TA006 Defense Evasion · T006.005 — Technique
Safe Mode Exploitation
Exploitation of reduced security posture during drone safe mode or failsafe recovery to execute normally blocked actions.
Sub-techniques (3)
- Unauthorized command injection during failsafe
- Safe mode parameter modification
- Recovery mode firmware replacement
Applicable countermeasures
CM-004 Remote ID Broadcast Integrity
Tamper-resistant Remote ID broadcast per ASTM F3411-22 with detection and alerting of suppression or spoofing attempts.
ASTM F3411-22 · EU Reg. 2019/945 · FAA Part 89 · NIST SP 800-53 IA-3
CM-006 Onboard Behavioral Anomaly Detection
Open in the interactive matrix
Real-time monitoring of flight control inputs, sensor streams, and communication patterns for spoofing, injection, or hijacking indicators.
NIST SP 800-53 SI-4 · DO-178C · IEC 62443-3-3 SR 6.1 · MITRE ATT&CK for ICS