GPS Spoofing Attack Hacks Drones

← Back to Stories (view on slashdot.org)

GPS Spoofing Attack Hacks Drones

Posted by Soulskill on Friday June 29, 2012 @02:50AM from the defense-against-the-borg dept.

Rambo Tribble writes "The BBC is reporting that researchers from the University of Texas at Austin managed to hack an experimental drone by spoofing GPS signals. Theoretically, this would allow the hackers to direct the drone to coordinates of their choosing. 'The spoofed drone used an unencrypted GPS signal, which is normally used by civilian planes, says Noel Sharkey, co-founder of the International Committee for Robot Arms Control. "It's easy to spoof an unencrypted drone. Anybody technically skilled could do this - it would cost them some £700 for the equipment and that's it," he told BBC News. "It's very dangerous - if a drone is being directed somewhere using its GPS, [a spoofer] can make it think it's somewhere else and make it crash into a building, or crash somewhere else, or just steal it and fill it with explosives and direct somewhere. But the big worry is — it also means that it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people."

43 of 214 comments (clear)

Min score:

Reason:

Sort:

Surprised? by Imagix · 2012-06-29 02:56 · Score: 5, Informative

Why is this surprising? Thought that's how the military one was captured a little while ago...
1. Re:Surprised? by scubamage · 2012-06-29 02:57 · Score: 4, Insightful
  
  I remember people laughing that Iran couldn't possibly have done this. But I would assume that this would be exactly how they did do it.
2. Re:Surprised? by MozeeToby · 2012-06-29 03:11 · Score: 5, Insightful
  
  Because there is absolutely no way that a military drone should be using a single navigation source as it's be all end all, especially not GPS which can be jammed trivially and spoofed with a bit more effort. If your GPS signal is hundreds of Km off from where your dead reconning (using air speed and compass), says you should be the GPS signal should be ignored entirely. This is what airliner flight management systems do, in fact it's what any idiot hiking through the forest would do. The idea that the people coding software for military grade drones can't figure it out is more concerning than the idea that someone can spoof GPS signals.
3. Re:Surprised? by Anonymous Coward · 2012-06-29 03:12 · Score: 4, Informative
  
  Military drones, and other aircraft that use GPS for navigation use some form of GPS-enhanced INS, rather than just GPS. 'Hacking' a drone that only uses civillian GPS (ie. unencrypted signals) is probably no harder than 'hacking' an open WiFi - or even one with WEP. You just need the right equipment and software.
  Hacking an aircraft using the encrypted military signal and GPS-enhanced INS is a different game altogether. It is very unlikely that Iran could have done this; a spurious GPS signal will be rejected and the aircraft will simply fly with un-corrected INS until such as time as the GPS signal is determined to be reliable again.
  Also note that this has been successfuly demonstrated by GPS-guided bombs. Iraqis attempted to jam or spoof the GPS signals, but the onboard INS guided the bombs to target.
4. Re:Surprised? by scubamage · 2012-06-29 03:18 · Score: 3, Interesting
  
  Wouldn't there be an order of precedence for multiple navigation signals? I'm not a drone engineer, so I could be wrong, but it would seem if you have multiple radios running you'd set priority for one over the others. If that one is jammed (say, find out what frequency its running on and flood that with noise) it will fail back to one of the other signals (perhaps civilian GPS), which could open a vector for exploitation? Just curious.
5. Re:Surprised? by aaarrrgggh · 2012-06-29 03:22 · Score: 2
  
  Voting is the more common approach - 3 means of determining something, and if one disagrees with the other two it is ignored.
6. Re:Surprised? by Rei · 2012-06-29 03:45 · Score: 5, Interesting
  
