Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New CS proposal: Drone Security #1412

Open
godfreynolan opened this issue May 24, 2024 · 4 comments
Open

New CS proposal: Drone Security #1412

godfreynolan opened this issue May 24, 2024 · 4 comments
Assignees
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. NEW_CS Issue about the creation of a new cheat sheet.

Comments

@godfreynolan
Copy link

What is the proposed Cheat Sheet about?

This drone security Cheat Sheet aims to ensure the safe and secure operation of unmanned aerial vehicles (UAVs) in various mobile, web and cloud applications.

What security issues are commonly encountered related to this area?

Insecure Communication Links, data transmitted can be intercepted
Weak Authentication Mechanisms, default or weak passwords can allow unauthorized access
Firmware Vulnerabilities, unencrypted firmware and vulnerable bootloaders can lead to unauthorized modifications
Insufficient Physical Security, need to secure physical access to USB ports and other interfaces to prevent data theft or tampering
Insecure Supply Chain, compromised components from suppliers can introduce hidden vulnerabilities
Unsecured Third Party Components, third-party software libraries and components can compromise drone security
Inadequate Logging and Monitoring, insufficient monitoring of drone operations can delay the detection of security breaches or operational anomalies
Insecure Data Storage, sensitive data stored on drones can be accessed if not encrypted
Spoofing and Replay Attacks, GPS or ADS-B data spoofing or command replay attacks could mislead or take control of the drone
RF Interference and Jamming, drones can be disrupted or controlled through intentional RF interference or jamming
Sensor Vulnerabilities, cameras, GPS and other sensors can be exploited to feed incorrect data to the drone systems.
Cloud Storage and Data Management Vulnerabilities, inadequate security controls for drone data stored in the cloud (e.g., videos, logs, images) can lead to unauthorized access and data breaches
End of Life Decommissioning Risks, inadequately secured decommissioning processes can leave residual data accessible, or hardware could be reused maliciously
Interoperability and Integration Issues, integrating various systems and technologies without a cohesive security strategy can introduce vulnerabilities, e.g. web servers on cameras
Third Party Services and API Security, external APIs used by drones or GCS might be insecure, providing a pathway for attacks
User Error and Misconfiguration, incorrect configuration of drone systems by users can expose them to risks of unauthorized access or malfunction

What is the objective of the Cheat Sheet?

To provide developers working on mobile apps, websites, cloud systems and firmware for drones to understand the wide ranging risks.

What other resources exist in this area?

https://dronewolf.darkwolf.io/intro
https://github.com/nicholasaleks/Damn-Vulnerable-Drone
https://github.com/dhondta/dronesploit
https://github.com/jezzab/DUMLdore

@godfreynolan godfreynolan added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. NEW_CS Issue about the creation of a new cheat sheet. labels May 24, 2024
@jmanico
Copy link
Member

jmanico commented May 27, 2024

I think this is a fantastic idea for a cheatsheet. Let's do it. You are welcome to issue a new PR and if you need help with the directory structure of similar let me know!

@szh szh added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. labels May 28, 2024
@godfreynolan
Copy link
Author

godfreynolan commented May 31, 2024 via email

@szh
Copy link
Collaborator

szh commented Aug 7, 2024

@godfreynolan Hey are you still working on this?

@godfreynolan
Copy link
Author

godfreynolan commented Aug 7, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. NEW_CS Issue about the creation of a new cheat sheet.
Projects
None yet
Development

No branches or pull requests

3 participants