Wireless Drone Vulnerabilities Assessment and Practical

Exploitation: A Security Analysis

W By
IE
Saja Alaedin Abozaideh
EV

Supervisor
Prof. Walid Salameh
PR

Thesis Submitted in Partial Fulfillment of the Requirements for the

Degree of Master of Science in Information Systems Security and Digital
Criminology

Princess Sumaya University for Technology

King Abdullah I School of Graduate Studies and Scientific Research

August 2023
 Authorization Form

I, Saja Alaedin Abozaideh, authorize Princess Sumaya University for Technology to

supply copies of my [Link] thesis to libraries, establishments, or individuals on request,
according to the Regulations of Princess Sumaya University for Technology.

Signature: Saja Abozaideh

W
IE
EV

Date:14-5-2023
PR

i
 Committee Decision
This thesis, “ Wireless Drone Vulnerabilities Assessment and Practical
Exploitation: A Security Analysis ” was Successfully Defended and
Approved on August 13, 2023.

Committee Members Signature

Prof. Walid Salameh, Supervisor

W
Professor of Computer Engineering ………………………
Princess Sumaya University for Technology
IE
Prof. Ashraf Ahmed, Member
EV

Professor of Computer Science and Engineering ………………………

Princess Sumaya University for Technology
PR

Prof. Jaafer Al-Saraireh, Member

Professor of Computer Science ………………………
Princess Sumaya University for Technology

Prof. Emad [Link], Member

Associate Professor of Information Security ………………………
The Hashemite University

ii
 Dedication
This thesis is dedicated to my family, who have supported me throughout my academic
career. Their affection, encouragement, and unwavering support have been a limitless
source of motivation for me.
A distinct sense of gratitude to my always-by-my-side parents, Alaedin Abozaideh and
Salam Zakarneh. My sister Duha and my brothers Seraj and Deyaa, hold a special space
in my heart for their unending emotional support.

W
I also dedicate this work to my peers and mentors, who have encouraged me to strive for
IE
excellence and pursue my objectives. Their counsel, insights, and encouragement have
been priceless.
EV

This work is dedicated to the Princess Sumaya University of Technology professors

who enlightened and supported me throughout this process.
PR

Lastly, I dedicate this thesis to everyone affected by drone technology's security flaws
and dangers. May our efforts to enhance drone security and safety result in a safer future
for everyone.

Saja Alaedin Abozaideh

iii
 Acknowledgments

I express my gratitude to Professor Walid Salameh, my supervisor, for his abundant

expertise and valuable time.

I express gratitude to my school division for permitting me to conduct this research and
for extending any necessary support.

Special appreciation to the King Abdullah I School of Graduate Studies and Scientific

W
Research staff members.
IE
Saja Alaedin Abozaideh
EV
PR

iv
 List of Tables
Table 1.1: Possible Drone Attack .................................................................................... 9
Table 1.2: Drone Cyber Attacks. ................................................................................... 12
Table 1.3: Snaptain A15H Official Parameters. ............................................................ 21
Table 1.4: Raspberry-Pi 3 Official Parameters. ............................................................. 22
Table 1.5: The Alpha AWUS036ACH Official Parameters. ......................................... 23
Table 2.1: Related Work Summary.. ............................................................................. 29
Table 3.1: A Collection of Tools Employed to Gather Information and Gain Access. . 32
Table 3.2: Varieties of Attacks Conducted In This Research ........................................ 33

W
IE
EV
PR

v
 List of Figures
Figure 1.1: The present analysis pertains to the evaluation conducted by the UK
Airprox board on a Small Unmanned Air System (SUAS). ............................................. 3
Figure 1.2: Controlling drones with GCS vs. direct control ............................................ 6
Figure 1.3: Combat Drone ............................................................................................... 6
Figure 1.4: Logistic Drone ............................................................................................... 7
Figure 1.5: A drone used for aerial photography. ............................................................ 7
Figure 1.6: The Reconnaissance Drone. .......................................................................... 8
Figure 1.7: Identity Spoofing. ........................................................................................ 14
Figure 1.8: MITM attack using Alpha Network Adapter AWUS036ACH. .................. 16
Figure 1.9: DoS Attack ................................................................................................. 19

