> series: sector_under_the_microscope —— part: 11/12 —— domain: aerial —— platform: uav<span class="cursor-blink">_</span>_
Commercial drones have moved far beyond hobbyist toys. They conduct aerial surveys for construction firms, inspect critical infrastructure for utility companies, deliver medical supplies, monitor agricultural land, provide security patrols for corporate campuses, and capture imagery for film, media, and mapping companies. Each of these operations involves a flying computer — equipped with cameras, GPS, wireless communications, onboard storage, and frequently a network connection to ground infrastructure — operating in an environment where the physical and cyber attack surfaces converge.
This article examines the cyber security threats specific to aerial UAV operations, drawing on our experience from UAV penetration testing engagements and our airspace security practice. Our From the Hacker Desk series has documented these attacks in practice — from hijacking construction survey drones to GPS spoofing security patrol UAVs to pivoting from a drone into the corporate network.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping CallAerial UAVs present an attack surface that spans three domains simultaneously: the RF (radio frequency) communications layer between controller and aircraft, the cyber layer including onboard systems and ground station software, and the physical domain where the aircraft operates in open airspace accessible to anyone within range. Attackers can target any of these domains — or combine attacks across all three.
| Attack Vector | Technique | Consequence |
|---|---|---|
| Command Link Hijacking | Intercepting and replaying or injecting commands on the radio frequency link between the controller and the aircraft. Many commercial drones use unencrypted or weakly authenticated command protocols that can be captured and manipulated with commodity software-defined radio (SDR) equipment. | Attacker takes control of the aircraft — redirecting it, landing it, or crashing it. In our construction drone engagement, we demonstrated full command takeover of a commercial survey UAV. |
| GPS Spoofing | Broadcasting counterfeit GPS signals that override the legitimate satellite signals the drone uses for navigation. The drone's navigation system accepts the spoofed position data and adjusts its flight path accordingly — without any indication to the operator that the position is false. | Attacker redirects the drone to an arbitrary location, forces an emergency landing at a chosen point, or creates geofence violations that trigger automatic landing. Our GPS spoofing article details this technique against an autonomous security patrol. |
| Telemetry and Video Interception | Capturing the downlink telemetry (altitude, speed, GPS coordinates, battery status) and video feed transmitted from the drone to the ground station. Many commercial platforms transmit video and telemetry unencrypted or with weak encryption that can be decoded in real-time. | Attacker gains real-time intelligence on drone position, flight path, and what the drone's camera sees — enabling surveillance of the surveillance platform. For security patrol drones, this reveals the patrol pattern and any gaps in coverage. |
| Firmware Exploitation | Extracting firmware from the drone or controller hardware and reverse-engineering it to discover hardcoded credentials, unencrypted update channels, and authentication tokens. Our controller firmware analysis revealed hardcoded credentials and unencrypted update mechanisms that enabled full platform compromise. | Attacker gains persistent access to the drone platform, potentially across all devices using the same firmware. Hardcoded credentials discovered in one unit apply to every unit of the same model. |
| Data Exfiltration from Stored Imagery | Accessing the drone's onboard storage — SD cards, internal memory — to extract captured imagery, GPS logs, cached Wi-Fi credentials, and metadata. Our airborne reconnaissance article documented how a corporate drone had passively accumulated months of sensitive intelligence. | Attacker obtains aerial imagery of sensitive sites, GPS logs revealing operational patterns, cached Wi-Fi credentials from every network the drone has connected to, and metadata exposing client sites and personnel. |
| Network Pivot via Drone | Using a drone's network connectivity — Wi-Fi for file upload, cellular for telemetry — as a bridge into the corporate network. Our drone-to-network pivot article demonstrated how a drone configured to sync imagery to a corporate server became an internal network bridgehead. | Attacker bypasses perimeter security entirely — the drone inherits internal network trust when it connects to upload data, providing a pivot point behind the firewall that exists above the physical security boundary. |
The aerial drone threat landscape is not limited to military or government operations. Any organisation that deploys commercial drones faces these risks — and the range of organisations using drones has expanded dramatically.
Our UAV penetration testing service assesses the complete aerial drone attack surface — from RF communications and GPS integrity through firmware and ground station security to data handling and network integration. The methodology draws on our airspace security practice and wireless and spectrum security expertise.
Security against aerial drone threats is not solely about hardening your own drones — it is also about detecting hostile drones in your airspace. Our airspace security service includes RF-based drone detection, radar integration, and acoustic sensing that identifies unauthorised UAV activity in your operational area. This is relevant for critical infrastructure sites, corporate campuses, government facilities, and any location where unauthorised aerial surveillance or drone-based attack is a concern.
For organisations that need continuous airspace monitoring alongside their IT security monitoring, SOC in a Box integrates with airspace detection systems to provide a unified view of both cyber and physical domain threats — because in the world of UAV security, the two domains are inseparable.
In the final article of this extended series, we move from the sky to the sea — examining the emerging and rapidly growing threat landscape of submersible drones and autonomous underwater vehicles (AUVs). The same principles of RF security, GPS integrity, firmware hardening, and data protection apply beneath the surface — but with unique physical and operational constraints that create an entirely different challenge.
Hedgehog Security operates one of the UK's few dedicated <a href="/penetration-testing/uav-drone">UAV penetration testing</a> and <a href="/airspace-security">airspace security</a> practices. We combine RF analysis, firmware reverse engineering, GPS integrity testing, and network pivot assessment into a comprehensive evaluation of your aerial drone operations. Our <a href="/wireless-spectrum-security">wireless and spectrum security</a> expertise underpins every engagement.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call