from Hacker News

Insurgents Hack U.S. Drones

by bbg on 12/17/09, 5:18 AM with 131 comments

  • by tsally on 12/17/09, 5:48 AM

    I have a thought. How about next time the military just flies one of these things down to Defcon and lets people have a go. The hackers get a cool toy to play with a for a day and the military gets a free fairly sophisticated penetration test. I'm sure the flaw would have been found; instructions on how to intercept satellite data with about $100 worth of hardware have been floating around for years. I'll edit this post in a minute with details for anyone that's interested.

    EDIT:

    * One possible LNB: http://bit.ly/7AGe7e

    * Possible dishes: http://bit.ly/4NfMN1

    * One possible receiver (for digital, you'll need a different one for analog): http://bit.ly/4zHyND

    * Useful forum: http://www.satelliteguys.us/free-air-fta-discussion/

    That setup is enough to pick up signals from satellites (locations: http://www.google.com/#hl=en&q=satellite+index). If you do this as a hobby you might want to spend the money on a motor to tilt/pan your dish for you. ;-) The article implies that such a setup is pretty much what the insurgents used to intercept video from the drones. The drone bounces its video up to a satellite and the satellite bounces back down to the operator. The insurgents just grab it when it's coming down to the operator from the satellite. I'm pretty sure (or at least I hope) the receiver would have to be modified to decompress/decrypt the drone data properly. It'll do just fine if you're scanning for legit TV signals.

  • by conanite on 12/17/09, 10:00 AM

    the U.S. military found pirated drone video feeds on other militant laptops

    What is the meaning of "pirated" here? Are they going to sue militants for copyright infringement?

  • by motters on 12/17/09, 3:17 PM

    Having an unencrypted video broadcast on a military drone is just a dumb idea by whoever manufactured it. Encryption would seem to be the most minimal requirement for such an application.

  • by noonespecial on 12/17/09, 7:29 AM

    Part of the problem is that the military awards contracts that are sometimes decades long. What was "good enough" security in 1990 is not looking so hot 20 years on. The US military machine may not perform as well as it has in the past in the new era of betas, hotfixes and patches.

    I will not be at all surprised when insurgent "rc-plane" drones start showing up with cell phones, arduinos, grenades and duct-tape.

  • by Shamiq on 12/17/09, 5:29 AM

    Instead of hack, it should read "Insurgents intercept U.S. Drone video feeds"

  • by eli on 12/17/09, 4:21 PM

    "The military [is] trying to solve the problems by better encrypting the drones' feeds."

    Where by "better encrypting" they mean "using any encryption at all"

  • by tlrobinson on 12/17/09, 6:35 AM

    It's amusing that they consider the lack of encryption a mere "flaw". Seems like a huge oversight to me.

  • by slackerIII on 12/17/09, 5:50 AM

    Sounds like a great opportunity to feed some false information to the insurgents.

  • by naveensundar on 12/17/09, 6:44 AM

    The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control.

    What about the uplink?

  • by jsm386 on 12/17/09, 6:42 AM

    The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

  • by scotty79 on 12/17/09, 11:16 AM

    War machine sending data through unprotected channel? In XXI century? After two world wars and a cold war?

    How?

  • by marltod on 12/17/09, 1:29 PM

    The problem is that the people in charge of deciding what to approve/buy for the Military are not qualified. They get the position of authority by being successful in the military not by proving they understand the technology of the things they are buying.

    I can see how this happened. Say the military guy had two choices of what to buy for video feed products.

    Product 1. Fully encrypted video 15 frames per second and a 5 second delay.

    Product 2. No encryption video at 30 fps and 1 second delay.

    At the demo he says "product 2 is much better lets get that". When product 2 is questioned about security they say something like "we have proprietary codecs". From the miliary guy's point a view a codec is just as good as encryption.

  • by joe_the_user on 12/17/09, 9:18 PM

    Whether this particular mistake was avoidable or not, the event raises bigger issues.

    The military is building more and more lethal, radio-controlled robots.

