Case Study – Drone System Security Testing

An international engineering & technology firm seeks to test and identify cyber security vulnerabilities in a drone system

At A Glance

Challenges:

  • Cyber security threat to drones
  • Complexity of drone systems
  • End-user trust in system
  • Product positioning in market

Benefits:

  • Independent validation of security controls
  • System hardened and protected
  • Strengthen end-user trust

“The security of our systems is a critical requirement of our customers. This is the first time we test our system’s security controls. Heron’s consultants did an excellent job and we are able to assure our customers that our system has been independently tested and hardened ”

– Vice President & Head of UAS Business, Client

Client’s Objectives

The client, part of an international engineering and technology conglomerate headquartered in South-East Asia, is a major provider of drone systems and services to Government end-users. To assure their customers of the drone system integrity, Heron was engaged to identify vulnerabilities within the system.

The drone system includes a proprietary remote drone service box, fleet management system and the aircraft. The client also require security testing of the communications network between the sub-systems.

drone testing

Scope & Tasks

The scope includes testing of these components and applications:

  • WIFI and 4G communications systems with the issues of concern being: Denial of Service, Loss of Availability, Disruption of Line-of-Sight, Spoofing and Video Disruptions
  • Network systems with the issues of concern being: Protocol Attacks and Misconfigured Authentication, meaning, comprising Request Flooding, Authorisation Bypass Tests, Specific Target on Drone-Controller Circuits

The following services were performed:

  • Discovery and Service Enumeration to gather information about the drone system, network footprint, components, communications and configurations which included networks sweeps and active scanning
  • Vulnerability Identification by using a combination of commercial and open-source tools
  • Vulnerability Analysis to analyse vulnerabilities identified manually to separate the real vulnerabilities from false positives
  • Managed Exploitation to demonstrate that unauthorised activities cannot be performed based on vulnerabilities uncovered after remediation
  • Identification of medium and high vulnerabilities that were remediated according to recommended remediation strategy

Download this case study or learn more about Cyber Security Review

Doing research on Security Testing? Download this case study, read more about security testing, or reach out to a cyber security expert to see how security testing could work for your business.