Most US Drones Still Beam Video Unencrypted

An anonymous reader writes "Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn't secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams 'in the clear' — without encryption. With a minimal amount of equipment and know-how, militants can see what America's drones see."

Re:

[sortadan]

I'm seeing a wired.com link, so looks like the editors went above and beyond the call of duty on this one (which is to say they did anything at all :-).

Re:

[Jeremiah Cornelius]

Hooray! Surveillance!

I hope that 12 year-old Pashtun and Somali kids down every one of these fuckers, with a jammer and a slingshot.

You know, like the GOOD GUYS in THE BIBLE did.

Re:

[Hadlock]

We got a Glenn Beck link earlier today in the form of a voting machine calibration story. This does not bode well for Slashdot. Either that, or they've been hacked, and they haven't been able to tell anyone yet. I'm not sure which has happened.
 
When they start linking to dodgy russian warez sites, it'll become more obvious who's in control of the site.

Re:

[Anonymous Coward]

Direct link to the article http://www.wired.com/dangerroom/2012/10/hack-proof-drone/ [wired.com]

Re:

[Anonymous Coward]

It's a shame there isn't a flag to indicate the story was edited to correct this stupidity. I often feel like a complete idiot for coming back to this site (since 1998).

Re:

[SomePgmr]

I've been saying for a while that there should be something like version control on the summaries. Maybe just show a "diff" link underneath and last edited hh:mm.

Re:

[theshowmecanuck]

This was the first story I down voted on the recent submissions page when I looked in there today. It really wasn't that hard to click on the link and see the spam site and that this was spam. I even chose the binspam option on the down vote. Whoever is the editor today is slacking. I know I'm not the only voting on those but you'd think anything with a vote of binspam should get an automatic closer look. The second story I down voted was the Glenn Beck trash story. At least for that one I had to highlight

Re:

[Elbereth]

Slashdot has always been like this. In fact, things have arguably gotten better, as hard as that is to believe. Back in the early days, there was quite a bit of outcry over the incredibly lazy editing and numerous dupes. CmdrTaco's response? That amateurish nonsense was part of the charm of the site, and he steadfastly refused address those concerns (or pretty much any other complaints or feature requests, for that matter). Now that he's finally gone, we might see the sight getting a little more profes

Re:Soooo maybe that is anticipated

[Z00L00K]

Then there is the point that if the hunted knows that he's discovered then it may be enough for them to call off an attack. So unencrypted may actually serve a purpose.

And when you run encryption there's always one more factor that can go wrong. No picture at all is completely useless.

Back when this was happening 10+ years ago

[dbIII]

Back when this was happening from piloted aircraft broadcasting video streams 10+ years ago some speculation here was:
1/ Encryption gets in the way of any military unit that wants to see it so if it's for general distribution don't encrypt.
2/ None of the stuff shown in the videos belongs to the US and their allies so it often won't matter if somebody else gets it.

There's plenty of counterarguments and edge cases, (please don't try any on me since I tunnel just about everything through ssh as a matter of h

Re:

[budgenator]

The interesting thing is I wouldn't be surprised if you could get the video stream on a 3 generations old smartphone,
  if that the case, and you have enough of the fleet beaming unencrypted video to make it worthwhile to try and intercept, then it's also very possible to transmit false videos over the unencrypted channel and the real video over an encrypted channel. This would have some very interesting tactical possibilities.

Re:

[HiThere]

To transmit a false video you'd need to have a camera there...of course you could transmit old footage...but then how do you control the drone?

Re:

[budgenator]

My understanding is the camera video stream is both send uplink to a satellite and back to the pilots and sensor operators and sent down to the troops so they get an aerial view of their tactical situation. It shouldn't be technically challengeing to put both an encrypted actual veiw down to the ground troops, and an unencrypted video stream with doctored video to misslead the opposing forces. I'd be surprised if there was only one frequency available for downlinking video.

Link is spam

[Anonymous Coward]

The real Wired article is here.
http://www.wired.com/dangerroom/2012/10/hack-proof-drone/

Re:

[YrWrstNtmr]

Wireds 'Dangerroom' isn't any better than Coinurl.com. Same scaremongering.

Yes, the feed is apparently unencrypted. But OMGWEREALLGONNADIE is the standard modus operandi of Dangerroom.

URL is bad

[Antony T Curtis]

Moderator asleep at wheel?

Re:

[Anonymous Coward]

Its Timothy. Any other questions?