    No networked device can be guaranteed to be secure. Computers have been hacked since they existed. The hacking of satellites is endemic. A civilian hacker was supposedly holding a military satellite hostage a while back.

    Thus this strategy makes it likely that hackers will get the ability to command a lethal device sooner or later.

    The risks of this might be worth the rewards in terms of avoiding casualties, projecting power, etc.

    But there hasn't been much public discussion of the choices that are involved here. There should be.

  • by andr on 12/17/09, 1:30 PM

    That poses an interesting technical question - how do you achieve military-grade encryption over a communications line with heavy packet loss (assuming the drone->satellite connection is like that)? Most self-synchronizing ciphers would have too much of a lag for real time operation.

    Perhaps two synchronized pseudo-random number generators, driven by synchronized clocks, could be used for variable key generation for a symmetric cipher.

  • by ashwinl on 12/17/09, 8:21 AM

    As @noonespecial alludes to, some of the comments on the WSJ site and (less so) here are made incognizant of the complexities of the systems and timelines of procurement, testing and deployment.

    @tsally the DEF CON suggestion is a good point. Because of ITAR, it is unlikely that the actual "toy" will be provided, but a comparable subsystem wouldn't be out of the question. E.g. The DoD regularly operates rapid reaction challenges with a simulated problem from theater - see http://www.kirtland.af.mil/news/story.asp?id=123120737 Something similar could be done with DEF CON.

    I think it is important to maintain perspective when stories like this come out. Contrary to some of the comments, defense contractors and researchers/engineers at gov't R&D labs do put the priorities of the warfighter first. Consider that many of the engineers/contractors/researchers/etc working on technology development are combat veterans themselves.

    The issue is that we face adaptive adversaries.

  • by ars on 12/17/09, 6:51 AM

    I hope instead of shutting it down, the military feeds them false information. If done right, it could make a good trap.

  • by lallysingh on 12/17/09, 5:44 PM

    Note that "skygrabber" is the #5 search phrase on google right now. http://www.google.com/trends/hottrends?sa=X&oi=prbx_hot_...

  • by Kliment on 12/17/09, 6:00 AM

    "said people familiar with the matter"

    WSJ is really going down in journalistic quality, it seems. But seriously, problem known for a decade, "they're dumber than us so they can't use it" attitudes, in a device at that price point, you'd expect they'd think about these things. Reminds me of the Boeing report on Columbia. ( http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=0... )

  • by rapind on 12/17/09, 5:24 PM

    Do you think obsfucation and spam could solve this problem? Could they setup cheap broadcasters all over the place that constantly send out fake videos and develeop a sophisticated filter they can use themselves that the insurgents wouldn't have access to? Then they wouldn't have to rework the drones themselves, and they could constantly rework the spam and the filter to stay ahead of them.

  • by johnwatson11218 on 12/17/09, 5:15 PM

    Is anyone talking about the potential to not just grab video but to send control signals? What if the enemy could actually take control of one of these drones? Is that channel encrypted? How about sending back false video to not allow the true operators to know what is really going on or to generate false positives.

  • by TallGuyShort on 12/17/09, 3:37 PM

    They say there's "no evidence" that they were able to take control of the plane's in flight. Since nobody bothered to encrypt the video feed, and they're saying there's "no evidence", it sounds to me like they also didn't bother to encrypt the control signals. Nice...

  • by jac_no_k on 12/17/09, 6:45 AM

    Anybody remember the movie Body of Lies? Would be interesting to feed the insurgents a different video feed from what is actually be used.

  • by richardw on 12/17/09, 3:58 PM

    Is there any chance the problem is technical? Encryption increasing latency (at least for the pilot's view), anything like that?

  • by ruslan on 12/17/09, 9:44 AM

    Wonder how soon they find a way to spoof drone video streams with some open sourced software, probably VLC ;-)

  • by Devilboy on 12/17/09, 5:38 AM

    'Fixing the security gap would have caused delays'

    '... it would have added to the Predator's price'

    If you're paying $20 million each you'd think another million to ensure your targets don't see you coming would be a no-brainer?