This study addresses a critical security vulnerability in unmanned aerial vehicle (UAV) flight control systems, demonstrating that their fail-safe mechanisms are susceptible to non-invasive voltage glitching attacks, thereby compromising system reliability. For the first time, the authors integrate ARMORY software-based fault simulation with the ChipWhisperer hardware voltage glitching platform to launch timing-precise attacks against the fail-safe logic of a UAV autopilot implemented on an STM32 microcontroller. This hardware-software co-design approach successfully identifies narrow execution windows harboring exploitable security flaws, enabling the suppression or manipulation of emergency responses—such as disabling failsafe landing protocols. The results validate the feasibility of timing-sensitive fault injection targeting flight controllers and underscore the tangible hardware-level security risks confronting cyber-physical systems.

As Cyber-Physical Systems (CPS) become increasingly pervasive and autonomous, ensuring the resilience of their embedded logic is critical to maintaining safety and integrity. Among the most stealthy and damaging threats are non-invasive fault injection attacks, where hardware-level disturbances propagate into software execution and compromise control logic. In this paper, we investigate the susceptibility of Unmanned Aerial Vehicle (UAV) autopilot fail-safe mechanisms to voltage glitch fault injection. We introduce a dual evaluation approach: software-based fault simulation using ARMORY and hardware-based experiments with a voltage glitching platform (Chip-Whisperer), applying controlled and timely faults to an STM32 microcontroller running UAV-Autopilot fail-safe logic. Our targeted analysis of specific fail-safe modes uncovers timing-sensitive vulnerabilities that can suppress or alter safety responses, such as disabling emergency failsafe activation at critical moments, potentially enabling UAV hijacking. Furthermore, we validate software-based fault injection results against real hardware behavior, demonstrating how simulated attacks translate into tangible risks for CPS security and reliability.