W
Figure 1.10: Investigating the Snaptain a15h drone. .................................................... 20
Figure 1.11: The Raspberry-Pi 3 device. ...................................................................... 21
IE
Figure 1.12: The Alpha AWUS036ACH V.2. ............................................................... 23
Figure 3.1: Experiment configuration............................................................................ 33
Figure 4.1: Drone Attack Structure. .............................................................................. 35
EV

Figure 4.2: Results of a Drone-Based Nmap Network Scan. ........................................ 36

Figure 4.3: Results of a Drone used UDP ports............................................................. 36
Figure 4.4: the network latency using ping command. .................................................. 37
PR

Figure 4.5: the network latency using hping3 command. .............................................. 38

Figure 4.6: Effect of DoS Attack on Round-Trip Time in ms. ...................................... 38
Figure 4.7: Initiating the attack. ..................................................................................... 39
Figure 4.8: Captured Data Packets Displaying MAC Address Information and other
details .............................................................................................................................. 40
Figure 4.9: Remote Control detected ............................................................................. 40
Figure 4.10: Specify the correct channel. ...................................................................... 40
Figure 4.11: start sending deauthentication packet........................................................ 41
Figure 4.12: Analysing Deauthentication Packets with Wireshark. .............................. 41
Figure 4.13: A deauthentication attack on an Open wireless network. ......................... 42
Figure 4.14: Status of communication connection prior a DoS attack. ......................... 43
Figure 4.15: Status of communication connection following a DoS attack . ................ 43
Figure 4.16: A deauthentication attack on an Open wireless network. ......................... 44

vi
Figure 4.17: Python Script for gain unauthorized connection to the drone. .................. 45
Figure 4.18: successfully establish connection from attacking node ............................ 46
Figure 4.19: Video interception accomplished. ............................................................. 46

W
IE
EV
PR

vii
 List of Abbreviations
ARP Address Resolution Protocol

BSSID Basic Service Set Identifier

CIA Confidentiality, Integrity, and Availability

DoS Denial of Service

FAA Federal Aviation Administration

FTP File Transfer Protocol

GPS

W
Global Positioning System
IE
GCS Ground Control Stations

HTTPS Hypertext Transfer Protocol Secure

EV

ICMP Internet Control Message Protocol

IoT Internet of Things
PR

IP Internet Protocol address

MITM Man In The Middle

MAC Media Access Control Address

NTPT Meanings

PoC Proof of Concept

SUAS Small Unmanned Aircraft System

SYN Synchronize
SSH Secure Shell

viii
TCP Transmission Control Protocol

UAV Unmanned Aerial Vehicles

UAS Unmanned Aircraft Systems
UCAV Unmanned Combat Aerial Vehicle
UDP User Datagram Protocol
USB Universal Serial Bus

Wi-Fi Wireless Fidelity

W
IE
EV
PR

ix
 List of Contents

Authorization Form ......................................................................................................... i

Committee Decision ........................................................................................................ ii

Dedication ....................................................................................................................... iii

Acknowledgments .......................................................................................................... iv

List of Tables ................................................................................................................... v

List of Figures................................................................................................................. vi

List of Abbreviations ................................................................................................... viii

W
List of Contents ............................................................................................................... x

Abstract.......................................................................................................................... xii
IE
Chapter 1 Introduction ................................................................................................. 1

1.1 Overview ............................................................................................................ 1

EV

1.2 Background ........................................................................................................ 5

1.3 Security And Privacy In Drones ........................................................................ 9

1.4 Equipment for conducting a drone-hacking experiment .................................. 19

PR

Chapter 2 Problem Description ................................................................................. 25

1.5 Motivation ........................................................................................................ 25

1.6 Goal and objectives .......................................................................................... 26

1.7 Related work .................................................................................................... 27

1.8 Research Contribution ...................................................................................... 30

Chapter 3 Methodology .............................................................................................. 31

Chapter 4 Result and Discussion ................................................................................. 35

1.9 Reconnaissance and Scanning Exercise ........................................................... 35

1.10 Brute force attack ......................................................................................... 36

1.11 DoS Attack ................................................................................................... 37

x
 1.12 Deauthentication Attack ............................................................................... 39

