The United States Cybersecurity and Infrastructure Security Agency (CISA) warns that hackers could take control of a drone due to a security vulnerability in PX4 Autopilot software.
“Successful exploitation of this vulnerability could allow an attacker with access to the MAVLink interface to execute arbitrary shell commands without cryptographic authentication,” CISA said in an advisory.
CISA recommends users take defensive measures to minimise the risk of exploitation of this vulnerability:
- Minimise network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolate them from business networks.
- When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognising VPNs may have vulnerabilities and should be updated to the most current version available. Also recognise that the VPN is only as secure as the connected devices.
No known public exploitation specifically targeting this vulnerability has been reported to CISA as yet.
For more information
Image: Kaleb Kendall / Unsplash