This article explains the cyber security best practices when operating a WingtraOne Gen II that is flying under Blue sUAS
Limit physical access
To protect against unauthorized retrieval of data from the WingtraOne Gen II ensure that only authorized users have physical access to the drone. This includes the ground station tablet and the telemetry module and any memory devices like SD cards that have been used to collect data on the drone, or for transfer of the data to and from the drone or ground station tablet.
Prevention physical access can also protect against malicious modifications on the drone or ground station.
Turn on encryption
WingtraPilot is the interface through which to control the operation of the WingtraOne Gen II. During all phases pre-flight, flight and post-flight the communication is happening over telemetry connection.
To protect the communication channel privacy as well as to prevent unauthorized parties from sending any commands to the WingtraOne Gen II the telemetry encryption has to be turned on at all times.
The proper working of the ChaCha20 telemetry encryption with 256-bit security level can be seen visually in WingtraPilot by the small lock on the telemetry indicator in the top right corner of the screen.
Tablet password protection
The ground station tablet and the WingtraPilot app are the user interface to operate your WingtraOne Gen II. It stores critical mission data such as flight plans and terrain elevation data used during the flight. To ensure the integrity of the device it is recommended to limit the access to authorized personnel only through password screen lock. To enable this navigate on the Android system to Settings > Lock screen > Screen lock type.
Select Password and chose a strong key: Recommended at least 12 characters, mixed with numbers and special characters.
Settings for unsuccessful logon attempts
For additional security it is recommended to go to Secure lock settings and enable the settings Auto factory reset. With this all data on the ground station tablet will be erased after 15 incorrect attempts to unlock.
Micasense Altum and RedEdge-MX WiFi access
The two Micasense payloads Altum and RedEdge-MX have a WiFi on the payload. Note that the password for the WiFi is the same on all cameras and documented in the user manual online. Therefore it only offers weak protection.
Also note that the WiFi is only enabled before and after the flight to enable change in camera imaging settings (e.g. exposure, channels...) and the taking of calibration images via the QR mode workflow. During the flight it is turned off automatically by the WingtraOne Gen II.
Read about about the first steps with your WingtraOne Gen II in this article.
Or head back to the main Blue sUAS knowledge base page.