Spaceballs: When will then be now? Soon.

[retroworks]

I can picture the Taliban watching the back of their heads on a screen, like in the Mel Brooks film. "Prepare to fast forward!" http://tinyurl.com/cqbwm5y [tinyurl.com]

Re:

[GoodNewsJimDotCom]

If the drones aren't encrypted, can't they be jammed? [youtube.com]

Re:

[elashish14]

That depends on whether their Schwartz is as big as ours.

Re:

[aix tom]

I heard rumours they also tried cheaper Hollywood-style encryption, but they had to many casualties because the drone wasn't operational fast enough.

They had to watch too many FBI warnings before they could start it up.

Achmed, check this out, we're on TV!

[Freddybear]

Wait, are those cross-hairs? Oh shit...

Re:

[girlintraining]

While amusing, the ability to watch the video unencrypted probably won't save you from being blown up at that point. What it will do, however, is tell your buddies where the drone took off, where it landed, and what areas are under surveillance. Now if I were an evil scheming terrorist, I'd wait until the drone passed by with its surveillance rig, and once it recorded something the top brass would consider a "target", shuffle in a bunch of women and children in the back way, and then evacuate the building.

Re:

[fustakrakich]

Yes, sir, Officer Obie, I cannot tell a lie, I put that kid under that pile of rubble..

Re:

[Anonymous Coward]

As someone who trains on ISR feeds in Afghanistan, I can tell you that's not how it plays out. If they can't put eyes on target, and confirm 100% there's no collateral, there's no shot. It's written into the Rules of Engagement, and I've watched countless times where a bad guy runs into a house and we waive off the ISR.

Back to the article, a bad guy sitting there with an antennae, trying to grab ISR RF is going to have a very short life span.

Re:

[Xest]

So how does it go wrong so often? I'm not trying to stir shit up, but the US has an abysmal track record on civilian casualties so if the rules of engagement are followed as strictly as you suggest then I'm intrigued to know where it goes wrong, and why.

The problem is that whilst the rules of engagement are exactly what should be done, I'm not convinced they are. You only have to look at the raw original uncommented Wikileaks Apache video to see that at least Apache pilots give not the slightest shit for ve

Re:

[budgenator]

Most of the intended audiences for the "OMG the American infadels killed innocent women and children" stories aren't sophisticated enough to actually watch a video anyways.

Re:

[dbIII]

where the drone took off, where it landed

At the great big airstrip at a US base hundreds of miles away that everyone and their dog already knows about.

shuffle in a bunch of women and children in the back way, and then evacuate the building. When Sir Bombsalot comes knocking, have camcorders standing by to show how the bastard americans are targeting innocent women and children.

Nobody with political power really cares anymore. That shark was jumped early in the Iraq war when there was the proud announcement

Re:

[Isaac Remuant]

Reminds me of Tom Clancy's "Executive Orders" (from the Jack Ryan Saga).

Re:

[aliquis]

Yeah. The problem is the video, not the bombs? :D

Priorities.

Re:

[Anonymous Coward]

No, because the vendor informed the USAF of the vulnerability and the Air Force said "fuck it, we're on a deadline here!"

With any government agency involved

[Anonymous Coward]

Four years is probably barely enough to form a committee to plan the budget for a new feature. Maybe in another four years they'll actually start looking for an implementer.

Neither is the control software.

[Anonymous Coward]

I'm controlling one right now. Don't believe me? Post your address, I'll buzz your house.

Re:

[Anonymous Coward]

1600 Pennsylvania Avenue Northwest Washington, DC 20500

Re:

[jtownatpunk.net]

"Hey, Mo, isn't that your house on TV?"

To be fair...

[BenJeremy]

...these drones are build so cheap, they have the same wired remotes that their civilian counterparts my cheap uncle would buy me ffor Christmas - the ones that only turn in reverse.

Why yes, I'm till bitter about that.

Any technical details?

[ArchieBunker]

Any more details about this? My guess is a cheap USB DTV receiver.

Re:Any technical details?

[Pinhedd]

Encryption, real time, and noisy signals don't mix well. This isn't a youtube video in which the client can request that the server resend a packet that contained an error. Unencrypted video streams are fairly error tolerant as an error will only manifest itself as a slight artifact for a few short frames. Strong encryption schemes are not error tolerant, a non-correctable error would result in one or more blocks of data being entirely unusable.