  The full Iranian claim was that they jammed all of the communications to the drone and then spoofed GPS. Aka, there were multiple navigation sources, and it lost them. When the drone loses communication for a length of time it is programmed to return to base and land unless it reestablishes communications and receives alternate orders. But it uses GPS to find out where the base is.
  Yeah, a "GPS position is changing too fast" check could be useful to try to thwart something like that, but it's also the sort of thing that can be overlooked, and also something that could be slowly faked (aka, from a blind plane's perspective, there's no difference between a "drifting GPS" and flying through a strong wind.). So yeah, you could get into a whole range of attacks and countermeasures, but sometimes the attackers will win, sometimes the defenders.
  The people who insisted that a country like Iran could never pull it off always struck me as way overconfident, egotistical. It reminds me of when the Serbians shot down a stealth (which the US tried to blame on hardware failures) and damaged another (among many other aircraft). I read an article on the elite Serbian unit who pulled that off with basically junk hardware and with no air superiority to back them up. They had their tactics down to a tee, and the US got totally overconfident. First they baited NATO into wasting their anti-radiation missiles by jury-rigging together as many fake "radars" as they could muster from junked military equipment. Then they hacked the hardware on the actual radars they were using, boosting the frequency many times over. This made the signal get hugely attenuated by the atmosphere, dramatically decreasing the range, but was A) out of the range of frequencies generally looked for, and B) wasn't nearly as affected by the stealth capabilities of the aircraft. The range was so low that the target aircraft had to fly pretty much over them, but they started mapping out the typical sortie patterns being used and got the hang of reckoning where they'd be and moving to intercept. They also got the hang of how much time it took from when the radar got hot to when a plane could take them out if they were detected, and timed their operations so that the hardware or at least the people had to be Not There Anymore(TM) by the deadline. The troops were drilled over and over in how to set up, get a lock, fire, and then get the heck out of there in the allotted time.
  It's easy to assume that because a country is poorer and can't afford fancy hardware, its people are idiots. But that's a bad assumption to make.
  
  --
  Rock Us, Dukakis.
7. Re:Surprised? by Rei · 2012-06-29 03:51 · Score: 4, Informative
  
  Link
  Quick summary: Security on the drones has a history of bad decisions, such as unencrypted video feeds and malware. Breaking GPS encryption would be almost impossible, but it's quite possible that the drones were programmed to use unencrypted GPS as a fallback if encrypted GPS was lost, so if Iran jammed only the encrypted GPS signal, the plane would rely on spoofed unencrypted GPS. The short answer: it would have been tough, and we don't know whether they really did it or not, but it's not as impossible as people are making it out to be.
  
  --
  Rock Us, Dukakis.
8. Re:Surprised? by wvmarle · 2012-06-29 03:54 · Score: 4, Insightful
  
  It's easy to assume that because a country is poorer and can't afford fancy hardware, its people are idiots. But that's a bad assumption to make.
  Necessity is the mother of all invention, right?
  People that don't have much can become really creative with what they do have.
9. Re:Surprised? by Anonymous Coward · 2012-06-29 04:13 · Score: 4, Interesting
  
  The US didn't blame anything on hardware failures. The failure rested specifically with putting the route of the F-117 right over that SAM. If you get close enough, it will see you (it detected the F-117 at about 23km, according to records). The point of stealth is to shrink surveillance radii and sneak inbetween radars. This was a planning error, not hardware nor anything else. Once close enough, an F-117 is engaged like any other aircraft. There is no magic nor anything at all special about this. No frequency boosting or other BS pseudo-science crap ever happened.
  The claims about 'baiting NATO to waste their missiles on decoys' are funny - why? Because for this to happen, the SAM radars had to be shut down, thus rendering SEAD efforts successful. It doesn't matter if the missile didn't hit the SAM. What matters is that for that time, the SAM was useless. Result? Serbians dancing on the wreckage of two planes out of hundreds of sorties that demolished their infrastructure. That's right. Those 'so smart tactics' got them two planes and failed to defend their country whatsoever.
10. Re:Surprised? by Andy+Dodd · 2012-06-29 04:17 · Score: 5, Interesting
  
  In addition, there's absolutely no evidence to back this claim - "But the big worry is — it also means that it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people."
  Transitioning from "making a few fake pseudolites" to "discovering the crypto key before it changes" (I believe the keys rotate on a daily basis, so you would need to crack the key AND the key change algorithm) is a MAJOR step. I don't know what universe that person lives in if they thing breaking military-grade crypto is even remotely close to this attack in complexity. This attack is easymode compared to generating a proper P(Y) code.
  The only "break" so far in the military encryption is the fact that the same keys (and in fact same signal) are used on both L1 and L2, allowing you to cross-correlate L1 and L2 to determine ionospheric delay and remove that one error source. Note that the next block of GPS satellites adds a civilian L2 signal, so this "break" is mostly irrelevant.
  In addition, no evidence was provided that a RAIM-enabled receiver was successfully spoofed, only a cheap consumer-grade unit that lacked RAIM.
  
