Kim Hartmann studied Computer Science and Mathematics at the Royal Institute of Technology, Stockholm, Sweden and at Otto von Guericke University Magdeburg, Germany. Kim Hartmann specialised in computer security and mathematical modelling, worked on protocol security analysis, mathematical computer security modelling, computer security risk assessment and risk analysis of critical network infrastructures. Her research interests are secure network design principles, risk analysis and assessment of networks, network components and protocols. Since 2011, Kim Hartmann has been employed at the Institute of Electronics, Signal Processing and Communication at Otto von Guericke University Magdeburg, Germany.
The Vulnerability of UAVs to Cyber Attacks
Co-author: Christoph Steup (Otto-von-Guericke-University)
By 2012 the U.S. military had increased its investment in research and production of unmanned aerial vehicles (UAVs) from $2.3 billion in 2008 to $4.2 billion . Currently UAVs are used for a wide range of missions such as border surveillance, reconnaissance, transportation and armed attacks. UAVs are presumed to provide their services at any time, be reliable, automated and autonomous. Based on these presumptions, governmental and military leaders expect UAVs to improve national security through surveillance or combat missions.
To fulfill their missions, UAVs need to collect and process data. Therefore, UAVs may store a wide range of information from troop movements to environmental data and strategic operations. The amount and kind of information enclosed make UAVs an extremely interesting target for espionage and endangers UAVs of theft, manipulation and attacks.
Events such as the loss of an RQ-170 Sentinel to Iranian military forces on 4th December 2011  or the “keylogging” virus that infected an U.S. UAV fleet at Creech Air Force Base in Nevada in September 2011  show that the efforts of the past to identify risks and harden UAVs are insufficient. Due to the increasing governmental and military reliance on UAVs to protect national security, the necessity of a methodical and reliable analysis of the technical vulnerabilities becomes apparent.
We investigated recent attacks and developed a scheme for the risk assessment of UAVs based on the provided services and communication infrastructures. We provide a first approach to an UAV specific risk assessment and take into account the factors exposure, communication systems, storage media, sensor systems and fault handling mechanisms. We used this approach to assess the risk of some currently used UAVs: The “MQ-9 Reaper” and the “AR Drone”. A risk analysis of the “RQ-170 Sentinel” is discussed.