Researchers use spoofing to 'hack' into a flying drone

[Ziggy Stardust]

Researchers use spoofing to 'hack' into a flying drone

American researchers took control of a flying drone by hacking into its GPS system - acting on a $1,000 (£640) dare from the US Department of Homeland Security (DHS).

A University of Texas at Austin team used "spoofing" - a technique where the drone mistakes the signal from hackers for the one sent from GPS satellites.

The same method may have been used to bring down a US drone in Iran in 2011.

Analysts say that the demo shows the potential danger of using drones.

[...]

"It's very dangerous - if a drone is being directed somewhere using its GPS, [a spoofer] can make it think it's somewhere else and make it crash into a building, or crash somewhere else, or just steal it and fill it with explosives and direct somewhere.

"But the big worry is - it also means that it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people.

more...

This is a worry isn't it?

What about taking over armed drones and turning them?

 

[Formaldehyde]

It is one thing to broadcast an unencrypted GPS signal and lead a drone astray. It is quite another to break the encryption scheme used to control military drones and completely take it over. The NSA is quite proud of their encryption schemes. I don't think one has ever been compromised.

But this does show a problem with drones in general as the story states. Having a human present means that he can turn his head in any direction and discern immediately if the avionics are acting unpredictably.

 

[Crezth]

Yeah, this sort of thing is a persistent problem. It's hard to counter it because, as has been stated, it's not a full-blown hijacking so much as like, reversing the road signs at a fork in the road, or painting a photorealistic tunnel onto a canyon wall (a la Wile E. Coyote).

They key is to tighten up the orientation algorithms and introduce predictive methods for knowing if something is going wrong.

 

[Terxpahseyton]

Why can't the drone be made to only accept properly encrypted GPS signals?

 

[Crezth]

Why can't the drone be made to only accept properly encrypted GPS signals?

Oh, it can, but you can always crack those. I'm talking about salvaging a post-hack situation.

 

[The_J]

Why can't the drone be made to only accept properly encrypted GPS signals?

The problem: It's just not encrypted.
Same counts for e.g. your mobile connection (everyone can set up his own mobile phone station) or the communication of the drones (Taliban were able to intercept data from drones in Afghanistan).
Not everyone has yet the right sense for security in this field. Which is somehow funny, considering the field of work.

 

[GinandTonic]

Or just add bae's new toy.

http://www.bbc.co.uk/news/technology-18633917

Basically mapping the known broadcasts of many many signals to provide a back up if gps is lost. Like google maps on android uses known wifi spots to work indoors but over a far wider spectrum. If navstop and gps suddenly dont agree the drone could alert human handlers or look to it's inertial systems to get a casting vote. Even go into a "safe mode".

 

[EnglishEdward]

For a modern drone to perform properly, it has to be able to transmit
pictures back to its controllers, and its transmission can be jammed
or its transmission signal may be used to guide a missile to it.

Drones may work against poorly equipped enemies such as the taliban,
but their performance against better equipped enemies is unproven.