TY - GEN
T1 - Exploiting the Vulnerabilities in MAVLink Protocol for UAV Hijacking
AU - Du, Fei
AU - Ge, Jinai
AU - Wang, Wen
AU - Zou, Yuwen
AU - Chang, Sang Yoon
AU - Fan, Wenjun
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/12
Y1 - 2024/12
N2 - The MAVLink protocol serves as the cornerstone for control communications between ground control systems (GCS) and unmanned aerial vehicles (UAVs), facilitating essential control communication. Despite its widespread adoption, the protocol's security mechanisms have raised significant concerns. This work focuses on the design vulnerabilities of the MAVLink protocol v2.0 including the deficiency in message authentication code (MAC) mechanism and lapses in sequence number verification. Also, this research reveals the implementation loopholes (as findings) in the well-known GCS software (Mission Planner) for updating the secret key and in the widely used UAV emulation (ArduPilot) for examining invalid timestamps. This breach paves the way for the injection of malicious messages, culminating in the potential hijacking of the UAV. In response to these issues, we propose several countermeasures including a solution using the public key-based signature. The efficacy of both the attack methods and the countermeasures is validated through a series of experiments conducted within a controlled testbed environment.
AB - The MAVLink protocol serves as the cornerstone for control communications between ground control systems (GCS) and unmanned aerial vehicles (UAVs), facilitating essential control communication. Despite its widespread adoption, the protocol's security mechanisms have raised significant concerns. This work focuses on the design vulnerabilities of the MAVLink protocol v2.0 including the deficiency in message authentication code (MAC) mechanism and lapses in sequence number verification. Also, this research reveals the implementation loopholes (as findings) in the well-known GCS software (Mission Planner) for updating the secret key and in the widely used UAV emulation (ArduPilot) for examining invalid timestamps. This breach paves the way for the injection of malicious messages, culminating in the potential hijacking of the UAV. In response to these issues, we propose several countermeasures including a solution using the public key-based signature. The efficacy of both the attack methods and the countermeasures is validated through a series of experiments conducted within a controlled testbed environment.
KW - Dictionary Attack
KW - MAVLink Protocol
KW - Message Authentication Code
KW - Public Key Cryptography
KW - UAV
UR - http://www.scopus.com/inward/record.url?scp=86000023940&partnerID=8YFLogxK
U2 - 10.1109/SIN63213.2024.10871546
DO - 10.1109/SIN63213.2024.10871546
M3 - Conference Proceeding
AN - SCOPUS:86000023940
T3 - 2024 17th International Conference on Security of Information and Networks, SIN 2024
BT - 2024 17th International Conference on Security of Information and Networks, SIN 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 17th International Conference on Security of Information and Networks, SIN 2024
Y2 - 2 December 2024 through 4 December 2024
ER -