Search papers, labs, and topics across Lattice.
This paper explores control-aware attacks on ArduPilot-based UAVs by manipulating legitimate MAVLink commands to exploit the sensitivity of flight-controller dynamics. The authors identify six distinct attacks that alter PID gains and EKF configurations, leading to unsafe operating conditions and potential crashes. Through simulations and hardware validation, they demonstrate that these attacks can significantly degrade UAV stability and control, revealing critical security vulnerabilities in parameter handling and command trust.
Short sequences of legitimate MAVLink messages can trigger catastrophic failures in UAVs by exploiting vulnerabilities in flight-controller dynamics.
This paper investigates control-aware attacks against ArduPilot-based Unmanned Aerial Vehicles (UAVs), inwhich an adversary exploits the sensitivity of flight-controller dynamics to parameter changes to cause loss of control and crashes. It describes six attacks that exploit interactions among multi-layer controllers by modifying Proportional-Integral-Derivative (PID) gains, altering Extended Kalman Filter (EKF) estimation configuration, and violating failsafe assumptions, thereby forcing ArduPilot into unsafe operating conditions. We evaluate the attacks in Software-in-the-Loop (SITL) simulation and validate them on a Pixhawk 2.4.8 hardware platform. The results show that short sequences of well-formed MAVLink messages can exploit controller sensitivity to parameter values and updates frequency, affecting controller states and degrading attitude stability, angular-rate behavior, trajectory tracking, and estimator health. We demonstrate that when multiple effects are combined, the vehicle can enter an unsafe state and crashes. These findings show that security gaps in input-parameter handling, command trust, and controller-state validation can be exploited to cause loss of control and crashes in UAVs.