1.13 MITM Attack................................................................................................ 43

1.14 Drone Hijacking ........................................................................................... 45

1.15 Conclusion and Future Work........................................................................ 47

References ...................................................................................................................... 49

‫ الملخص‬............................................................................................................................... 53

W
IE
EV
PR

xi
Wireless Drone Vulnerabilities Assessment and Practical Exploitation:
A Security Analysis

By
Saja Alaedin Abozaideh

Supervisor
Prof. Walid Salameh

Abstract
The global utilization of drones has witnessed a substantial surge in recent times,
owing to the persistent rise in demand for their multifaceted applications. The prevalence
of these drones can be attributed to their ability to fulfill specified criteria. Drone
operators can now obtain an aerial perspective that can be utilized in virtually any location

W
and at any time.

Recently, there has been an increase in the utilization of drones by both

IE
conventional and cyber criminals for malevolent activities. This study outlines a practical
attack scenario wherein the authors have executed an actual attack on a Snaptain A15H
drone. The study delves into the current state of drone security and highlights a series of
vulnerabilities in Wi-Fi-enabled drones.
EV

The likelihood and occurrence rate of these attacks are considerably elevated, and
their ramifications can be exceedingly risky with sever consequences. The Snaptain
A15H underwent analysis to detect and implement six discrete types of attacks, along
with the potential for automated assault. This study examines various attacks, including
PR

Denial of Service, de-authentication Methods, Man-in-the-Middle, Unauthorized Root

Access, Packet Spoofing, and drone hijacking. Furthermore, the approach for each attack
was delineated, and the experimental section expounds upon the outcomes and
methodologies employed in executing said attacks.

The present investigation also examines the security state of unmanned aerial
vehicles. This research aims to examine the possible risks associated with using drones
in cyberattacks and the countermeasures that can be employed to mitigate such threats.
This helps ethical hackers understand the comprehension of existing vulnerabilities in
unmanned aerial vehicles (UAVs) within military and civilian domains. Furthermore, it
empowers them to customize and innovate novel techniques and technologies to enhance
the defense and detection of unmanned aerial vehicle (UAV) attacks.

Keywords: Snaptain A15H, Drone, Man-In-The-Middle, Denial-of-Service, Attack,

Hijack, AWUS036ACH.

xii
 Chapter 1
Introduction
The number of lightweight unmanned aerial vehicles (UAVs) is predicted to rise
enormously, and many of them currently use an insecure command and control protocol.
A variety of miniature unmanned aircraft is controlled and managed using smartphones
through wireless. This research will analyze different exploits that endanger the integrity,
confidentiality, and accessibility of information (CIA) of data where the unmanned aerial
vehicles transmit it over the wireless to ground control stations.

The introductory chapter presents a comprehensive outline of unmanned aerial

vehicles, their diverse classifications, and their modes of operation. It also addresses the

W
issues of security and privacy in wireless drones, the various hardware tools utilized in
the experiment and their specifications.
IE
1.1 Overview
Unmanned aerial systems (UAS), formerly solely utilized by the military, are
EV

gaining popularity across industries and becoming increasingly common in commercial

and non-commercial areas [1]. it has various potential applications in the future, such as
safeguarding borders, assisting coastguards, tackling forest fires, conducting emergency
PR

rescues, aiding the oil industry, monitoring the environment, and taking aerial
photographs [2]. Drones, or unmanned aerial vehicles (UAV), are unpiloted aircraft
controlled by an onboard computer or remote control [3]. As drone usage continues to
expand, they become an increasingly attractive target for attackers. McAfee Labs
recognized "Drone Jacking" as an important emerging threat in its 2017 Threats
Predictions Report. UAVs that can store multiple forms of private information, such as
photographs, videos, and GPS positions, are an attractive target for numerous categories
of hackers. With the likelihood of surveillance drones rising in today's society, it is vital
to protect sensitive information from falling into the wrong hands[4].

UAVs are being integrated into the Internet of Things (IoT). With their flexible
mobility, speed of response, high maneuverability, and simplicity of assembly, UAVs

Reproduced with permission of copyright owner. Further reproduction prohibited without permission.