Military and civilian drones have a major weakness: they can be hacked, as Katia Moskvitch discovers. So, what could a stolen drone be used for?
If you were watching Iranian state TV in early December 2011, you would have seen an unusual flying object displayed for viewers. It was windowless, squat, with a pointed nose, and its two wings gave it the shape of a manta ray. The trophy on display was an RQ-170 Sentinel stealth drone, a key tool in the intelligence-gathering arsenal of the US Central Intelligence Agency (CIA). Standing in a hangar on a military airfield, the drone appeared undamaged. Iranian officials insisted it had not been shot down; instead, they claimed an unusual victory: they had hacked the drone while it was flying near Iran’s border over Afghanistan and forced it to land.
Outside Iran, many people were skeptical of such claims. Todd Humphreys, an assistant professor of aerospace engineering at the University of Texas in Austin, was among the doubters. However, he would soon prove himself wrong.
So, how easy is it to hack a drone? Could the military, police, and private citizens also lose control of their aircraft? And if so, what could a hacker do with a stolen drone?
One way to hack a drone is by interfering with its navigation system. US military drones use encrypted GPS frequencies, and this was the RQ-170’s weak point, according to the Iranians. They first jammed its communication links, disconnecting it from ground controllers and forcing it to switch to autopilot. This also disrupted the secure data flow from the GPS satellites. The drone then searched for unencrypted GPS frequencies typically used by commercial aircraft. At this point, the Iranians claimed they used a technique called “spoofing” – sending the drone false GPS coordinates, tricking it into thinking it was near its home base in Afghanistan. As a result, it landed on Iranian territory, directly into the hands of its captors.
The US dismissed the hacking scenario, claiming that its drone had simply malfunctioned. Military drones usually have a backup system to guide them home automatically if contact with operators is lost, but that clearly didn’t work. The more Humphreys thought about the incident, the more he believed such an attack might be possible, at least in theory. Together with students at his university’s Radionavigation Lab, which he directs, he invited the US Department of Homeland Security (DHS) to watch as his team spoofed a civilian drone mid-air.
Using equipment costing less than $2,000, Humphreys replicated the unencrypted signals sent to the GPS receiver on a small university-owned drone. With DHS officials watching, he managed to trick the drone into following his commands in just a few minutes. “I initially dismissed the Iranians’ claims as extremely unlikely, but I have since revised my estimate to ‘remotely plausible’,” he says.
Confused Drone
Jamming GPS satellite signals, which causes the drone to lose track of its location, is quite possible for both military and commercial drones because these signals are very weak. "The US military is currently working hard to reduce their drones' vulnerability to GPS jamming, but it will take some time to find a satisfactory solution."
There are other weaknesses as well. Intercepting data links from the drone, such as seeing exactly what the drone is viewing, is also easy if the feeds are not encrypted. In 2008, Iraqi militants intercepted unencrypted video feeds from unmanned US spy planes. In 2012, drones at Creech Air Force Base in Nevada were reportedly infected with malware after an operator used a drone's computer to play "Mafia Wars," accidentally installing a virus on the PC.
A military drone hacked by criminals is clearly a dangerous situation. But what if hackers took control of civilian drones? Drones are already being used by search and rescue organizations, police for surveillance, and for monitoring crops or wildlife. They may soon also be used by postal services and online retailers.