Abstract
A drone is a software (SW) and hardware (HW) complex that has wireless data transfer technologies (Wi-Fi, LTE, 5G, Bluetooth, etc.) To transfer data, it uses various communication protocols: both specific and generally known.
Drones can perform complex tasks, but some cyber-attacks (such as Denial-of-Services - DoS) can lead to the failure of individual components of the drone and the entire system as a whole.
Guidelines for protecting against drone attacks are provided by many organizations that develop cybersecurity standards (NIST, CERT, CISA, etc.). Methods to prevent cyber-attacks can be used to drones, with adjustments to their parameters and architectural features. There are also recommendations for protecting drone components and also methods of communication protocols protection from cyber-attacks.
The authors of this study offer a comprehensive approach to the analysis of vulnerabilities of drone subsystems, which includes a system analysis of drone architecture, vulnerability analysis by different vulnerability databases, and their systematization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Autonomian. UAV Data Transmission and Protocols, 92 p. https://robolabor.ee/img/cms/projektid/UAV%20Data%20Transmission%20and%20Communication%20Protocols.pdf. Accessed 04 Apr 2023
Yanmaz, E., Yahyanejad, S., Rinner, B., Hellwagner, H., Bettstetter, C.: Drone networks: communications, coordination, and sensing. Ad Hoc Netw. 68 (2017). https://doi.org/10.1016/j.adhoc.2017.09.001
Pleban, J., Band, R., Creutzburg, R.: Hacking and securing the AR.Drone 2.0 quadcopter - investigations for improving the security of a toy (2014). https://doi.org/10.1117/12.2044868
Menoret, S., Auburg, T., Nousi, V., Pitas Aristotle, I.: Drone communications. European Union’s Horizon 2020 research and innovation programmed under grant agreement. No 731667 (MULTIDRONE)
Sawalmeh, A., Othman, N.: An overview of collision avoidance approaches and network architecture of unmanned aerial vehicles (UAVs). Int. J. Eng. Technol. 7 (2018). https://doi.org/10.14419/IJET.v7i4.35.27395
Aranzazu Suescun, C., Cardei, M.: Unmanned Aerial Vehicle Networking Protocols (2021). https://doi.org/10.18687/LACCEI2016.1.S.078
Aldeen, S., Yousra, Abdulhadi, H.: Data communication for drone-enabled internet of things. Indones. J. Electr. Eng. Comput. Sci. 22, 1216. (2021). https://doi.org/10.11591/IJEECS.v22.i2.pp1216-1222
Kwon, Y.M., Yu, J., Cho, B.M., Eun, Y., Park, K.J.: Empirical analysis of MAVLink protocol vulnerability for attacking unmanned aerial vehicles. IEEE Access 6, 43203–43212 (2018)
Khan, N.A., Jhanjhi, N.Z., Brohi, S.N., Almazroi, A.A., Almazroi, A.A.: A secure communication protocol for unmanned aerial vehicles. Comput. Mater. Continua 70, 601–618 (2021). https://doi.org/10.32604/cmc.2022.019419
Aerosmart. UAV systems and solutions. Use-case. Drone Detection System (2022). https://www.aerosmart.ae/drone-detection-system/. Accessed 05 Apr 2023
Kaspersky. Endpoint Security for Linux. For workstations and servers. https://www.kaspersky.com/small-to-medium-business-security/endpoint-linux. Accessed 05 Apr 2023
Lee, M., Choi, G., Park, J., Cho, S.: Study of analyzing and mitigating vulnerabilities in uC/OS real-time operating system. In: 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 834–836 (2018). https://doi.org/10.1109/ICUFN.2018.8436965
Belding, G.: Malware Spotlight: EvilGnome (2020). https://resources.infosecinstitute.com/topic/malware-spotlight-evilgnome/. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-14314. https://nvd.nist.gov/vuln/detail/CVE-2020-14314. Accessed 05 Apr 2023
National Vulnerability Database. CVE-2020-16119, https://nvd.nist.gov/vuln/detail/CVE-2020-16119. Accessed 10 Apr 2023
Linux RedHat. https://access.redhat.com/security/cve/cve-2020-16119. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-16120, https://nvd.nist.gov/vuln/detail/CVE-2020-16120. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-14385. https://nvd.nist.gov/vuln/detail/CVE-2020-14385
