Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Identifying Cybersecurity Risks for a Drone Being Controlled Over a Webplatform for One or Several Domains

Huynh, Tonny LU and Alzain, Ashraf (2025) EITL05 20251
Department of Electrical and Information Technology
Abstract
Emerging technologies have increased the need for cybersecurity protection in web-based
systems. This is especially true for drone systems, where any attack would threaten critical
missions trying to save lives. In this study, the Remote Mission Control platform developed
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing
improvements to strengthen the system's overall security.
The methods used in this study included researching common cybersecurity threats,
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved
identifying both strengths and vulnerabilities in the code and system architecture through
developer interviews and vulnerability assessments,... (More)
Emerging technologies have increased the need for cybersecurity protection in web-based
systems. This is especially true for drone systems, where any attack would threaten critical
missions trying to save lives. In this study, the Remote Mission Control platform developed
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing
improvements to strengthen the system's overall security.
The methods used in this study included researching common cybersecurity threats,
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved
identifying both strengths and vulnerabilities in the code and system architecture through
developer interviews and vulnerability assessments, compared against industry standards
like the OWASP Top 10.
The analysis revealed some security weaknesses and strengths in the system. The strengths
included the use of Role-Based Access Control and JWTtokens for session management.
However, several security weaknesses were identified. Most importantly the system lacks
Multi-Factor Authentication, which may make it vulnerable to brute-force and dictionary
attacks. Additionally, there is no monitoring system implemented, which can leave
malicious activities unnoticed like DDoS attacks. Also protection against CSRF and XSS
attacks can be improved. Recommendations to improve security include implementing
Multi-Factor Authentication, enhancing CSRF protections by implementing csrf tokens and
integrating a real-time monitoring system to detect suspicious activity.
Future work should focus on securing the new SQL database, which was moved from
Firebase to Supabase, creating potential risks for SQL injection attacks. To prevent this, it’s
important to use parameterized queries and avoid raw SQL queries. Other suggestions
include improving DoS attack protection with anomaly detection systems, dealing with
emerging risks like GPS spoofing in drone operations, and adding Single Sign-On to make
authentication easier and safer by reducing the need for multiple login credentials. (Less)
Please use this url to cite or link to this publication:
author
Huynh, Tonny LU and Alzain, Ashraf
supervisor
organization
course
EITL05 20251
year
type
M2 - Bachelor Degree
subject
keywords
Drones, Remote Control, Websecurity, Cybersecurity, Webattacks
report number
LU/LTH-EIT 2025-1055
language
English
id
9199670
date added to LUP
2025-06-16 14:27:27
date last changed
2025-06-16 14:27:27
@misc{9199670,
  abstract     = {{Emerging technologies have increased the need for cybersecurity protection in web-based 
systems. This is especially true for drone systems, where any attack would threaten critical 
missions trying to save lives. In this study, the Remote Mission Control platform developed 
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing 
improvements to strengthen the system's overall security. 
The methods used in this study included researching common cybersecurity threats, 
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved 
identifying both strengths and vulnerabilities in the code and system architecture through 
developer interviews and vulnerability assessments, compared against industry standards 
like the OWASP Top 10. 
The analysis revealed some security weaknesses and strengths in the system. The strengths 
included the use of Role-Based Access Control and JWTtokens for session management. 
However, several security weaknesses were identified. Most importantly the system lacks 
Multi-Factor Authentication, which may make it vulnerable to brute-force and dictionary 
attacks. Additionally, there is no monitoring system implemented, which can leave 
malicious activities unnoticed like DDoS attacks. Also protection against CSRF and XSS 
attacks can be improved. Recommendations to improve security include implementing 
Multi-Factor Authentication, enhancing CSRF protections by implementing csrf tokens and 
integrating a real-time monitoring system to detect suspicious activity. 
Future work should focus on securing the new SQL database, which was moved from 
Firebase to Supabase, creating potential risks for SQL injection attacks. To prevent this, it’s 
important to use parameterized queries and avoid raw SQL queries. Other suggestions 
include improving DoS attack protection with anomaly detection systems, dealing with 
emerging risks like GPS spoofing in drone operations, and adding Single Sign-On to make 
authentication easier and safer by reducing the need for multiple login credentials.}},
  author       = {{Huynh, Tonny and Alzain, Ashraf}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Identifying Cybersecurity Risks for a Drone Being Controlled Over a Webplatform for One or Several Domains}},
  year         = {{2025}},
}