A stream cipher could be used instead of a block cipher but a stream cipher presents added difficulties in that not only would the bitwise/bytewise encrypted transmission (as opposed to blockwise) have to be tracked, but it would have to be tracked in sync with a key. If the key repeats, it can be determined with a little bit of work in the same fashion that an RC4 key can be determined to break into WEP protected networks.

Re:

[ArchieBunker]

Perhaps you didn't read the article but its UNENCRYPTED. What hardware are they using to receive the signal?

You misunderstand

[backslashdot]

You misunderstand. Pinhedd is saying that with an unencrypted signal .. unlike a digital encrypted signal .. if the signal is weak and lossy you can still see usable information.. it may have image noise .. but you'll be able to make out rough outlines. But if the signal is encrypted .. with most forms of encryption you either get a perfect imagery or nothing. Either you will see a clear image or random total image noise. If you make the signal more resilient to noise, the weaker the encryption quality. This also means you lose out on range too since you need a clear strong signal.

We need better ways to encrypt.

Re:

[fustakrakich]

We need better ways to encrypt.

We need better defense against drones... For once, think of the children [blogspot.com]

Re:

[drinkypoo]

Nobody cares what he's saying, it's a lot of shit. That sort of thing was true with analog but it is not at all true with digital. It doesn't matter if it's encrypted or not, any lost data and you throw away the entire packet.

Re:

[rtfa-troll]

any lost data and you throw away the entire packet.

There are plenty of techniques which mean that you can recover from bit errors even in digital signals. Look up e.g. "forward error correction". Fortunately these techniques work on both encrypted and unencrypted systems.

Re:You misunderstand

[mysidia]

Use a reliable strongly encrypted side-channel for controlling crypto of the primary channel.

Use a "one-time pad" for the video channel used as a "multi-time pad instead", XOR each block by a random value preloaded on both sender and receiver, each block also XOR'ed by a value negotiated over an encrypted control channel protected with a shared key, pick a new XOR value every 10 - 20 seconds to transmit over the encrypted channel, for the next N seconds of video, and a number of One time PAD bits to skip in the transmission, also transmit a value indicating a pattern for a certain number of 'extra' bits of noise or false signal to be included --- possibly a FALSE unencrypted video stream transmitted alongside the real one.

Include enough "one time pad" / random data stored on a memory card, for 18 - 24 hours of video, then recycle the pad.

One time pads are resilient against 'noise' because they result in the same number of bits noise in the output.

The non-sophisticated adversaries are not likely to defeat even an imperfect implementation. Strictly speaking, any reuse or multiple use of a one time pad makes the stream immediately decipherable by a potential adversary, who has successfully recorded enough ciphertext encoded with the same pad bits, in that they can determine parts of the one time pad.

The possible range of original plaintext for video are much larger than readable human language -- any arbitrary value. Even with simple 'scramble every bit by XORing it with a fixed value' will be extremely tough for unsophisticated adversaries, trying lots of XOR values to decrypt is easy -- ANALYZING the output of every value that you try, requires an adversary to have some serious computer vision technology, to decide if the output of each attempted value is the video stream being searched for or not.

However, 'skipping' a certain number of pad bits, for every transmission, introduces unpredictability, and means only a proportion of bits in a frame might be reused, that requires an adversary not only have more than 48hours recorded data but also conduct complex difficult matching, in the process of trying to figure out which bits might be reused --- only a percentage of bits in the transmission may be reused, and by the time they have conducted the search, the drone's mission is done.

XOR'ing every block over a period of time by the same reference block, is also immediately decipherable by an adversary, who can conduct an analysis to figure out what the XOR block is.

However, combining XOR with a "one time" or "multi use" pad, significantly complicates the process of attempting to figure out the XOR key. No analysis of that is possible without first figuring out the random pad data of a block.

And the simple / militant adversaries, are not likely to break any level of encryption. Or at least, if they do, by the time they were able to decode the video stream: again, the mission will already be over by the time they get it.

And they are in no better position to decode the next video stream (assuming new keys and random pads are loaded on every drone, before its next mission).

Re:

[BetterSense]

Interesting post. This reiterates a principle of cryptography: how much do you need? For a sports results that will be publicly announced in 48 hours, encryption that takes a week to break might be plenty. For a trade secret that won't be of any use in a year, encryption that takes 5 years to break might be plenty. For a predator video stream, even minutes or hours might be vastly better than nothing.

