Visible to the public Vulnerability Analysis of AR.Drone 2.0, an Embedded Linux System

TitleVulnerability Analysis of AR.Drone 2.0, an Embedded Linux System
Publication TypeConference Paper
Year of Publication2019
AuthorsAstaburuaga, Ignacio, Lombardi, Amee, La Torre, Brian, Hughes, Carolyn, Sengupta, Shamik
Conference Name2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC)
Keywords2.0, AR, AR Drone 2.0, autonomous aerial vehicles, Busybox, composability, computer network security, CVE, drone, drones, Embedded, embedded Linux system, Embedded systems, Linux, Linux operating system, Linux Operating System Security, Metrics, open WiFi network, pairing mode, Parrot, Predictive Metrics, pubcrawl, public domain software, Resiliency, security, Software, software vulnerabilities, SSH Tunnel, Streaming media, Tools, vulnerabilities, vulnerability analysis, Weapons, wireless LAN
AbstractThe goal of this work was to identify and try to solve some of the vulnerabilities present in the AR Drone 2.0 by Parrot. The approach was to identify how the system worked, find and analyze vulnerabilities and flaws in the system as a whole and in the software, and find solutions to those problems. Analyzing the results of some tests showed that the system has an open WiFi network and the communication between the controller and the drone are unencrypted. Analyzing the Linux operating system that the drone uses, we see that "Pairing Mode" is the only way the system protects itself from unauthorized control. This is a feature that can be easily bypassed. Port scans reveal that the system has all the ports for its services open and exposed. This makes it susceptible to attacks like DoS and takeover. This research also focuses on some of the software vulnerabilities, such as Busybox that the drone runs. Lastly, this paper discuses some of the possible methods that can be used to secure the drone. These methods include securing the messages via SSH Tunnel, closing unused ports, and re-implementing the software used by the drone and the controller.
Citation Keyastaburuaga_vulnerability_2019