Drones Vulnerable to Hijacking, Raising Concerns for Security

Monday, July 02, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

Last week a saw a satellite image taken by Google Earth related to a mysterious vehicle, apparently an unmanned aerial vehicle (UAV), parked at Lockheed Martin’s Skunk Works facility in Palmdale, California.

“Skunk Works” is LM’s Advanced Development Program Facility where some of the most futuristic and secret projects are developed. The image was dated 2011, Dec. 4, but it had been published only last week in a blog post by George Kaplan, an “open source” intelligence analyst.

Lockheed has worked on the design of drone for reconnaissance and surveillance purposes, and the dimensions calculable from the image suggest that the photographed aircraft matches the wingspan of Lockheed’s secretive RQ-170 Sentinel, also a Skunk Works design.

The secret drone was sighted for the first time in Afghanistan’s Kandahar Air Field in 2007, and later the Air Force confessed to using it for surveillance operations.

On December 4th, a similar drone was captured by Iranian forces near the Iran-Afghan border. The event represented for Iran an opportunity to spread propaganda on its alleged technological capabilities, stating that the drone was hijacked with a sophisticated cyber attack.

Upon capturing the vehicle, Iranian experts have had the opportunity to study the technological jewel, and its maintenance logs indicated that it, or at least parts of it, had been sent back to the Palmdale facility from Afghanistan for maintenance.

Obviously, the photo release generated great interest and many experts have expressed different opinions, some arguing that it is a new project that will compete for a government contract with similar products developed by companies such as Boeing, Northrop Grumman and General Atomics. Other analysts maintain that it is a new secret project should not have been exposed in this way.

The use of drones has become increasingly common, not only for surveillance purposes but also to conduct attacks, and they represent an indispensable military option that could preserve human lives in use for dangerous operations.

Drone aircrafts are able to monitor large territories, spy on and attack terrorists groups with no risk to human operators.  Several operations in which these powerful weapons have been used, are well known. In Pakistan and Yemen, for example, against al Qaeda operatives, and also in Somalia where President Obama secretly authorized two drone strikes against terrorists.

Don’t forget the widespread use in the Iranian region for surveillance purposes with the intent of collecting information on the evolution of Iranian nuclear program.

But the use of these deadly vehicles raises several thorny issues:

  • Devices such as UAVs are used in military reprisals conducted secretly, and its legality is much debated. The U.S. military has launched several lethal attacks on terrorist targets all over the world, but according specialists on government secrecy issues, the congressional oversight of these operations appears to be cursory and insufficient. Specialist  Steven Aftergood declared :

“It is Congress‘ responsibility to declare war under the Constitution, but instead it appears to have adopted a largely passive role while the executive takes the initiative in war fighting.”

  • Another problem is the real security level of these vehicles. They are based on high technological components, and we know that nothing is totally secure. On the Internet is circulating news regarding the vulnerabilities of US drones that seems to be exploitable, allowing to hackers to take control of the vehicle. Recently a team of researchers of the University of Texas at Austin, led a successful attack after accepting the challenge of the Department of Homeland Security.  The event is really dangerous, as if enemies take control of the drone they could use it as weapon. Spoofing is not the only attack that can compromise a drone, as we have already spoken of GPS signal jamming. Jamming GPS signals could for example force a drone into an automatic landing mode for the aircraft. Spoofing a GPS receiver on a UAV is also possible to manipulate navigation computers providing fake information. Professor Todd Humphreys declared to Fox News:

“In 5 or 10 years you have 30,000 drones in the airspace,”“Each one of these could be a potential missile used against us.”

  • Let's consider that the use of drone could be extended for surveillance by law enforcement in several countries, and for this reasonlawmakers must define new rules to regulate government and commercial uses of UAVs. The US Congress ordered the Federal Aviation Administration to define such rules by 2015. Also private companies such has FedEx announced that they intend to use drones for their activities, with obvious impact on privacy and security.
  • Last concerns about the use of drones is the real capacity of Western industry in protecting its projects and technological solutions. Foreign governments,  China mainly, are specialized in cyber espionage, and daily we read news on the violation of intellectual property. Cyber attacks, network exploits, and targeted malware are all methods used to steal industrial secrets on special projects such as the drones.

The deep knowledge of these secrets related to the technology used in the design of drones raises security concerns. Over our heads could soon fly drones that could be used in attacks our own territories... and it's not science fiction.

References

Cross-posted from Security Affairs

Possibly Related Articles:
15697
Network->General
Military
Military Attacks National Security Surveillance hackers Spoofing GPS Drone
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.