Penetration Test Dan Analisis Forensik Pada Drone Komersial

Priyanto, Akbar Putra Asenti (2025) Penetration Test Dan Analisis Forensik Pada Drone Komersial. Other thesis, Institut Teknologi Sepuluh Nopember.

Text 5025211004-Undergraduate_Thesis.pdf - Accepted Version Download (11MB)

Abstract

Teknologi drone, atau Pesawat Tanpa Awak, telah mengalami pergeseran paradigma. Drone, yang sebelumnya banyak dimanfaatkan untuk kepentingan militer, saat ini mulai merambah ke berbagai sektor sipil dan komersial. Drone komersial adalah jenis drone yang umumnya dilengkapi dengan kamera dan digunakan untuk keperluan sipil, seperti sarana hobi dan rekreasi. Salah satu model drone komersial yang paling popular adalah DJI Tello, drone ini dapat diterbangkan melalui aplikasi pada smartphone dan koneksi jaringan Wi-Fi. Namun, adanya drone komersial membawa tantangannya tersendiri. Penyerang dapat mengeksploitasi vulnerability pada drone untuk melancarkan serangan yang mengganggu penerbangan drone, seperti manipulasi data dan penghentian operasional drone. Oleh karena itu, penelitian ini bertujuan untuk menguji keamanan sistem komunikasi drone komersial DJI Tello melalui serangan pada jaringan Wi-Fi sebagai bagian dari metode penetration testing serta menganalisis dampak serangan terhadap artefak digital yang ditinggalkan setelah serangan dilakukan.Metode penelitian terdiri dari tiga skenario serangan, yaitu deauthentication attack, ARP spoofing, dan session hijacking. Seluruh skenario dijalankan dalam lingkungan jaringan terbuka yang disediakan oleh drone DJI Tello. Serangan dilakukan menggunakan perangkat lunak seperti aireplay-ng, arpspoof, dan djitellopy, sementara artefak dikumpulkan melalui direktori pada aplikasi kontroler dan analisis paket jaringan menggunakan Wireshark. Hasil pengujian menunjukkan bahwa seluruh serangan berhasil dieksekusi dengan dampak nyata terhadap komunikasi drone. Skenario deauthentication attack menyebabkan putusnya koneksi kontroler dari drone. Skenario ARP spoofing berhasil memanipulasi alur komunikasi menuju mesin penyerang, sehingga memungkinkan penyadapan paket dan mengganggu perekaman artefak penerbangan. Skenario session hijacking memungkinkan seorang penyerang mengambil alih kontrol drone secara parsial. Artefak seperti file log penerbangan (.DAT), file video, dan capture jaringan dianalisis menggunakan tools seperti DatCon dan Wireshark untuk mengungkap bukti digital dari serangan. Penelitian ini menyimpulkan bahwa DJI Tello masih memiliki kerentanan dalam aspek keamanan komunikasi dan kendali yang dapat dieksploitasi oleh pihak yang tidak sah. Melalui hasil yang ditemukan, penelitian juga menunjukkan pentingnya penguatan sistem otentikasi dan enkripsi dalam komunikasi penerbangan drone untuk mencegah terjadinya eksploitasi selama penerbangan berlangsung.
====================================================================================================================================
Drone technology, also known as Unmanned Aerial Vehicles (UAVs), has undergone a paradigm shift. Originally developed for military purposes, drones have now expanded into various civilian and commercial sectors. Commercial drones are typically equipped with cameras and used for civilian purposes, such as hobbies and recreational activities. One of the most popular commercial drone models is the DJI Tello, which can be operated via a smartphone application through a Wi-Fi connection. However, the increasing use of commercial drones also presents new security challenges. Attackers may exploit vulnerabilities in drones to disrupt their operations, such as through data manipulation or forced termination of flight. This study aims to assess the communication security of the DJI Tello commercial drone by conducting Wi-Fi network-based attacks as part of penetration testing, and to analyze the impact of these attacks on the resulting digital artifacts. The research consists of three attack scenarios: deauthentication attack, ARP spoofing, and session hijacking. All scenarios were carried out within the open network environment provided by DJI Tello. Attacks were executed using tools such as aireplay-ng, arpspoof, and djitellopy, while artifacts were collected from the controller application directories and network packet captures using Wireshark. The results show that all attack scenarios were successfully executed with observable impacts on drone communication. The deauthentication attack caused disconnection between the controller and the drone. The ARP spoofing attack successfully redirected communication flows to the attacker's machine, enabling packet sniffing and interfering with flight artifact logging. The session hijacking scenario allowed the attacker to partially take over control of the drone. Artifacts such as flight log files (.DAT), video recordings, and network captures were analyzed using tools like DatCon and Wireshark to uncover digital evidence of the attacks. This study concludes that the DJI Tello still exhibits vulnerabilities in its communication and control mechanisms that can be exploited by unauthorized parties. These findings highlight the importance of strengthening authentication and encryption systems in drone communication to prevent exploitation during flight operations.

Item Type:	Thesis (Other)
Uncontrolled Keywords:	Drone, Forensik Drone, Drone Forensic, Penetration Test, Deauthentication Attack, ARP Spoofing
Subjects:	T Technology > T Technology (General) > T59.7 Human-machine systems. T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5103.2 Wireless communication systems. Two way wireless communication T Technology > TL Motor vehicles. Aeronautics. Astronautics > TL152.8 Vehicles, Remotely piloted. Autonomous vehicles. U Military Science > UG1242 Drone aircraft--Control systems. (unmanned vehicle) U Military Science > U Military Science (General) > UG Military Engineering > UG1242.D7 Unmanned aerial vehicles. Drone aircraft
Divisions:	Faculty of Information and Communication Technology > Informatics > 55201-(S1) Undergraduate Thesis
Depositing User:	Akbar Putra Asenti Priyanto
Date Deposited:	25 Jul 2025 07:52
Last Modified:	25 Jul 2025 07:52
URI:	http://repository.its.ac.id/id/eprint/121541

Actions (login required)

View Item