Re:

[budgenator]

I do not understand why an encrypted digital signal would be less robust than an unecrypted digital stream; unless your implying that the unencrypted stream is also analog.

This can be solved

[coder111]

Add redundancy (something like par2), transmit more information- well, this requires faster links. Then you can recover more frames. Don't encrypt entire monolythic stream, encrypt each 10 second chunk of video separately (or something similar). If one chunk gets garbled and unecryptable, you can still see others. If you have two way link, you can monitor link quality and adjust the amount of recovery/redundant information sent. Or adjust resolution/quality to lower the amount of information sent.

Anyway,

False

[baffled]

Sorry, this is vaguely true, but dead wrong in practice. Any block of unencrypted data received successfully could have been encrypted byte-for-byte. Only key negotiation requires additional data, and this is a truly miniscule amount relative to a video feed of any resolution (assuming a reasonable renegotiation period)

Re:

[baffled]

Thinking about it more, key negotiation shouldn't even be necessary.

You need a pre-determined set of sufficiently-large encryption keys on a removable module of sorts, like a USB key. Produce the key-set USB-key in pairs, for transmitter & receiver. Encryption cycles through the key-set at a predetermined schedule. Timing is managed with an internal clock. Imprecision of timing at change-over intervals is handled by simple dual-decryption attempts, and determination of correct sequence by CRC or som

Re:

[Pinhedd]

That's called a stream cipher, which I mentioned in my post.

play chess much?

[Spiked_Three]

The real trick is that the gov can track video receiving equipment (by the frequencies they use to decode the video) - so anyone attempting to receive video from a drone, is probably a worthwhile target :) Gotta love counter intelligence. Remember when we discovered (and thus told the russians) spent uranium bullets did not work? You guys are so gullible.

Re:

[MalleusEBHC]

The real trick is that the gov can track video receiving equipment (by the frequencies they use to decode the video)

What is this some Michael Bay "the signal that hacked your network" shit? How could they detect a passive receiver?

Re:play chess much?

[Lloyd_Bryant]

What is this some Michael Bay "the signal that hacked your network" shit? How could they detect a passive receiver?

Because the receiver ain't quite as "passive" as you think. Google for "local oscillator" for an example.

Digital systems tend to generate noise on predictable frequencies as well - if a device has a chip that's clocked at a given frequency, then somewhere in that device is an oscillator used to generate that clock (though it may or may not be working at that particular frequency).

The only truly passive receiver is one that is completely shielded to prevent it from radiating any of this noise. But you *have* to have a gap in the shielding in order for the incoming signal to be received. So building an undetectable receiver is not quite as easy as you might think.

Re:

[Fnord666]

The real trick is that the gov can track video receiving equipment (by the frequencies they use to decode the video) What is this some Michael Bay "the signal that hacked your network" shit? How could they detect a passive receiver?

I don't know about applying this to video but this is definitely real and is how LEOs detect radar detectors in states that ban them. This wikipedia article [wikipedia.org] has a description of how it works. The short form is that radar detectors use superheterodyne [wikipedia.org] receivers to detect the radar signal. These receivers are a lot more cost effective than trying to process the actual radar signal. Superheterodyne receivers need a local oscillator. This oscillator is not shielded so it leaks signal and that signal can be

Re:

[Pinhedd]

While its true that passive receivers and signal amplifiers do reflect or emit parts of the signal that they are receiving, it's not easily detectable unless you know what you're looking for and are close to the target.

Re:

[Half-pint HAL]

I don't think you understand what a "passive receiver" is. It more or less means "an aerial". What you receive radio signals with. It isn't an "active" device because it doesn't emit anything and doesn't require any power (although you might have an active booster somewhere in the signal chain).

Re:

[ThatsMyNick]

Wow, if you can track a highly directional satellite dish antenna, I would be very impressed.

Re:

[zippthorne]

Tracking it with what, though? The drone isn't big enough to have an antenna of sufficient size for the task. The power of the IF is comparable to the received signal level, and isn't directly driving an antenna.

Re:

[Spiked_Three]

Modded a troll? I bet its my signature that offended you fucking retards.

Unencrypted Decoy

[Anonymous Coward]

Wouldn't it make sense to leave some drones unencrypted, so the enemy can think they are seeing everything? If everything was encrypted, they might try harder at decryption.

