Recent published research gives malicious hackers a how-to manual for breaking into and taking control of unmanned drones, according to an Israeli defense company.
In recent years, published research studies on drone vulnerabilities have essentially provided hackers an easily accessible guide tor hacking into and hijacking unmanned aircraft. These are the views of a major Israeli defense manufacturer.
The research paper turned how-to hacking guide
Esti Peshin, director of cyber programs for Israel Aerospace industries noted that the hacking and downing of a CIA stealth drone by Iranians occurred a month after one such paper was published. In December 2011, a report in the Christian Science Monitor highlighted that Iran navigated an unmanned CIA aerial vehicle safely to the ground by manipulating the aircraft’s GPS coordinates.
The research study from 2011, co-authored by Nils Ole Tippenhauer of ETH Zurich and other ETH and University of California academics, was titled “The Requirements for Successful GPS Spoofing Attacks.” The academics detailed how to mimic GPS signals to fool the GPS receivers on-board the UAV (Unmanned Ariel Vehicle) that aid navigation.
“It’s a PDF file… essentially, a blueprint for hackers,” Peshin said.
Peshin stressed that she does not know whether the CIA drone was hijacked using GPS spoofing or even whether the hacker read the study. Equally, she highlighted just how easily available the publication is online.
“You can Google, just look up ’Tippenhauer’ — it’s the first result in Google. Look up ‘UAV cyberattacks’ — it’s the third one. ‘UAV GPS spoofing attacks’ — the first one,” Peshin said, speaking at the Defensive Cyberspace Operations and Intelligence conference, an Israeli-American summit held in Washington.
In the research study, the academics explained where an attacker must be optimally located to generate fake signals capable of fooling GPS receivers. They also described ways to replace legitimate signals with an attacker’s bogus signals, which renders the target “losing the ability to calculate its position.”
Their intention was not to aid and abet terrorists, but rather to highlight “effect receiver-based countermeasures, which are not implemented yet in current standard GPS receivers,” the researchers noted. Despite this, hackers could have quickly exploited their instructions before defense manufacturers had time to update and fortify satellite-guided vehicles, Peshin said.
“The fact is that we are slower than the bad guys and the bad guys could take this article and render it into a form of an attack,” she said. “One of the things that keeps me up at night is cybersecurity for operational networks, military systems, weapons systems.”
Peshin also pointed to a 2013 NATO risk assessment that set a few alarm bells ringing. “At the end of the article, as if this was not enough, they listed several UAVs and said these are riskier than others by the way,” Peshin said.
She declined to comment on changes (if any), made to drone security after the papers were released.
Impact of the research papers on manufacturers
Clearly, the research papers had the desired effect at the end. The Pentagon is taking measures to protect drones from outside interference. A hacker-proof Boeing Little Bird helicopter drone is scheduled to take flight toward the end of 2017.