FlyTrap Attack Uses Adversarial Umbrellas to Compromise Camera-Based Autonomous Drones

What FlyTrap Does

FlyTrap is a physical-world attack framework targeting Autonomous Target Tracking (ATT) systems, particularly ATT drones used in surveillance, border control, and law enforcement. The attack employs an adversarial umbrella as a deployable, domain-specific attack vector to execute distance-pulling attacks (DPA).

How It Works

The attack exploits vulnerabilities in ATT systems to dangerously reduce tracking distances through a progressive distance-pulling strategy with controllable spatial-temporal consistency designs. This manipulation causes drones to move closer than intended, putting them within range for capture, sensor attacks, or direct collisions.

Key Attack Objectives

• Physical deployability: Uses actual umbrellas as attack vectors in real-world environments
• Closed-loop effectiveness: Works in dynamic, real-time tracking scenarios
• Spatial-temporal consistency: Maintains attack effectiveness across time and space

Evaluation Results

Researchers conducted closed-loop experiments on both white-box and commercial ATT drones, including DJI and HoverAir models. FlyTrap successfully reduced tracking distances to ranges where drones could be captured, sensor-attacked, or crashed. The paper includes new datasets and metrics specifically developed for evaluating these types of physical attacks.

Security Implications

The research highlights urgent security risks for ATT system deployment. Since ATT drones are already used in critical applications and have been misused for stalking and destructive actions, these vulnerabilities have practical implications for real-world safety and security.

The paper represents an extended version accepted by NDSS 2026 and includes fixes for some typos from the original submission.