Civilian drones vulnerable to hackers, can be hijacked, used as missiles

While having coffee and trying to clear the sleep cobwebs from my brain, I saw a headline that reminded me of Black Ops 2 casting Anonymous as cyber-terrorists hacking drones for targeted killings. Fox News claimed, “Drones vulnerable to terrorist hijacking.” Surely this was satire, a spoof? After reading about and watching a video titled “Drones Can be Hijacked and Used as Missiles,” I discovered the spoof part was right, but it was GPS spoofing by researchers that proved malicious hackers or terrorists could take control of civilian drones.

The University of Texas at Austin's Radionavigation Laboratory demonstrated hacking a civilian drone, forcing it to change course by sending fake GPS signals, and then, “as if some phantom has given the drone a self-destruct order, it hurtles toward the ground.” At the last second, the drone was spared but Professor Todd Humphreys and his team were pleased. They had successfully proved “a gaping hole in the government’s plan to open US airspace to thousands of drones. They could be turned into weapons.” Humphreys told Fox News, “Spoofing a GPS receiver on a UAV is just another way of hijacking a plane.”

GPS jamming had been the “main problem,” but now with the “right equipment, anyone can take control of a GPS-guided drone and make it do anything they want it to,” Fox reported.

While jammers can cause problems by muddling GPS signals, spoofers are a giant leap forward in technology; they can actually manipulate navigation computers with false information that looks real. With his device -- what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) -- he infiltrates the GPS system of the drone with a signal more powerful than the one coming down from the satellites orbiting high above the earth.

By some reports, there will be about 30,000 of these drones flying and spying overhead in American skies in the next five to ten years. FedEx wants drones to deliver its packages, according to Fox News. Humphreys said, “What if you could take down one of these drones delivering FedEx packages and use that as your missile? That’s the same mentality the 9-11 attackers had.”

At the end of 2011, an Iranian engineer claimed to have ‘hijacked’ the “CIA’s ‘lost’ stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military.” The RQ-170 Sentinel was downed by “electronic ambush,” by attacking the “weakest point” which was said to GPS navigation. The Christian Science Monitor reported on the GPS “spoofing technique” that Iran claimed to have used. The engineer said, "By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain."

Wired also reported on Iran’s alleged drone hack, saying it is “difficult to jam a drone’s GPS.” Humphreys told Wired, that the military has known about the spoofing “threat for 20 – 30 years” and called the Iranian engineer’s story “nonsense.” The military has “defenses against these kinds of spoofing attacks. They mount their antennas on the top of the drones and sometimes the antennas have the ability to null out jamming or spoofing signals.”

Perhaps that is what planted the seed of inspiration to hack the civilian drone and prove it could be vulnerable to terrorists? Or perhaps not as all Radionavigation Lab videos feature spoofing GPS techniques, including spoofing attacks against Android and iPhone.

Last week at White Sands Missile Range in New Mexico, Humphreys and his team showed off hacking a drone for Homeland Security and FAA officials. The researchers “repeatedly took control of a drone from a remote hilltop. The results were every bit as dramatic as the test at the UT stadium a few days earlier.” The Fox News video says DHS has “poorly funded” programs called “Patriot Watch” and “Patriot Shield” that focus on GPS jamming. These Homeland Security programs “really aren't much more than a PowerPoint presentation.” The military uses encrypted GPS, unlike civilian drones that use unencrypted GPS. Unnamed experts told Fox News “they are worried that DHS brass isn't really going to pay a proper amount of attention to this until something happens.”

Isn't this just peachy news? Privacy experts have warned about drones being used and abused for surveillance. Now if this GPS vulnerability to hack drones isn’t addressed, the drones can create a surveillance society and they could be used as missiles. Humphreys said, “I'm worried about them crashing into other planes. I'm worried about them crashing into buildings. We could get collisions in the air and there could be loss of life, so we want to prevent this and get out in front of the problem."

And as if all the privacy invasions and fear factors from 9/11 attacks haven't impacted American lives enough, Humphreys added, "It just shows that the kind of mentality that we got after 9-11, where we reinforced the cockpit door to prevent people hijacking planes -- well, we need to adopt that mentality as far as the navigation systems for these UAVs."

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies