Identifying Cybersecurity Risks for a Drone Being Controlled Over a Webplatform for One or Several Domains
(2025) EITL05 20251Department of Electrical and Information Technology
- Abstract
- Emerging technologies have increased the need for cybersecurity protection in web-based
systems. This is especially true for drone systems, where any attack would threaten critical
missions trying to save lives. In this study, the Remote Mission Control platform developed
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing
improvements to strengthen the system's overall security.
The methods used in this study included researching common cybersecurity threats,
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved
identifying both strengths and vulnerabilities in the code and system architecture through
developer interviews and vulnerability assessments,... (More) - Emerging technologies have increased the need for cybersecurity protection in web-based
systems. This is especially true for drone systems, where any attack would threaten critical
missions trying to save lives. In this study, the Remote Mission Control platform developed
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing
improvements to strengthen the system's overall security.
The methods used in this study included researching common cybersecurity threats,
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved
identifying both strengths and vulnerabilities in the code and system architecture through
developer interviews and vulnerability assessments, compared against industry standards
like the OWASP Top 10.
The analysis revealed some security weaknesses and strengths in the system. The strengths
included the use of Role-Based Access Control and JWTtokens for session management.
However, several security weaknesses were identified. Most importantly the system lacks
Multi-Factor Authentication, which may make it vulnerable to brute-force and dictionary
attacks. Additionally, there is no monitoring system implemented, which can leave
malicious activities unnoticed like DDoS attacks. Also protection against CSRF and XSS
attacks can be improved. Recommendations to improve security include implementing
Multi-Factor Authentication, enhancing CSRF protections by implementing csrf tokens and
integrating a real-time monitoring system to detect suspicious activity.
Future work should focus on securing the new SQL database, which was moved from
Firebase to Supabase, creating potential risks for SQL injection attacks. To prevent this, it’s
important to use parameterized queries and avoid raw SQL queries. Other suggestions
include improving DoS attack protection with anomaly detection systems, dealing with
emerging risks like GPS spoofing in drone operations, and adding Single Sign-On to make
authentication easier and safer by reducing the need for multiple login credentials. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9199670
- author
- Huynh, Tonny LU and Alzain, Ashraf
- supervisor
- organization
- course
- EITL05 20251
- year
- 2025
- type
- M2 - Bachelor Degree
- subject
- keywords
- Drones, Remote Control, Websecurity, Cybersecurity, Webattacks
- report number
- LU/LTH-EIT 2025-1055
- language
- English
- id
- 9199670
- date added to LUP
- 2025-06-16 14:27:27
- date last changed
- 2025-06-16 14:27:27
@misc{9199670,
abstract = {{Emerging technologies have increased the need for cybersecurity protection in web-based
systems. This is especially true for drone systems, where any attack would threaten critical
missions trying to save lives. In this study, the Remote Mission Control platform developed
by Remote Aero is examined, the goal is identifying cybersecurity risks and proposing
improvements to strengthen the system's overall security.
The methods used in this study included researching common cybersecurity threats,
followed by an analysis of Remote Aero’s Remote Mission Control platform. This involved
identifying both strengths and vulnerabilities in the code and system architecture through
developer interviews and vulnerability assessments, compared against industry standards
like the OWASP Top 10.
The analysis revealed some security weaknesses and strengths in the system. The strengths
included the use of Role-Based Access Control and JWTtokens for session management.
However, several security weaknesses were identified. Most importantly the system lacks
Multi-Factor Authentication, which may make it vulnerable to brute-force and dictionary
attacks. Additionally, there is no monitoring system implemented, which can leave
malicious activities unnoticed like DDoS attacks. Also protection against CSRF and XSS
attacks can be improved. Recommendations to improve security include implementing
Multi-Factor Authentication, enhancing CSRF protections by implementing csrf tokens and
integrating a real-time monitoring system to detect suspicious activity.
Future work should focus on securing the new SQL database, which was moved from
Firebase to Supabase, creating potential risks for SQL injection attacks. To prevent this, it’s
important to use parameterized queries and avoid raw SQL queries. Other suggestions
include improving DoS attack protection with anomaly detection systems, dealing with
emerging risks like GPS spoofing in drone operations, and adding Single Sign-On to make
authentication easier and safer by reducing the need for multiple login credentials.}},
author = {{Huynh, Tonny and Alzain, Ashraf}},
language = {{eng}},
note = {{Student Paper}},
title = {{Identifying Cybersecurity Risks for a Drone Being Controlled Over a Webplatform for One or Several Domains}},
year = {{2025}},
}