Akademik Veri Yönetim Sistemi
IEEE TRANSACTIONS ON COMMUNICATIONS, cilt.74, ss.2564-2579, 2026 (SCI-Expanded, Scopus)
Uncrewed aerial vehicles (UAVs) are becoming increasingly prevalent in modern society, but are often insecure by design or limited in security capability due to computational constraints. The growing open-source UAV ecosystem has further enabled custom software and hardware development, frequently without adherence to established best practices. At the centre of this ecosystem is the MAVLink protocol, used primarily, but not exclusively, for communication between UAVs and their associated Ground Control Stations (GCSs). Since the adoption of MAVLink 2.0 in 2017, limited research has been conducted on its in-built security mechanisms. Although MAVLink 2.0 supports message signing, its signature scheme remains highly vulnerable. This study presents a novel attack that exploits GPS-based timestamp manipulation without the knowledge of a UAV’s secret key. The attack is evaluated in simulation, hardware-in-the-loop tests, and hardware environment tests. This paper also outlines potential countermeasures and briefly discusses the broader applicability of the attack to other GPS-synchronised systems beyond UAVs.