  --
  retrorocket.o not found, launch anyway?
11. Re:Surprised? by Shoten · 2012-06-29 04:25 · Score: 2
  
  Possibly, but possibly not. For one thing, the attack being shown here is far, far from news. And there are actually tons of ways to build a GPS receiver with the native ability to detect spoofing, and those features are standard for high-risk equipment (like classified stealth drones). But on the other hand, all of the details are classified in some way or another, so it's really hard to know for sure...but I doubt that it was all that simple as the attack shown here.
  One simple way of detecting spoofing is by frequency strength. The most basic attack is to impersonate the satellites, and to be strong enough in output that the receiver is sure to pick up your "sats" instead of the real ones. But that typically means you're putting out a WAY stronger signal than you'd normally get from a GPS, and that ends up being a dead giveaway.
  For military uses, the open and unencrypted C/A code GPS signal isn't even used; they use the more secure (and originally supposedly more accurate...but not really more accurate) P code signal (which now has a W code overlaid onto it as well). So there are inherent features involved in military GPS that act as anti-spoofing as well.
  
  --
  
  For your security, this post has been encrypted with ROT-13, twice.
12. Re:Surprised? by element-o.p. · 2012-06-29 04:55 · Score: 5, Interesting
  
  I pretty much agree with everything you said above (well-written and insightful, IMHO, and I absolutely agree with your conclusion). However, one part doesn't quite make sense to me:
  
  The full Iranian claim was that they jammed all of the communications to the drone and then spoofed GPS. Aka, there were multiple navigation sources, and it lost them.
  Okay, I don't design, build, fly or repair military drones (or even civilian ones...yet). I am, however, a fixed-wing pilot in my off-hours. In civilian airplanes, we use multiple navigation methods too, and I would presume that many of these navigation systems are applicable to drones as well as Cessnas. For example, it's probably safe to assume that drones use GPS just like I do. Military drones probably also use TACAN, which essentially is just the military equivalent of civilian VOR/DME (navigation using fixed, ground-based radio stations). Either of those systems are susceptible to attack as you've described above. However, larger civilian airplanes, like business jets and airliners, have also used a navigation system called INS, or "Inertial Navigation System," which uses accelerometers and gyroscopes to compute the moral equivalent of dead reckoning ("it's been 23 minutes since I passed my last waypoint, so with an estimated speed of 110 knots, that means I should be reaching my next waypoint in five...four...three...two...one...turn left to heading 070 degrees and descend to 2500 feet MSL..."). INS should be pretty much immune to spoofing or jamming of radio signals, since it is completely internal. Therefore, I would expect that INS should be more than capable of providing a sanity check and fail-over against GPS or TACAN radio navigation. Even better, install multiple INS systems, and if they all agree within a sane margin of error, while your radio navigation systems are either jammed or showing that you are a hundred miles away from your computed location and/or your most recent known-good position, then assume your navigation signals are being attacked and fail-over to INS until/unless you reach a point where all navigation systems agree again.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
13. Re:Surprised? by Rei · 2012-06-29 04:57 · Score: 5, Interesting
  
  The US didn't blame anything on hardware failures.
  Sorry, "refused to confirm claims that it was shot down" for several days - is that better?
  
