[2025.10.13] Catch Me If You Can: Covert Information Leakage from Drones using MAVLink Protocol

Abstract:

The number of applications of unmanned aerial vehicles (UAVs) (aka drones) is rapidly expanding. However, the wireless and broadcast nature of communications between the drones and their operators (i.e., Ground control station (GCS)) presents a risk for this channel to be exploited by outsiders. Specifically, an attacker can abuse benign communications as a cover to leak sensitive drone data secretly to nearby adversaries within the transmission range of a drone. Therefore, in this paper, we investigate the threat of information leakage through MAVLink, a drone control protocol that is widely used in the majority of drone autopilot systems and is considered a de-facto standard. We show that multiple covert channels can be created in MAVLink by exploiting its lack of security mechanisms, default broadcast messages, and redundant features. We design and implement the novel covert channels on a realistic drone testbed in practical settings and assess their feasibility. Our extensive results demonstrate that attackers can effectively exfiltrate different types of sensitive data from drones with a high throughput via MAVLink-based covert channels in the presence of an active warden at the GCS. Finally, we provide an in-depth analysis of several countermeasures for MAVLink-based covert channels to improve the protocol's security. To the best of our knowledge, this is the first work exploiting the popular MAVLink protocol for covert communications and demonstrating how it can be manipulated by the adversary for secret communications over commodity drones.