Or you can let them see unencrypted signals of a trailer park, while your encrypted drones circle a hillside. If the enemy sees the trailer park on his eavesdropped TV, he'll comfortably sit outdoors on that hillside, knowing nothing threating has him in its sights.

I think it's a brilliant strategy to leave them unencrypted.

So what?

[jimmyswimmy]

So what if the video is transmitted in the clear? What does that get you...

- against a sophisticated enemy? They already know you're there (radar, DF on the transmitted signal). You're flying around in a racetrack centered on your target, so even without the video they know roughly what you're looking at. Problem is solved by an enemy air-to-air missile, or they ignore you and watch you watching them.

- against an unsophisticated enemy? They don't even know to look for the signal in the first place.

- ag

Re:

[GoodNewsJimDotCom]

I would think encryption is very easy if you want to do it dirty with random number seeds without slowing down the speed of transfer except an int. You just send the data stream assembled in different ways based on the random numbers you have off the seed(the int). Then you disassemble the stream based off the random number seed that gives you the instructions to disassemble the stream back into the unencrypted form. If you do it intensively enough, the video should be a static mess to watch.

If the sec

Re:

[Pinhedd]

These are satellite streams which run constantly. The receiving computer would have to be able to track and lock the start of the stream and/or a position in the stream before it could reassemble the packets. If a packet is missed, then the receiver will lose its lock. Thus, frame indexes of some sort would have to be used to help the receiver reacquire the lock. Since there are only so many possible ways to reassemble a real time data stream it's only a matter of time before someone else figures out how to

Re:

[GoodNewsJimDotCom]

When you put it like that, it makes sense. It is perfectly reasonable to rewrite encryption protocol every 2 weeks or so since it only takes a few hours of coding. But other countries might make a huge deal out of breaking your code like they're doing something special. Why give em that right to brag? Just don't encrypt at all.

Re:

[Half-pint HAL]

I think what we're really talking about is having a lightweight encryption scheme but changing the key frequently enough that by the time one cypher is broken, the next is in use.

Re:

[Pinhedd]

That can be done automatically, there's no need to recompile it. It's still problematic in that it's worthless if the downstream link can't be locked. Some sort of unencrypted marker is necessary

Re:

[cryptizard]

Why would you do this? We already have super-fast stream ciphers designed specifically for situations like this. There are no advantages to your method and quite a few disadvantages. Crypto is one of the areas where it is, as a rule of thumb, very bad to roll your own.

The art of war

[Anonymous Coward]

It is probably done to strike fear into those who are thinking of joining or feel the effort is worth it, when they know at anytime there is a drone waiting to kill them. Maybe after a few years they will encrypt some of the video feeds and intentionally leave others without encryption. Not sure why this is a big deal or even worth reporting. The US is fully aware of how tech savvy the middle east is, they have some of the best hackers, so if you have a silly notion that they are dumb neanderthal like peopl

Magical thinking

[dbIII]

It's a "needle in a haystack" situation so the "Why is the US fucking around allowing them to live?" question is answered by the problem that they have to be found first, and there is no magic to find them quickly, only hard (and deadly) work.

Re:

[dbIII]

So then, how do you find a reliable spy for sale instead of one that is just looking for a buck or wants to turn in their personal enemies?
As I said, needle in a haystack, and it's a pity I have to go as far as stating the incredibly obvious to cure that magical thinking.

True Story

[Anonymous Coward]

I was deployed in Afghanistan in 2010, had a bunch of prototype "advanced" receiver equipment that I was volentold to test. When I asked how I'm supposed to load keys into the decoder, "Oh you don't need that" Confused, I looked in the unit to see the keyfiles empty. Somehow the unit still worked. After playing with the equipment, even in-theater, our drones were broadcasting completely in the clear on UHF. Whenever there was one overhead, I could simply fire up this heavy POS attached to my kit, and watch us on the ground walk around, (Or whatever female medic on one of the local FOBs the UAV operator was stalking)

Actually most of the time, the UAV was watching the chicks on the big FOB.. Yeah.

Breach of Privacy!

[krashnburn200]

Almost as bad as if they had revealed the number of Americans they spied on.

Re:Breach of Privacy!

[scarboni888]

We've always been at war with Eurasia.

Freedom is slavery.

Weakness is strength.

just before impact

[kenorland]

Hey, look at this, Ali, you're on TV!

OMG

[Poorcku]

Unencrpyted and barely legal! LOL

When you have that much military strength

[scarboni888]

you don't need to encrypt your stuff.