In this project, vulnerability analysis was conducted on four sensors as follows.
In this project, six possible attacks were selected for four sensors. The attack was screened through the analysis of the existing paper/conference presentation/technical report, and four of the total eight attacks were successful.
GPS module is a module that sends and receives GPS information from PX4-Autopilot.
A total of two way of GPS spoofing attempts were made through the GPS module, and although GPS spoofing failed, Jamming succeeded.
We applied the GPS Spoofing technique, the most representative attack, to carry out Jamming attacks that continued to send GPS information.
I succeeded in Jamming through GPS Spoofing without much difficulty.
Note Link : https://gpspatron.com/spoofing-a-multi-band-rtk-gnss-receiver-with-hackrf-one-and-gnss-jammer/
The attack was attempted in the same way as the above link, but failed due to interference from other satellite signals (GNSS).
Optical Flow can be easily said to be a camera. Optical Flow consists of an Initial Measurement Unit (IMU) sensor, an Ultasonic sensor, and an Image Sensor.
For IMU Sensors and Ultrasonic Sensors, resonant frequency attacks were carried out but failed, and for Image Sensors, sensors using strong light were successfully neutralized.
The following papers were referenced for vulnerability analysis : https://ieeexplore.ieee.org/abstract/document/6630805/
For IMU Sensors and Ultrasonic Sensors, resonant frequency attacks were carried out.
First, in the case of IMU Sensor, we tried an internal spring high frequency attack. But it failed.
Note : https://www.usenix.org/sites/default/files/conference/protected-files/enigma17_slides_kim.pdf
Next, for the Ultrasonic Sensor, a resonance frequency attack was carried out using Arduino.
But it was not successful because Frequency was not right. (40KHz → 42KHz)
For Image Sensor, a sensor neutralization attack was carried out using strong light.
He was able to succeed in the attack without much difficulty.
Note : https://www.usenix.org/sites/default/files/conference/protected-files/woot_slides_park.pdf
Telemetry Radio is a sensor that transmits/receives RF signals at PX4-Autopilot. This sensor allows you to send MAVLink information or Remote Controller information.
Therefore, in this project, RF Replay Attack was performed by dividing it into MAVLink and Remote Controller information respectively, and in conclusion, only RF Replay Attack through Remote Controller information was successful.
RF Replay Attack was performed for Telemetry Radio.
The RF Replay Attack was performed separately because information could be sent by MAVLink or Remote Controller.
In conclusion, only the Remote Controller was successful. This is because MAVLink uses the FHSS technique and RC uses the DSSS technique.
Wi-Fi module is literally a sensor that sends/receives information through Wi-Fi. In this project, the ESP8266 Wi-Fi module was used. Deauth Attack was conducted for ESP8266 Wi-Fi modules.
Through MAVLink Bridge Wifi, we proceeded Deauth Attack, and we were able to succeed without much difficulty.