In this article we illustrate an approach of a security threat analysis of the quadrocopter AR.Drone, a toy for augmented reality (AR) games. The technical properties of the drone can be misused for attacks, which may relate security and/or privacy aspects. Our aim is to sensitize for the possibility of misuses and the motivation for an implementation of improved security mechanisms of the quadrocopter. We focus primarily on obvious security vulnerabilities (e.g. communication over unencrypted WLAN, usage of UDP, live video streaming via unencrypted WLAN to the control device) of this quadrocopter. We could practically verify in three exemplary scenarios that this can be misused by unauthorized persons for several attacks: high-jacking of the drone, eavesdropping of the AR.Drones unprotected video streams, and the tracking of persons. Amongst other aspects, our current research focuses on the realization of the attack of tracking persons and objects with the drone. Besides the realization of attacks, we want to evaluate the potential of this particular drone for a "safe-landing" function, as well as potential security enhancements. Additionally, in future we plan to investigate an automatic tracking of persons or objects without the need of human interactions.
[1]
Lothar Schwarz,et al.
An Amino Acid Model for Latent Fingerprints on Porous Surfaces *
,
2009,
Journal of forensic sciences.
[2]
Jörg Völker.
iPhone Security
,
2010,
Datenschutz und Datensicherheit - DuD.
[3]
Neil R. Storey,et al.
Safety-critical computer systems
,
1996
.
[4]
Srivaths Ravi,et al.
Security in embedded systems: Design challenges
,
2004,
TECS.
[5]
Jana Dittmann,et al.
Printed fingerprints: a framework and first results towards detection of artificially printed latent fingerprints for forensics
,
2011,
Electronic Imaging.