Why attackers care about this surface
Drones and robots collapse several security domains into one operational stack: firmware integrity, flight-control logic, telemetry exposure, remote management, mission planning, companion-computer trust and the human operator in the loop. A weakness in one layer can turn into loss of navigation integrity, unsafe movement, sensor spoofing, denied mission execution, operator deception or direct control-path compromise.
In practice that means the assessment has to move across layers. You may start at a radio link or a management interface, pivot into a companion computer, then validate what that means for the autopilot, the vehicle state and the mission outcome. The key question is always the same: what commands, assumptions or safety gates can an attacker influence from the outside?
Primary cyber-physical attack paths
Telemetry & control links
Cyber-physical trust paths across telemetry, middleware, operator tooling and control loops.
Companion computers
Cyber-physical trust paths across telemetry, middleware, operator tooling and control loops.
Autopilot & firmware trust
Industrial protocols, engineering trust and process-level exposure in operational environments.
ROS 2 / robot middleware
Industrial protocols, engineering trust and process-level exposure in operational environments.
Sensors & navigation inputs
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
Mission tooling & operator workflow
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
How to approach the assessment
Start by drawing the control chain end to end: ground station, radio path, base station, relay services, companion compute, autopilot, sensors and actuators. Then identify where commands originate, how trust is established, which channels are authenticated, what is signed, what is merely accepted and which faults degrade into unsafe but still “valid” behavior.
On mature targets, spend time on protocol visibility and message boundaries rather than only on web or host findings. On smaller fielded platforms, the fastest wins often sit in configuration inheritance, exposed serial interfaces, weak maintenance habits or over-trusted integration scripts.
What success can look like for an attacker
Control-path manipulation
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
Telemetry deception
Cyber-physical trust paths across telemetry, middleware, operator tooling and control loops.
Companion pivot
Movement through constrained network paths, tunnelling choices and access extension logic.
ROS graph exposure
Cyber-physical trust paths across telemetry, middleware, operator tooling and control loops.
Operator workstation compromise
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
Safety bypass by integration drift
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
Reference links
- PX4 DocumentationAutopilot architecture, companion computer integration, simulation and developer workflows.
- MAVLink Developer GuideProtocol reference for telemetry, commands, missions and system interaction.
- ArduPilot Developer DocumentationOpen autopilot stack for aerial, ground and marine vehicles.
- ArduPilot ROS 2 IntegrationROS 2 coupling and development notes for ArduPilot-based systems.
- PX4 ROS 2 User GuideROS 2 architecture and middleware integration with PX4.
- ROS DocumentationRobotics middleware, nodes, topics and ecosystem-level references.
Where to pivot when the vehicle is only part of the story
Network
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
Advanced
Drone and robotics work lives where software, radio, sensors and physical control meet. The value is in showing how telemetry trust, middleware exposure and operator tooling can drift into real control risk.
AI Security
Model-backed attack paths across prompts, retrieval, orchestration and tool invocation.