draws power from the vehicle’s battery, but it also includes input/output interfaces that allow it to communicate with the remotecontrol radio receiver, the UAV’s motors/ control surfaces via electronic speed controllers and servos and, potentially, payload mechanisms. Unsecured flight controllers can be exploited by adversaries to hijack drones, intercept sensitive telemetry data or disrupt operational integrity. Therefore, they should be protected by implementing secure coding practices, encryption of communication channels, regular software updates and penetration testing, Broberg explains. Companion computers such as the Raspberry Pi, and higher-end units from NVIDIA and Intel, augment flight controllers, providing the extra processing power to handle data processing, computer vision and communication with ground-control stations. According to Dark Wolf, potential vulnerabilities in these devices include: outdated or insecure versions of firmware or operating systems; insecurely configured network services; weak or default credentials; improper authentication mechanisms or inadequate access controls; insecure communication protocols that can October/November 2024 | Uncrewed Systems Technology Above: participants in Dark Wolf’s Hack our Drone workshop are provided with this small quadcopter, smartphone-based GCS and laptop running Kali Linux plus instructional documents (Image courtesy of Dark Wolf Solutions) Left: on moving to Dark Wolf, Broberg noted similarities between the communication system architectures of satellites and drones despite the big differences in implementation (Image courtesy of Lockheed Martin)
RkJQdWJsaXNoZXIy MjI2Mzk4