Unmanned Aerial Vehicles (UAVs) are becoming one of the main technological supports for commercial applications, embracing many domains ranging from human safety to the medical field, agriculture and environment, multimedia production, and even commercial delivery. This rise in popularity, however, is causing an increasing interest from criminals, making UAVs the target of new attacks. To fully characterize the current UAV cybersecurity landscape, we perform a complete literature review, digging into drone security historic facts and scientific studies on the matter, reviewing specialized articles and scientific papers focusing on cybersecurity threats and gaps in the context of small UAVs in commercial applications. Being a recent research and development area, most of the articles have been published between 2016 and 2020 as a direct consequence of the increase of security concerns and interest in the drone field. Papers in this review deal with UAV cyberthreats and related vulnerabilities, identifying flaws experimented in a lab or describing incidents detected in the field. Communication, sensors, and system misconfigurations are among the most important threat vectors, while sensor spoofing/jamming and malware DoS/control are among the most cited threats. Threat vectors permit depicting a complete overview of the topic and potential countermeasures known to date, with related gap analysis, also accounting for the recent Unmanned Aircraft System evolution toward ad hoc or cloud-based UAV networks. Countermeasures include the adoption of traditional communication encryption and standard protocols, GPS spoofing/jamming mitigation, encryption and privacy-aware implementations, and counter-malware techniques, to name the most adopted. It also emerges that often attacks are simply ported or adapted from other attacks in similar domains, while peculiar attacks still remain such as targeted physical attacks, specific UAV malware, and GPS spoofing/jamming.
展开▼
