Entry details

Chirol
Author

Chirol

Date

December 17th, 2009

Tags

, , , , ,

Comments

10 Comments so far.
Add yours.

Insurgents Hacking Drone

Fresh from the WSJ this morning.It seems Iraqi insurgents are beginning to steal signals from US drones. Evidence backing John Robb’s Global Guerillas theory seems to mount daily. Here’s the article

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber—available for as little as $25.95 on the Internet—to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

Read the rest.

Comment: This is the other side of technology that we haven’t heard much about. While certainly it is not a surprise to many experts, it is an area that seems largely undiscussed in public. I would hope the military is already planning for contingencies that include the enemy taking control of unmanned land, sea and air vehicles. But the article continuously stating that things are ok, and no damage was done makes this author rather suspicious. One has to wonder whether this is also occuring in Afghanistan and Pakistan. The ‘honeymoon phase’ of unmanned vehicles is slowlycoming to an end.

Comments to this entry

Wilson
December 17, 2009
4:51 pm
It is entirely and painfully ridiculous that one production-model drone ever shipped without encrypted communications with its controllers.
They should just be using TLS to secure the transport along with a private key loaded on the drone and the operator's system.

That sounds like about two days of work to me; if their architecture is so complex that this is a difficult task, then there is no hope for US battlespace security.

The WSJ article implies that there is some kind of additional hardware needed to implement this? While I don't know the implementation details of the drone network, this seems like a 100% software problem to me. At first I was speculating that there might not be enough CPU power on the drones to do this, but then I remembered that this is 2009 and my cellphone can encrypt a high-res video stream on the fly with room left over to let me listen to music and read email.

Maybe the DoD can pay Raytheon to duct-tape iPhones to their drones? http://bits.blogs.nytimes.com/2009/12/16/the-iphone-goes-to-war/?hp
DJ
December 17, 2009
6:25 pm
There are a lot of different drones. Everyone thinks about Predator and Reaper, however the video feeds they looked into could be shoulder launched ones like Raven

They did not hack anything, they just got software and a receiver and are picking up live video feeds.
SJPONeill
December 17, 2009
7:04 pm
We keep prattling on and on about asymmetry and the bad guys targeting our weaknesses and then get all surprised when they do so...?
Last Call for 2009 « The World According to Me…
December 17, 2009
8:03 pm
[...] Coming Anarchy and Lex Neptunus offer comment on a recent Wall Street Journal piece on the alleged ability of [...]
Wilson
December 17, 2009
9:35 pm
Haha, here's a report from 13 years ago that talks about this vulnerability: http://www.fas.org/irp/doddir/usaf/conops_uav/part01.htm
(see the section on Electromagnetic Spectrum Threats)
T. Greer
December 18, 2009
12:40 am
This is frightening. Not that I am afraid of insurgents. But think - if they can do this with $26, what can the Chinese, Russians, Iranians, or Indians do?
ElamBend
December 18, 2009
4:10 am
This is not a sign of ingenuity on the insurgents side so much as complete incompetence on the US Military (and probably a violation of FISMA). It's the equivalent of giving our guys CBs (citizen band) and the insurgents using a police scanner to listen in.

I'm curious to how they stumbled onto this. One possibility is that they had receivers for their own drones provided by the Iranians and stumbled onto it. I haven't seen any reports of black hat drones in Iraq, but if Hezbollah had em...
Wilson
December 18, 2009
5:04 am
Hell, I would be reading everything I could find about drones online if they were being used to hunt me, and this aspect of the system is mentioned in documents posted in the Clinton era.
Jim - Hacker Forums
December 18, 2009
12:39 pm
The Done's were not actually hacked, they just got lucky and found a laptop that had images on it. Iraqis are free to roam our posts in Iraq because they do most of our cleaning over there. I bet the laptop was stolen. There just is not enough proof to say the Dones themselves were actually "hacked".
marku
December 19, 2009
11:41 pm
Not hacked, just captured unencrypted video. Not just drones, turns out that the cameras on all sorts of aerial vehicles from A10s to Gunships send unencrypted video to troops on the ground.
http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on-most-us-warplanes/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29&utm_content=Google+Feedfetcher

And it is not simple to fix, as the article points out:
"Can these feeds be encrypted with 99.5 percent chance of no compromise? Absolutely! Can you guarantee that all the encryption keys make it down to the lowest levels in the Army or USMC [United States Marine Corps]? No way,” adds a second Air Force officer, familiar with the ROVER issue. “Do they trust their soldiers/Marines with these encryption keys? Don’t know that.”

Dumb.