Penetration testing a civilian drone : Reverse engineering software in search for security vulnerabilities

Abstract: Civilian drones have become more popular in recent years. As an IoT (Internet of Things) device full of state of the art technologies, its level of security is highly relevant. That is why we chose to take a look at the previous research done in the field to see how the attack surface of civilian drones looks. This revealed that drones are especially vulnerable to GPS and WiFi-based attacks. Furthermore, there have also been vulnerabilities discovered in the applications used by different civilian drones. We took a closer look at a certain drone model, DJI Mavic 2 Zoom, by analyzing its internals and reverse engineering certain parts of its software architecture to see what attacks it could be vulnerable to. Our research revealed that the drone uses a proprietary protocol dubbed Ocusync. This means it is not vulnerable to the same attacks as drone models that use WiFi. However, the drone could still be as vulnerable to GPS spoofing attacks. Through reverse engineering, we also discovered a vulnerability in the software of the drone, which has been reported to the manufacturer.