Security Analysis of FHSS-type Drone Controller

Unmanned Aerial Vehicles (UAVs), or drones, have attracted a considerable amount of attentions due to their utility to civilian as well as military applications. However, the security issues involved in UAV technology have not been extensively discussed in the literature. As a first step toward analyzing these security issues, we investigate security in drone controllers, especially controllers that adopt Frequency Hopping Spread Spectrum (FHSS). In order to affect an FHSS-type controller, an attacker first has to access its physical layer. This is difficult because of the pseudorandomness of the hopping sequence and the rapidly changing channels. However, these difficulties can be relaxed when the attacker acquires the hopping sequence and when the hopping speed of the target system is not significant. In this paper, we propose a general scheme to extract the hopping sequence of FHSS-type controllers using a softwaredefined radio (SDR). We also propose a method to address the issue of the limited bandwidth of the SDR. We implemented our scheme on a Universal Software Radio Peripheral (USRP), successfully extracted the hopping sequence of the target system, and exposed the baseband signal.