In: Computer Science
Question 1)
Answer:
Yes, in case, the wireless communication is unencrypted, the
attackers, hackers, or bad actors could eavesdrop using another
device. The hacker might logically place the intruder device
between the drone and the controller such as a smartphone,
eavesdropping on the connection. The signals sent between the drone
and the controller can be interrupted and eavesdropped in between
and analyzed. In one of the possible attack scenarios, the attacker
can use the control ports on the controller interrupting the
operation from the user using the smartphone app as the controller
and eavesdrop on the video stream sent from the drone to the
controller, or make changes in the configuration and save and
submit the newly changed configurations here. Thus, it is possible
to eavesdrop on the video stream of the drone breaching the Wi-Fi
connection, in case, the Wi-Fi network is unencrypted from the
start.
Question 2)
Answer:
Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) the
drone means an attacker makes an attempt, making it impossible to
deliver a service. The drone's availability will be compromised.
Whereas in a DoS attack, the malicious requests or data is sent by
only one system. In a DDoS attack, on the other hand, the malicious
requests or data are sent from multiple systems. DoS attacks are
the reasons for network availability issues that influence critical
Unmanned Aerial Vehicles (UAVs) applications, for example, video
streaming functionality. DoS could cause either a logic attack or a
resource attack. DoS logic attack exploits existing software
vulnerabilities and weaknesses causing remote devices such as
drones to crash or simply significantly degrade the drone's
performance. DoS resource attacks overwhelm or flood the innocent
or the victim's computer, smartphone, and other related devices,
and network resources, sending constant streams of spurious
packets.
Question 3)
Answer:
Some things that could be done with a Man-In-The-Middle (MITM)
attack carried out on the drone:
* The attacker can carry out a MITM attack sending the malicious
command with a sequence number always higher than the one sent from
the legitimate user.
* A simple and physical MITM attack, in layman terms, such as an
attacker physically possessing the drone without any authorization
can make changes to the drone's hardware, component, or the entire
device, or he/she can cause damage, break it, to the drone, simply
steal it, etc.
* The attacker can easily get the drone off track and hijack it
through MITM. The attacker can infiltrate the user's Wi-Fi network
with even a very little computational power fooling and derailing
the drone commanding falsified information.
* The attacker can crash the drone.
* He/she can manipulate the drone's behavior so it lands in a
hostile location.