Insurgents Hack U.S. Drones $26 Software Is Used to Breach Key Weapons in Iraq...

All your drones are belong to us, eh?

http://online.wsj.com/article/SB126102247889095011.html

By SIOBHAN GORMAN, YOCHI J. DREAZEN and AUGUST COLE

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

<snip>

The Obama administration has come to rely heavily on the unmanned drones because they allow the U.S. to safely monitor and stalk insurgent targets in areas where sending American troops would be either politically untenable or too risky.

The stolen video feeds also indicate that U.S. adversaries continue to find simple ways of counteracting sophisticated American military technologies.

<snip>

More at the link..

And a $26 off-the-shelf software package takes down US drones?

:rofl: WHAT A CLUSTERFOLLY!!!

Maybe Iran can buy these $26 items and resell them to the US for $26,000,000 a crack! After all, if we can pay the Sunnis not to fight us, we can pay Iran not to take down our drones!

Let everybody, and not just the MIC, make big bucks off of Uncle Sam !

But it definitely makes them far less useful..

Apparently only the video feed has been hacked, not the controls..

taking down the drones. Yes it gives them the ability to see what the pilots are seeing but it doesn't give them control of the vehicle.

With that said, this is a good story and should get some of our top government software/hardware personel on the job to correct this problem.

Apparently this has been going on since Bosnia..

From the article: The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn't know how to exploit it, the officials said.

"...local adversaries wouldn't know how to exploit it, the officials said."

Right. Because all those Middle Easterners are just backwards and ignorant. You know, like in Iraq (aka the Cradle of Civilization), Iran (aka Persia), and Pakistan (one of the world's nuclear powers).

I just have to wonder about the mentality that would "ass u me" such a thing, especially when dealing with military weapons systems.

Idiots.

Wooooooooooooooooooow

Basically, for you non-technies, what that means is that Predators are radially broadcasting what they are looking upon at great distances and anyone with a basic packet sniffing app can plug into it. You could technically do it from your iPhone.

Unencrypted downlink... HALF OF THE WORLD WE INVADE ON A REGULAR BASIS DOES OUR PROGRAMMING FOR US. Are you FUCKING serious?!

Realtime video encryption is a very CPU and power intensive process, and probably isn't something that can be done using the existing onboard electronics. They'll need to design and incorporate new software and PCB's to support the encryption, and new power sources to run the boards.

The contractors are probably giddy over this, because it means hundreds of millions in new R&D and deployment costs. They screwed up the design, and they get a bonus for it.

Even worse, in the end, the biggest problem here is UN-fixable without completely redesigning the communications system. Even if you encrypt the feeds, the fact that the insurgents have the ability to intercept the signals means they also have the ability to DETECT them. They may not be able to READ an encrypted vid stream, but they'll still be able to determine when the drones are in the area observing them.

I do it routinely to back up DVDs my grandkids are going to watch because they can trash a $15 DVD in the time it takes a meth head to blink twice.

According to the article this problem has been known since the Bosnia conflict, that was more than ten years ago, an eternity in technological terms.

Perhaps some of the people at the top of our MIC should read "Superiority" by AC Clarke?

http://www.mayofamily.com/RLM/txt_Clarke_Superiority.html

You're not going to find a Dell or MS Windows in one of these, and desktop computers generally require a minumum of 100 to 150 watts of power to operate correctly. In a small drone powered by an engine smaller than the one on your lawn mower and an airframe design that generally eschews useless space, coming up with the electricity, space, and resources to support an extra computer system is a bit more complicated than you might think.

It's a safe bet that any onboard electronics are custom to the drone and are designed specifically to support the needs of the drone (there's a reason why it costs a billion dollars to develop these things). If it has an operating system at all (strong probability it's entirely firmware based), it's probably a custom OS designed just for this aircraft project. I personally doubt it has an OS at all.

Any encryption software would need to be custom written from the ground up, and would need to run on newly designed hardware created just for this aircraft. I doubt that the developers would be able to use ANY off the shelf software or source code.

This isn't a trivial (or cheap) thing to add.

A drone is basically a large RC plane with some extra hardware, indeed I've even flown RC with an onboard video camera although it wasn't my plane.

And as a sometime astrophotographer I also know enough about image processing to have at least a modicum of a handle on how hard it would be to do the encoding, yes it would be difficult and expensive but in the overall realm of developing a drone in the first place it really wouldn't be all that much.

As I already pointed out, this particular vulnerability is over ten years old now, there is no legitimate excuse for it not being taken care of at this juncture.

The first autonomous plane to cross the Atlantic was over ten years ago, technology has come a long way since the Aerosonde was developed.

http://www.barnardmicrosystems.com/L4E_atlantic_crossing_I.htm

Compression is not a security feature. It is a bandwidth reduction process. Technically, compression means converting CPU power into lesser content byte size.

Encryption means scrambling the data in a way that it can be safely unscrambled with the proper key. Getting a signal to 1024-bit encryption is not a CPU intensive process.

the position of the antenna. It turns into a "Shoot me here" beacon. Ya, I know, there's some really sophisticated ECM built into these things: the signal's sent out in bursts at irregular periods and changing frequencies, and the carrier waves are directed and modulated to make the object appear to be somewhere it isn't. But, there are only so many things you can do to spoof opponents before they begin to catch on and either shoot down the drone or find a way to jam or tap in and send false signals.

Still, it's better than having American pilots up there.