TA004 Execution · T004.001 — Technique
Malicious Command Injection
Transmission of crafted commands to the flight controller to alter altitude, heading, speed, mode, or mission parameters.
Sub-techniques (4)
- MAVLink SET_MODE / SET_POSITION injection
- RC override channel injection
- Waypoint table overwrite
- Forced RTL / Land / Disarm command
Applicable countermeasures
CM-001 Encrypted and Authenticated C2 Link
All C2 communications between GCS and drone must use mutual-authentication encryption (AES-256 minimum) with replay protection.
NIST SP 800-53 SC-8 · DO-326A Sec 6.2 · EUROCAE ED-202A · STANAG 4586
CM-006 Onboard Behavioral Anomaly Detection
Real-time monitoring of flight control inputs, sensor streams, and communication patterns for spoofing, injection, or hijacking indicators.
NIST SP 800-53 SI-4 · DO-178C · IEC 62443-3-3 SR 6.1 · MITRE ATT&CK for ICS
CM-011 Tamper-Resistant Geofencing
Open in the interactive matrix
Cryptographically signed geofence zone definitions with hardware-enforced boundaries that cannot be overridden by software command.
EU Reg. 2019/945 · FAA Part 107 · ASTM F3322 · NIST SP 800-53 SI-10