  The claims about 'baiting NATO to waste their missiles on decoys' are funny - why? Because for this to happen, the SAM radars had to be shut down, thus rendering SEAD efforts successful. It doesn't matter if the missile didn't hit the SAM. What matters is that for that time, the SAM was useless. Result? Serbians dancing on the wreckage of two planes out of hundreds of sorties that demolished their infrastructure. That's right. Those 'so smart tactics' got them two planes and failed to defend their country whatsoever.
  First off: Three planes down (one ditched into the Adriatic, two over land) and a number of hits that crippled other craft but did not lead to crashes (the other stealth that they hit reportedly never flew again), plus several cruise missiles. Dani's unit saw no casualties or loss of hardware. Of course other less trained units sufferedlosses, but that's not the point I was making (I am *not* claiming that weak powers will always outsmart/defeat strong powers, or even that it's likely - just that they shouldn't be underestimated and can sometimes pull off impressive feats). They shot down a stealth and nearly a second one using 1960s hardware and with total loss of air superiority.
  Serbia had no hope of preventing the destruction of fixed infrastructure. Their military budget was something like a tenth of a percent of the military budgets of the nations they were facing. Their only option was to preserve their military capability for as long as possible while costing NATO as much money as possible and buy as much time as possible in hopes that Russia would step in to their defense. HARMs are a heck of a lot more expensive than junkyard radars, and well, F-117s? They don't grow on trees. Serbian losses were quite small at the end of the war and their military pretty much intact, despite earlier NATO claims to the contrary, and the US actually had documents showing that they clearly didn't believe their own numbers they were giving out. Despite the use of obsolete hardware, just over a dozen tanks were destroyed, under 20 artillery pieces, etc. NATO hit orders of magnitude more decoys as actual military targets. There were only 492 Serbian casualties. Of non-fixed military hardware, only the airforce was effectively destroyed, which was pretty much expected (an obsolete airforce is pretty helpless). The problem Serbia had was that NATO was prepping for ground war and Russia, as mad as they were, made it clear that they weren't going to get militarily involved.
  And contrary to your claims, the fact that NATO couldn't destroy anti-aircraft batteries like Dani's made their life a lot harder. It meant they had to fly a lot higher (less precision) and limited the types of aircraft which could get involved. Furthermore, not only were the downed aircraft rallying points (the last thing you want to do is re-moralize your enemies - I'll never forget the "Sorry about your plane, we didn't know it was invisible" sign), parts from the downed stealth are believed to have been sold to China and used for their stealth aircraft program. There are serious material consequences to the US from what happened.
  
  --
  Rock Us, Dukakis.
14. Re:Surprised? by element-o.p. · 2012-06-29 05:18 · Score: 2
  
  ^^^This^^^
  
  Keep in mind that this is /. There is a greater-than-average collection of people who do computer security day-in and day-out here. I'm not saying that the /. collective is necessarily brighter than those tasked with building and maintaining military drones, but, well, here's an anecdote for you: I was talking to an Army guy around Christmas who was describing what he does to get computer systems "functional" for his squad after the techies send them new desktops and/or laptops. If someone in my organization did the things he says he did, I'd make it my mission in life to get him fired for violating our security policies. Young, inexperienced, well-meaning guy with some degree of computer skills but no real-world experience with computer security + overly restrictive security policies = disabled security policies. I wouldn't be surprised to find out that this happens with drones, too.
  
  Point being: not everyone is as security-conscious as those of us who do computer security for a living and have done so for long enough to understand the "why" as well as the "how." Consequently, some things that are "duh" to us might not even occur to a guy in the field who just graduated from high-school six months ago and is now trying to get a drone functional before his squad marches into a potential firefight.
  
  --
  MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
15. Re:Surprised? by Anonymous Coward · 2012-06-29 05:36 · Score: 4, Interesting
  
  There are no reports as to what happened to the second F-117. Some like to claim it was hit by a SAM, but there is nothing credible out there in public.
  Some like to claim that B-2's were shot down, too.
  The Serbs had and have hardware that is effective, and tactics that are used by pretty much anyone who uses SAMs today. I'm not down-playing anything. I am telling you how it actually is. There's no weapon out there that you can consider to not be a threat when you fly into its WEZ, regardless of how old it may be. This aside, most people don't realize that 'hardware from the 60's' is constantly upgraded. The SA-3 (the SAM that took down the F-117) was well maintained and staffed by a very capable crew, both of which play a huge role in combat effectiveness; finally, the F-117's flight path was a planning/intel failure plain and simple. You can bring down any aircraft by ambushing it successfuly, and in this case, the F-117 was pretty much ambushed.
  The tactics they used were standard fare - they searched for the F-117 several times post-detection, taking care to limit radiation time with each attempt to avoid taking a HARM (their search radar was immune to HARMs since it operated at a lower frequency than the HARM antenna can detect). This stuff would have happened a lot faster with a newer system, and that is simply a fuction of modern automation. But once you're targeted, you're in trouble. It doesn't matter if the SAM is old or new. An old SAM is less likely to shoot you down, but it isn't an impossible feat. The F-117 was detected in the heart of the engagement zone where the PK for an SA-3 is something around 97% against a non-maneuvering, non-jamming target ... which is what the F-117 was.
  It's easy to go around dismissing the effectiveness of SEAD when you don't understand how these weapons operate; it is also easy to assign 'great inventiveness and ingenuity' to the underdog for the same reason, not to mention the fallacy of appeal to emotion for the underdog.
  I'll say it again: The Serbs did nothing special. They just did their job. There was no technological tinkering, no magical stealth-defeating radars or missiles. For all their discipline and capability, all they had to show for it was a couple of shot down planes and surrendered country.
16. Re:Surprised? by jd · 2012-06-29 05:58 · Score: 3, Interesting
  
