Presentation av examensarbete för högskoleingenjörsexamen
| Titel: | Hacking a Commercial Drone |
| Respondent: | TOMMIE HÖGLUND GRAN och ERIK MICKOLS |
| Dag, Datum och Tid: | Onsdag, 2020-09-23 kl 1500-1600 i Zoom, se länk. |
| Plats: | För plats och tid kontakta respondenterna ovan. |
| Opponenter: | (max 3 st), kontakta respondenter för opponering på rapport. |
| Examinator: | Mathias Ekstedt, handledare: Pontus Johnson |
| Språk: | Muntligt på svenska, frågor kan ställas på engelska |
| Anmälan: | Anmälan för lyssnarnärvaro behövs ej för besökare. |
Abstract
Unmanned aerial vehicles, commonly known as drones, are part of the IoT revolution and have gotten some attention in recent years due to privacy violation issues as well as airport and military security.
Since they can fly and have an increasing amount of technology implemented, especially camera and other surveillance, they are attractive targets for hackers and penetration testers. A number of attacks have been carried out over the years.
In this thesis the Parrot ANAFI drone is explored and attacked using threat modeling from a black box perspective. The threat modeling includes identifying threats with STRIDE and assessing risks with DREAD.
Major vulnerabilities in the system were not found. This report shows that the manufacturer has a high security awareness. Examples of this awareness are that previously reported vulnerabilities have been mitigated and firmware code has been obfuscated.
The methods used and results found could be used to further explore vulnerabilities in drones and similar IoT devices.
Keywords
ethical hacking; internet of things; penetration testing; threat modeling; unmanned aerial vehicle