Fayzah Alshammari, Dhruv Kandula, Mohamad Habib Fakih, Shaoyuan Xie, Mohammad Al Faruque, and Qi Alfred Chen, University of California, Irvine
Robotic Vehicles (RVs), particularly drones, represent critical cyber-physical systems that are fundamentally dependent on network connectivity for operation and thus susceptible to network-based cyber-attacks. While such drone-targeted cyber-attacks have been considerably studied in literature, we find that the majority (76.3%) of them focus on the cyber-vulnerability discovery and validation only without any experimental understanding of whether such cyber-attacks can indeed cause meaningful physical impacts at the end-to-end RV system operation level; in fact, some of them (26.3%) do not even describe the potential of causing such end-to-end physical impacts. In this work, we present CPExploiter, a novel framework to systematically reveal how network-based cyber vulnerabilities in RVs can escalate into severe physical failures. It uses structured VEI scenarios and automates escalation discovery via UAV-specific parameters, guided in part by Large Language Models (LLMs), to expose cascading failure patterns and high-severity outcomes at the system level. This demonstration will include videos and figures of CPExploiter in action, showcasing the structured mapping of Vulnerability-Exploit-Impact (VEI) scenarios, automated discovery of escalation paths, and validation of end-to-end physical impacts through both Software-in-the-Loop (SITL) simulation and real-world UAV experimentation.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
