Security Assessment of State-of-the-art Drones

Research Overview

My research usually focuses on analyzing and exploiting embedded systems on different layers (hardware, software, wireless physical layer) and also fuzzing. 

 

Are you interested in diving deep into applied Security Competitions? Check out our university’s CTF team: FluxFingers

Nico Schiller

Master's Thesis: Security Assement of State-of-the-Art Consumer Drones

The use of consumer drones has been increasing in recent years, making them a popular choice for various applications, including aerial photography, surveillance, and package delivery. However, security concerns surrounding these devices are also on the rise. In this context, a comprehensive security assessment of state-of-the-art consumer drones is critical to ensure their safe and secure use.

The master’s thesis, aims to conduct a thorough security assessment of consumer drones. The primary focus of the thesis will be on identifying potential vulnerabilities in the drone’s hardware, software, and communication protocols that could be exploited by malicious actors.

Furthermore the thesis will also explore the use of advanced security tools and methodologies, such as fuzzing to detect potential security weaknesses in the drone’s software and firmware.

The outcome of this masters thesis will be a detailed report highlighting the security risks associated with state-of-the-art consumer drones and recommendations for mitigating those risks.

Overall, this master’s thesis will contribute to advancing our understanding of the security implications of using consumer drones and provide valuable insights into how to secure them against potential threats.

There are different topics available:

  • Firmware analyis
  • Fuzzing (interfaces and / or firmware)
  • Wireless protocol analysis
 
 

Related Work / Relevant Links

[1] Drone Security Paper

Requirements

The requirements depend on the exact topic, e.g., if you want to analyze the wireless physical layer, having a deeper knowledge of exploitation techniques is unnecessary.

  • Familiarity with binary code / reverse engineering
  • Ability to program in C/C++/Python/Rust
  • Knowledge of exploitation techniques
  • Signal processing knowledge