  INS would be good, yes, but how to identify when a spoofed signal is just a little off what you expect, then increasingly different? Since INS has cumulative error, you can stay within the estimated error bounds and yet totally deceive the drone.
  Answer: Radio direction finders. 1930s technology. If the signal is below you and at 300 yards, it's probably not a satellite above you and at 6000 miles. (Marconi, the company, developed the technique of using two RDFs offset from each other to triangulate and therefore give range as well as direction.)
  Can you supplement INS using this same technique? Once GPS is marked as out-of-action, those RDFs can be used to triangulate on any radio source, after all. Not if all frequencies are jammed.
  Ok, are there any other sensors that could be used? 3-way magnetic sensors (provided they're wired the right way up) could give you some information, provided there were no strong magnetic fields AND you had a magnetic map of the area. The first an enemy can arrange, the second is unlikely in unfriendly territory.
  What about terrain-following radar? If you know what the terrain looks like, you can arguably use that with other dead-reckoning techniques to pinpoint your location. I'll give that a maybe, but remember that every added component subtracts from payload and subtracts from the value of using a drone vs a manned vehicle.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
17. Re:Surprised? by cheesybagel · 2012-06-29 07:17 · Score: 2
  
  All aircraft and strategic missiles of the 1980s used so called INS+Stellar navigation which is to say a combined system with both inertial navigation and GPS (or GLONASS). This was because global positioning systems were seem to be susceptible to an attack (e.g. using strategic missiles to blow up the satellites in space) in an all out war between NATO and the Warsaw Pact. It seems people are overly reliant on the GPS satellites today because the wars being fought are with low tech opponents which cannot directly target the satellites in orbit. However the signals can still be jammed and spoofed.
18. Re:Surprised? by Belial6 · 2012-06-29 07:21 · Score: 2
  
  I would think that the solution to future encryption would be one time pads. One time pads don't work for things like Wifi and credit cards because there is no good out of band way to load them on the client. With a drone, there is all sorts of maintenance that is going to be done at the time of launch. So, at launch time, a sufficiently huge set of one time pads are loaded into the drone, and copied to the control center. Using this method, you could decrypt the signal using a simple XOR, yet still maintain complete security. Even if the enemy gets their hands on one of the drones, there is no data on it to reverse engineer to break the code for any other drone.
  
  As far as I know, there isn't even any known theoretical possibilities for breaking a properly used one time pad.
19. Re:Surprised? by cavreader · 2012-06-29 08:02 · Score: 2
  
  Prove it. Backup your speculation without using more speculation from yourself or others. And while you do that I will give you something else to roll around in your head. The US knew where the drone went down and could have destroyed it using an armed drone strike, manned jet strike, spec op mission, or even a cruise missile if something important was built into it. Why didn't they? It's not like Iran could have stopped them or the US would give a damn about any Iranian sensibilities. It didn't go down in midtown Tehran. It went down less than a 50 miles from the border in the middle of nowhere. It doesn't make the news often but there have been at least 7+ unarmed military drones crash from either mechanical or operator error so the one that went down inside Iran is not a new thing. And plus the drone that did crash was unarmed (i.e no weapon guidance systems or intact ordinance) and are now being sold for civilian purposes both domestically and internationally. Iran could have probably purchased one using cutouts. And as far as the article goes they needed an unencrypted GPS signal and the Reaper or Predator series of drones encrypt the GPS signal. The drone that went down in Iran was little more than a flying camera used for surveillance.
20. Re:Surprised? by Aighearach · 2012-06-29 13:35 · Score: 2
  