National Vulnerability Database. CVE-2020-20285. https://nvd.nist.gov/vuln/detail/CVE-2020-20285. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-25641. https://nvd.nist.gov/vuln/detail/CVE-2020-25641. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2022-23222. https://nvd.nist.gov/vuln/detail/CVE-2020-23222. Accessed 10 Apr 2023
RedHat. https://bugzilla.redhat.com/show_bug.cgi?id=2119048. Accessed 10 Apr 2023
RedHat. https://bugzilla.redhat.com/show_bug.cgi?id=2188396. Accessed 10 Apr 2023
MITRE. CVE-2021-1378. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1378. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2021-1378. https://nvd.nist.gov/vuln/detail/CVE-2021-1378. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2021-1592. https://nvd.nist.gov/vuln/detail/CVE-2021-1592. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-15025. https://nvd.nist.gov/vuln/detail/CVE-2020-15025. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-13817. https://nvd.nist.gov/vuln/detail/CVE-2020-13817. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2020-11868. https://nvd.nist.gov/vuln/detail/CVE-2020-11868. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2022-27000. https://nvd.nist.gov/vuln/detail/CVE-2022-27000. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2022-26019. https://nvd.nist.gov/vuln/detail/CVE-2022-26019. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2018-0280. https://nvd.nist.gov/vuln/detail/CVE-2018-0280. Accessed 10 Apr 2023
National Vulnerability Database. CVE-2022-21722. https://nvd.nist.gov/vuln/detail/CVE-2022-21722. Accessed 10 Apr 2023
Burleson-Davis, J.: 7 Common VPN Security Risks: The Not-So-Good, The Bad, and the Ugly, April 14, 2021. https://www.securelink.com/blog/vpnproblems/#:~:text=VPNs%20are%20insecure%20because%20they,network%20can%20be%20brought%20down. Accessed 10 Apr 2023
Aljehani, M., Inoue, M.: Communication and Autonomous Control of Multi-UAV System in Disaster Response Tasks (2017). https://doi.org/10.1007/978-3-319-59394-4_12
Rametta, C., Beritelli, F., Avanzato, R., Russo, M.: A smart VPN bonding technique for drone communication applications. In: 2019 15th International CONFERENCE on Distributed Computing in Sensor Systems (DCOSS), pp. 612–618 (2019). https://doi.org/10.1109/DCOSS.2019.00112
National Vulnerability Database. CVE-2022-22510. https://nvd.nist.gov/vuln/detail/CVE-2022-22510. Accessed 15 Apr 2023
Husnain, M., et al.: Preventing MQTT vulnerabilities using IoT-enabled intrusion detection system. Sensors 22, 567 (2022). https://doi.org/10.3390/s22020567
National Vulnerability Database. CVE-2022-0673. https://nvd.nist.gov/vuln/detail/CVE-2022-0673. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2020-3162. https://nvd.nist.gov/vuln/detail/CVE-2020-3162. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2022-22899, https://nvd.nist.gov/vuln/detail/CVE-2022-22899. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2017-5754. https://nvd.nist.gov/vuln/detail/CVE-2017-5754. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2017-5753. https://nvd.nist.gov/vuln/detail/CVE-2017-5753. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2022-29402. https://nvd.nist.gov/vuln/detail/cve-2022-29402. Accessed 05 May 2023
National Vulnerability Database. CVE-2021-26317. https://nvd.nist.gov/vuln/detail/CVE-2021-26317. Accessed 21 Apr 2023
National Vulnerability Database. CVE-2023-2166. https://nvd.nist.gov/vuln/detail/CVE-2022-2166. Accessed 21 Apr 2023
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kolisnyk, M., Piskachov, O. (2023). Analysis and Systematization of Vulnerabilities of Drone Subsystems. In: Antoniou, G., et al. Information and Communication Technologies in Education, Research, and Industrial Applications. ICTERI 2023. Communications in Computer and Information Science, vol 1980. Springer, Cham. https://doi.org/10.1007/978-3-031-48325-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-48325-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48324-0
Online ISBN: 978-3-031-48325-7
eBook Packages: Computer ScienceComputer Science (R0)