Slashdot Mirror
$26 of Software Defeats American Military
reporter writes "A computer program that can be easily purchased for $25.95 off the Internet can read and store the data transmitted on an unsecured channel by an unmanned drone. Drones are crucial to American military operations, for these aerial vehicles enable Washington to conduct war with a reduced number of soldiers. '... the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'"
We need an OSS option stat. Nobody should have to give up their software freedom just to make a mockery of America's finest tech toys.
The only question is, would this make more sense as an added option in wireshark, or GNU Radio?
So they recorded unencrypted OTA video feeds? While yes, they probably should have been encrypted in the first place and . . .
The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.
Yea that's kinda bad and lazy of them,
Senior military and intelligence officials said the U.S. was working to encrypt all of its drone video feeds from Iraq, Afghanistan and Pakistan, but said it wasn't yet clear if the problem had been completely resolved.
they're fixing it.
Your hair look like poop, Bob! - Wanker.
Reading the information in the article and deducting from the software used, all you need is satellite internet card, satellite dish and the SkyGrabber, a bit of software that records anything video like it finds in satellite data stream. Pretty much off the shelf hardware for a place with limited infrastructure.
No, demodulating a signal is not news. But not encrypting it in the first place ought to be.
(And TFA had a red herring in its focus on the software used to record the signal--the software is probably the easy part, once you've captured the signal).
We were using SINCGARS in the early 90's. SINCGARS is a frequency hopping, encrypted method of voice communication. We were just starting to use it to network military vehicles and personnel with HQ and each other. If SINCGARS could have been cracked, it would have put a beacon on every vehicle and soldier on and off the battlefield, not to mention eavesdropping. However, the inventor of SINCGARS could not decrypt the signal without the software and hardware keys. The software keys were changed at will. Usually weekly, but could easily be done daily. I am shocked that this signal does not use better encryption and/or frequency hopping. This type of communication is critical to tomorrow's battlefield.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
It should've been encrypted, for sure. Agreed.
However, it does need to be encryption that works over a noisy channel, with possible gaps in the datastream. Your typical block-cipher using chaining thus doesn't qualify. (If you wonder why, try encrypting a one-megabyte file, then change a few characters randomly in the first half of the file, then decrypt it)
It's still not a hard problem mind you, just slightly more so than "grab AES, set it to CBC-mode"
You really should attribute Blackadder when you quote it.
Anyway, it was written for comedic effect rather than accuracy, generally in colonial wars British fought against people with guns, Zulus being a prime example of a group often depicted inaccurately without firearms or military organization, an insult to both sides of that conflict.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
Regarding your classmate who is a "Major" in the US Navy... The Navy does not have a rank called Major. So, either your classmate is a Major in one of the other 3 branches of the military (Army, Air Force, or Marine Corps), or he is a Lieutenant Commander in the Navy.
A Vigenère cipher generates ciphertext C(N) by passing plaintext symbol P(N) through the function E(P(N), K[N mod len(K)]), where N is the symbol number of the input, K is the key, K[Q] is the Qth symbol in K, and E is a function such that E(A,B) -> A', and E(A',B) -> A. Decryption simply applies the same function to the ciphertext, yielding the original plaintext.
This description clearly applies to XOR with a random pad. What makes a one-time pad secure is that the key is always longer than the input, so attacks that depend on correlation don't work. Conversely, Vigenère is insecure because the key repeats. Used with a random "key" as long as the message, Vigenère is equivalent to XOR, and is provably and perfectly secure.
Warning:
Comment in first link warns not to trust uploader. Possible nasty shit instead of actual App.
And, no, I am not going to find out...The last thing I want is the feds kicking in my door. Keeping the article in mind, I suspect the Government will be closely watching these torrents now (if they haven't already been doing so. Wouldn't surprise me if the whole story is a government plant to smoke out tourists...erm, terrorists).
I apologize for the self-response, but felt it was warranted.
Telling me the key length is a big hint. But 5,632 bytes is only about 11 repetitions of your key. That means I have 512 separate Caesar ciphers to crack, with a ciphertext of 10 or 11 characters each. Even Sherlock Holmes needed more than that to solve the puzzle of the Dancing Men.
Feel free to carry on using your not-so-one-time pad, though. The larger the data set relative to the key, the easier it gets. Once you give the attacker enough data to make frequency analysis possible on the 512 separate Caesar ciphers, then your Vigenere cipher is gone.
Real Daleks don't climb stairs - they level the building.