Why attackers care about this surface
Drones and robots collapse several security domains into one operational stack: firmware integrity, flight-control logic, telemetry exposure, remote management, mission planning, companion-computer trust and the human operator in the loop. A weakness in one layer can turn into loss of navigation integrity, unsafe movement, sensor spoofing, denied mission execution, operator deception or direct control-path compromise.
In practice that means the assessment has to move across layers. You may start at a radio link or a management interface, pivot into a companion computer, then validate what that means for the autopilot, the vehicle state and the mission outcome. The key question is always the same: what commands, assumptions or safety gates can an attacker influence from the outside?
Primary cyber-physical attack paths
Telemetry & control links
Assess MAVLink exposure, message trust, replay conditions, weakly separated control channels and whether external traffic can influence movement, mission state or operator confidence.
Companion computers
Pressure-test Linux-based companion nodes for weak services, key leakage, unsafe APIs, serial bridge abuse and privileged routes into navigation, autonomy or actuator-adjacent logic.
Autopilot & firmware trust
Review update paths, parameter persistence, boot assumptions, developer interfaces and what a malicious or altered build can change once it reaches the vehicle.
ROS 2 / robot middleware
Map graph exposure, node trust, topic abuse, data injection, bridge exposure and unsafe links between robotics middleware and safety-relevant motion components.
Sensors & navigation inputs
Look at GPS dependence, visual or range-based perception, spoofable state inputs and what the platform does when it receives believable but hostile data.
Mission tooling & operator workflow
Review mission planners, field laptops, configuration exports, radio setup and support tooling because operator-side compromise is often the cleanest route into the platform.
How to approach the assessment
Start by drawing the control chain end to end: ground station, radio path, base station, relay services, companion compute, autopilot, sensors and actuators. Then identify where commands originate, how trust is established, which channels are authenticated, what is signed, what is merely accepted and which faults degrade into unsafe but still “valid” behavior.
On mature targets, spend time on protocol visibility and message boundaries rather than only on web or host findings. On smaller fielded platforms, the fastest wins often sit in configuration inheritance, exposed serial interfaces, weak maintenance habits or over-trusted integration scripts.
What success can look like for an attacker
Control-path manipulation
Mission outcomes change because the platform accepts hostile commands, altered parameters or trusted-but-false operational state.
Telemetry deception
Operators keep making decisions on top of hostile or stale data because the visualized state still looks believable.
Companion pivot
A foothold on the support computer becomes a bridge into navigation, planning, media handling, sensor processing or actuator-adjacent logic.
ROS graph exposure
Unsafe node trust, open topics or weak bridges let external influence reach motion, planning or perception layers indirectly.
Operator workstation compromise
The cleanest path is sometimes not the airframe or robot at all, but the field laptop, mission planner or maintenance workflow feeding it.
Safety bypass by integration drift
Real risk often appears where one component assumes another component already validated trust, identity or safe state.
Reference links
- PX4 DocumentationAutopilot architecture, companion computer integration, simulation and developer workflows.
- MAVLink Developer GuideProtocol reference for telemetry, commands, missions and system interaction.
- ArduPilot Developer DocumentationOpen autopilot stack for aerial, ground and marine vehicles.
- ArduPilot ROS 2 IntegrationROS 2 coupling and development notes for ArduPilot-based systems.
- PX4 ROS 2 User GuideROS 2 architecture and middleware integration with PX4.
- ROS DocumentationRobotics middleware, nodes, topics and ecosystem-level references.
Where to pivot when the vehicle is only part of the story
Network
Use it when the vehicle stack depends on reachable management, relay or internal service infrastructure.
Advanced
Return to the specialist domain hub for mobile, cloud, IoT, OT and other high-context surfaces.
AI Security
Use it when autonomy, perception or agentic decision layers add model-driven risk on top of the control plane.