  It reminds me of when the Serbians shot down a stealth (which the US tried to blame on hardware failures) and damaged another (among many other aircraft). I read an article on the elite Serbian unit who pulled that off with basically junk hardware
  There is no mystery, "stealth" planes have a normal (non-stealthy) radar profile when wet, and the decision was made to use it like a normal plane when the weather was unfavorable. One of them got shot down. Not by junk, but by one of the best small soviet AA missiles with Serbian moderizations.
  They took a risk and they lost a plane. It happens.
Thanks a lot by Anonymous Coward · 2012-06-29 02:57 · Score: 2, Funny

Thanks a whole bunch, Treyarch, way to give the terrorists awesome ideas. Maybe next time make a game called Rainbow Factory: Gumdrop River 2 and we don't have to cower in fear everywhere we go ^ ^,
"the big worry" described above by circletimessquare · 2012-06-29 02:58 · Score: 4, Informative

isn't that exactly how Iran caught that US drone a few months ago?
google...
tada:
http://news.slashdot.org/story/11/12/15/2013249/us-sentinel-drone-fooled-into-landing-with-gps-spoofing

--
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
1. Re:"the big worry" described above by slashmydots · 2012-06-29 03:05 · Score: 2
  
  Or you could have not googled it and just read the 2nd paragraph of TFA: "The same method may have been used to bring down a US drone in Iran in 2011."
2. Re:"the big worry" described above by NeutronCowboy · 2012-06-29 03:08 · Score: 4, Insightful
  
  The problem is that no one knows for sure whether that actually happened. Yes, the Iranians claim that's what they did, but it is unlikely for two reasons: the article specifically mentions that military GPS signals are encrypted (although it wouldn't be the first time that the military decides to use unencrypted channels to send/receive live drone information), and the Iranians are... well, prone to exaggerating their achievements. I'm much more of the opinion that the drone malfunctioned, crash landed, and the Iranians went "PR Jackpot!".
  
  --
  Those who can, do. Those who can't, sue.
3. Re:"the big worry" described above by andydread · 2012-06-29 03:19 · Score: 2
  
  It could also be possible that if you jam the encrypted military signals the drone may fallback to civilian unencrypted signal recognition in an attempt to return to base then you spoof unencrypted signal and voila. Drone lands.
4. Re:"the big worry" described above by Savage-Rabbit · 2012-06-29 03:29 · Score: 2
  
  The problem is that no one knows for sure whether that actually happened. Yes, the Iranians claim that's what they did, but it is unlikely for two reasons: the article specifically mentions that military GPS signals are encrypted (although it wouldn't be the first time that the military decides to use unencrypted channels to send/receive live drone information), and the Iranians are... well, prone to exaggerating their achievements. I'm much more of the opinion that the drone malfunctioned, crash landed, and the Iranians went "PR Jackpot!".
  Dont make the mistake of thinking the Iranians are a bunch of ill educated goat herders and dirt farmers I'm sure some of them are ill educated but the Iranians have some pretty intelligent CS and math people, I have met some of them. If the Iranians or anybody else could really hack the encrypted data streams on these drones like those UT researchers seem to be suggesting then the pilotless airforce concept is in trouble (never been a big fan myself). People keep talking about drones as if, when you loosa a squadron of them, you can just break out a new one like a six pack of beer. The problem is that a drone that has JSF or F -22 level tech also has a JSF or F -22 level price tag plus you defenitely do not want a whole brace of them to be hijacked by the enemy and captured in foll working condition along with their precious top secret tecnology and radar absorbant materials.
  
  --
  Only to idiots, are orders laws.
  -- Henning von Tresckow
5. Re:"the big worry" described above by radtea · 2012-06-29 03:38 · Score: 2
  
  I'm much more of the opinion that the drone malfunctioned, crash landed, and the Iranians went "PR Jackpot!".
  Likewise, the US security-industrial complex has a long history of vastly overstating the difficulty of defeating or reproducing American technology, starting with the A-bomb, which the Russians weren't supposed to get for decades (it took them a couple of years, thanks to some well-placed spies) and the H-bomb (primarily due to careful analysis of fall-out from atmospheric testing, which allowed them to reverse-engineer the basic structure in some detail.)
  Unless you're going to claim that Iranian scientists, engineers and spies are somehow all completely incompetent, you have to admit that it's more-or-less a tie as to who is more likely lying in the case of the American drone captured by the Iranians.
  
