GPS Spoofing Attack Hacks Drones 214
Rambo Tribble writes "The BBC is reporting that researchers from the University of Texas at Austin managed to hack an experimental drone by spoofing GPS signals. Theoretically, this would allow the hackers to direct the drone to coordinates of their choosing. 'The spoofed drone used an unencrypted GPS signal, which is normally used by civilian planes, says Noel Sharkey, co-founder of the International Committee for Robot Arms Control. "It's easy to spoof an unencrypted drone. Anybody technically skilled could do this - it would cost them some £700 for the equipment and that's it," he told BBC News. "It's very dangerous - if a drone is being directed somewhere using its GPS, [a spoofer] can make it think it's somewhere else and make it crash into a building, or crash somewhere else, or just steal it and fill it with explosives and direct somewhere. But the big worry is — it also means that it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people."
Re:Surprised? (Score:5, Insightful)
Re:"the big worry" described above (Score:5, Insightful)
The problem is that no one knows for sure whether that actually happened. Yes, the Iranians claim that's what they did, but it is unlikely for two reasons: the article specifically mentions that military GPS signals are encrypted (although it wouldn't be the first time that the military decides to use unencrypted channels to send/receive live drone information), and the Iranians are... well, prone to exaggerating their achievements. I'm much more of the opinion that the drone malfunctioned, crash landed, and the Iranians went "PR Jackpot!".
Unencrypted GPS (Score:4, Insightful)
Re:Surprised? (Score:5, Insightful)
Because there is absolutely no way that a military drone should be using a single navigation source as it's be all end all, especially not GPS which can be jammed trivially and spoofed with a bit more effort. If your GPS signal is hundreds of Km off from where your dead reconning (using air speed and compass), says you should be the GPS signal should be ignored entirely. This is what airliner flight management systems do, in fact it's what any idiot hiking through the forest would do. The idea that the people coding software for military grade drones can't figure it out is more concerning than the idea that someone can spoof GPS signals.
Re:FUD (Score:3, Insightful)
We have plenty of real things to worry about rather than to fall for FUD.
The problem is you have nothing to counter the FUD but RUC: Reassuring Unsupported Claims.
"You bet"... FedEX would encrypt them, eh? I'm glad you feel that your gambling problem is relevant to this discussion of actual reality, but I have no idea why you think it is. Neither I nor anyone else cares what your bet is. We care what FedEX will actually do, when it comes time to deploy drones with software supplied by the lowest bidder.
Furthermore, while FedEX may be some years from getting drones, closing our eyes to the potential problems in the meantime doesn't help. FedEX or someone like them will get drones. This is a certainty. That they don't have them now is irrelevant.
I'm also grateful that you have informed us so authoritatively as to "the way the current system probably works." I'm sure you have a very good imagination, but what you imagine and what is real are unrelated. No one is interested in what you imagine. We only care about what is real, which you have told us nothing about.
Your whole post is classic security-industrial bluff and bluster, full of RUC, but no more substantive or meaningful than the FUD you claim to dispute.
Re:Surprised? (Score:5, Insightful)
It's easy to assume that because a country is poorer and can't afford fancy hardware, its people are idiots. But that's a bad assumption to make.
Necessity is the mother of all invention, right?
People that don't have much can become really creative with what they do have.