Finding Security Vulnerabilities in Unmanned Aerial Vehicles Using Software Verification
The proliferation of Unmanned Aerial Vehicles (UAVs) embedded with vulnerable monolithic software, involving concurrency and fragile communication links, has recently raised serious concerns about their security. Recent studies show that a 2kg UAV can cause a critical damage to a passenger jet windscreen. However, verifying security in UAV software based on traditional testing remains an open challenge mainly due to scalability and deployment issue. Here we investigate the application of software verification techniques; in particular, existing software analyzers and verifiers, which implement fuzzing and bounded model checking techniques, to detect security vulnerabilities in typical UAVs. We also investigate fragility aspects related to the UAV communication link since all remaining UAV components (e.g., position, velocity and attitude control) heavily depend on it. Our preliminary results show real cyber-threats with the possibility of exploiting further security vulnerabilities in real-world UAV software in the foreseeable future.
READ FULL TEXT