  --
  Blasphemy is a human right. Blasphemophobia kills.
6. Re:"the big worry" described above by NeutronCowboy · 2012-06-29 05:31 · Score: 2
  
  I wouldn't necessarily say it is a tie, it's more something that we can't really much about. Your thesis is completely valid as well - that the US military just has a shitty navigation system that thinks GPS is either unjammable or unspoofable. However, in the absence of solid evidence, I tend to favor the simpler explanation: that the drone malfunctioned, and Iran got some free PR out of it. Occam's razor, if you will.
  
  --
  Those who can, do. Those who can't, sue.
7. Re:"the big worry" described above by FreeFire · 2012-06-29 05:33 · Score: 2
  
  There's a third reason it's highly unlikely to have happened the way the Iranians said; there was only 1 drone crashed. There's never been another.
8. Re:"the big worry" described above by slashmydots · 2012-06-29 06:36 · Score: 2
  
  But you're forgetting the revised amendment that states if 25 posts have not yet been registered, you're actually not allowed to read the summary either. You have to base your comment 100% on the title only.
Unencrypted GPS by SirGarlon · 2012-06-29 03:09 · Score: 3, Insightful

Is anyone else troubled that civilian planes use unencrypted GPS and are therefore susceptible to spoofing?

--
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
1. Re:Unencrypted GPS by asynchronous13 · 2012-06-29 03:24 · Score: 2
  
  No. GPS on civilian aircraft is a secondary system. Even with complete GPS blackout (or spoofing), the pilot in command still has all of the primary sensors available for navigation.
2. Re:Unencrypted GPS by CompMD · 2012-06-29 04:29 · Score: 2
  
  Its becoming a primary system. As the FAA decommissions radar stations and other navaids, GPS and ADS-B interrogation are replacing those technologies and services. Similarly, small aircraft can use GPS for precision approaches in instrument meteorological conditions instead of ILS. Many small airports don't have ILS runways, and many small civilian aircraft aren't equipped to use ILS. In the case of a GPS approach, if a fix is lost or wrong, the pilot must abort the landing and execute a missed approach.
  FD: I'm a pilot and engineer with a background in avionics.
A paper on this from 2002 by Anonymous Coward · 2012-06-29 03:16 · Score: 2, Informative

Here's a paper on this from 2002.
All they did was purchase a commercial GPS simulator, which is used by companies to develop their GPS receivers and is easily attainable. They just connect an antenna to the simulator and beam it at the direction of a GPS receiver, jam the receiver so it loses current lock, and then it'll be spoofed once it locks onto your antenna. I always thought you needed to do some super complicated math and use multiple sources since GPS relies on careful timing information to get position, but the commercial simulator handles it all for you.
FUD by jklovanc · 2012-06-29 03:30 · Score: 2, Interesting

This would only work if the drone was using only GPS to fly from place to place. Most drones have a pilot who direct them most of the time and uses GPS to find it's location. A pilot would notice the discrepancy between what the GPS plot shows and what he sees in the camera monitor and assume the GPS screwed up.
This next statement is just stupid;

But the big worry is — it also means that it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people."
The way the current system probably works is that it transmits signals similar to the ones from the satellites. To spoof an encrypted drone one can not "unencrypt" it. That would be equivalent to convincing the drone to accept un-encrypted GPS signals. That should be impossible. If someone could send out false data that is encrypted using the same keys and algorithms as the satellites that would ba a major issue as cruise missiles could be spoofed. That kind of spoofing is not something that can be done by "a very skilled person" as it would require knowing the encryption keys.
The following statement is also bunk;

The same method may have been used to bring down a US drone in Iran in 2011.
One can speculate all one wants but that does not make it true. It is much more likely that the drone lost contact with the pilot center and auto landed. Lets use a real life unverifiable incident to support our FUD.
They also talk about hijacking drones delivering FedEx packages. Fred Smith, CEO of Fed Ex says he wants them but he is nowhere near getting them. Even if they did use drones I bet Fed EX would use the encrypted channel and they would rely on navigation aid other than GPS as verification.. If you want to scare us at least talk about something real.
We have plenty of real things to worry about rather than to fall for FUD.
1. Re:FUD by radtea · 2012-06-29 03:45 · Score: 2, Insightful
  
  We have plenty of real things to worry about rather than to fall for FUD.
  The problem is you have nothing to counter the FUD but RUC: Reassuring Unsupported Claims.
  "You bet"... FedEX would encrypt them, eh? I'm glad you feel that your gambling problem is relevant to this discussion of actual reality, but I have no idea why you think it is. Neither I nor anyone else cares what your bet is. We care what FedEX will actually do, when it comes time to deploy drones with software supplied by the lowest bidder.
  Furthermore, while FedEX may be some years from getting drones, closing our eyes to the potential problems in the meantime doesn't help. FedEX or someone like them will get drones. This is a certainty. That they don't have them now is irrelevant.
  I'm also grateful that you have informed us so authoritatively as to "the way the current system probably works." I'm sure you have a very good imagination, but what you imagine and what is real are unrelated. No one is interested in what you imagine. We only care about what is real, which you have told us nothing about.
  Your whole post is classic security-industrial bluff and bluster, full of RUC, but no more substantive or meaningful than the FUD you claim to dispute.
  
  --
  Blasphemy is a human right. Blasphemophobia kills.
Re:Black Ops II by cayenne8 · 2012-06-29 03:58 · Score: 2

Hmm...wonder when there'll be a YouTube video out on how to do this...?
:)

--
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Re:but military drones don't use unencrypted signa by Baloroth · 2012-06-29 04:26 · Score: 2

Yes, it does prevent spoofing. How do you send a valid, encrypted signal if you don't have the encryption key? This isn't like public-key encryption where anyone can generate a valid signal: if the encryption key itself is secret, you can't either encrypt or decrypt the signal without knowing it, and that does prevent spoofing. You can jam the signal, sure, but not spoof it. For reference, the source P-code, which is encrypted with the W-code (the details of which are secret) is 720 gigabytes long, and only replays once a week or so (each satellite has it's own P-code). The W-code is significantly smaller, but probably still long enough that brute-forcing it is impossible. A replay attack is impossible, as long as the W-code and the P-code are not in sync (i.e. the encrypted Y-code doesn't repeat, which it doesn't). The result is that the encrypted signal is little better than noise to an observer: you can't fake it.
The only problem with the current system is that you can't always use the encrypted system alone (you have to lock on to the unencrypted signal first). The modernization of the GPS system is looking to fix that problem, too.

--
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Re:Exaggerate much? by Andy+Dodd · 2012-06-29 04:29 · Score: 2

You have zero evidence to support your claim.
The Iranians were VERY careful not to show the underside of the drone, which is the part most likely to sustain crash damage.

--
retrorocket.o not found, launch anyway?
What drone was hacked? by WaffleMonster · 2012-06-29 04:49 · Score: 2

Am I supposed to be impressed? What drone was it? Why no pictures or any information other than the university owned the UAV. For all I know their "drone" is just a model airplane project a student jury rigged using a cellphone.
Just to be safe lets go with military drone images on all of these web sites parroting the same story and mention someone from DHS was present as well. What does that matter?
Was the drone using raim? Did it use other sensors like fluxgates, rlgs to confirm position? Is ANY useful information available?
Re:Exaggerate much? by bill_mcgonigle · 2012-06-29 05:15 · Score: 2

The Iranians were VERY careful not to show the underside of the drone, which is the part most likely to sustain crash damage.
Right. Common wisdom is that they screwed up the altitude calculation on the spoofed GPS signal.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Not a military drone! by Matt_Bennett · 2012-06-29 06:22 · Score: 2

As was pointed out here this was not a military drone. Until they can spoof p(y) code, this is nothing. For just this reason, all military equipment is required to use an encrypted signal (of course, this was as of 10 years ago, when I was still working with military GPS systems)- civilian GPS can be pretty easily jammed and/or spoofed- "civilian" GPS is also called "C/A" or coarse acquisition- which was designed only to get you "about right" before the receiver switches over to the more precise encrypted code. Anti-spoofing is a very important part of true military grade GPS. Many civilian users (surveying companies, particularly) would pay *big* money to get access to this- but they don't get the keys.
I think this article should be more accurately titled "Texas college hacks insecurely designed civilian drone"