PDA

View Full Version : Hijacking of drones/UAVs?


Carrier
5th Oct 2010, 20:39
In August the US Navy lost control of an unmanned helicopter. This flew towards the US capital. According to reports, after about 20 minutes the operators regained control. Did they just lose control or was control taken over by someone else for a limited time as a test?

Some time ago I was watching a Canadian Pacific train pass by. It had four engines, two at the front, one about two thirds of the way along the train and one at the rear. The two crew members ride in the front engine. One drives this and there are wired connections to control the adjoining engine. Apparently the ones cut into a train or at the rear are controlled by radio from the front engine.

Thinking of the chaos at radio control model aircraft and car meets if frequencies are not carefully allocated I wondered if CPR trains ever suffer from radio interference or temporary black-outs. Worse still, would it be possible for somebody to use a pirate radio set to take over the remote controlled engines and deliberately give opposite control inputs? The train would not climb the hill too well if two of the engines are in reverse or applying the brakes.

Then I wondered the same about drones. It seems highly likely to me that possible enemy states and terrorist organisations are monitoring the signals to American (and other) drones and working on ways to take control of them, possibly even to turn them against their owners. Have others wondered about this possibility? Have there been instances of unauthorised control of drones? Was the August US Navy helicopter incident an example?

Love_joy
5th Oct 2010, 20:55
You raise valid points, though a little bit of a conspiracy theory regarding the AWOL UAV.

Imagine the risks if they ever go to 'wireless' flight controls....

This has been muted before. IMHO you cannot beat the pulleys n cables!

Skycatcher69
5th Oct 2010, 21:15
I do not know about UAV's, but most R/C transmitters these days work off a digital signal. The Reciever and transmitter are 'bound' by way of each signal sent carrying an identifier tag so that the reciever knows which signals are intented for it.

In order to take over such a system one would need to know the identifier signal.

Landroger
6th Oct 2010, 00:18
In order to take over such a system one would need to know the identifier signal.

Then replicate it and play it back in such a way that the UAV 'believes' you rather than its rightful controller. Not only which my signals, which after all have only the same validity as the original owners, have to be more powerful and more 'believable'. Otherwise, all that will happen is a series of conflicting commands at which, I suspect, the onboard signal processors will simply throw up their electronic hands, give up the struggle and leave the aircraft in the hands of its onboard 'get home safe' processor and its protocols. :ok:

Did the wayward UAV not simply loose signal - for whatever reason - and wander off on its own, which happened to be toward Washington DC? :eek:

Roger.

SNS3Guppy
6th Oct 2010, 06:32
In August the US Navy lost control of an unmanned helicopter. This flew towards the US capital. According to reports, after about 20 minutes the operators regained control. Did they just lose control or was control taken over by someone else for a limited time as a test?

Hardly. The incident in question occurred during a test operation of an experimental project, and a test error occurred. It has been corrected.

demomonkey
6th Oct 2010, 13:46
You can do lots of processing with the signal in terms of encryption. Regarding the 'playback attack' you can do something by timestamping the signal so when the drone decrypts the attackers higher strength pre-recorded message it recognises the disparity. The 'playback' attack is a very basic attack even on something as basic as Windows Logon and is therefore fairly well understood by both sides.

airpolice
8th Oct 2010, 17:56
SKYCATCHER TOUCHES ON THE BASIS OF THE FOLLOWING MANTRA:


[If wireless networking was safe, computer companies would use it.]

People are sold wireless routers and BT home Hub devices with talk of Encryption and it seems to work, for the sales people anyway.

Think about this for a second, the password is requested, or offered, (blind) and then accepted, so any handshake, needs to be in the clear and therefore can be monitored.

I don't suppose, given the shambles (of the cctv downlink and no encryption) in recent years, that taking control is impossible.

MG23
8th Oct 2010, 19:08
People are sold wireless routers and BT home Hub devices with talk of Encryption and it seems to work, for the sales people anyway.

Think about this for a second, the password is requested, or offered, (blind) and then accepted, so any handshake, needs to be in the clear and therefore can be monitored.

Uh, there are well-known and well-documented means of securely setting up an encrypted connection with a remote system when both sides have a shared secret (in that case the password); the simplest and most obvious is to just encrypt the messages with the password and if it's not the correct password then the other system will receive gibberish and ignore it. If the UAVs have an encrypted connection using any well-designed modern algorithm then there's no way for an attacker to take control of them; the downside is that if you somehow get the wrong key on one side then there's no way for you to regain control, but that's unlikely unless something damages the computer on the UAV.

The reason companies are reluctant to trust wireless networking is because there have been numerous attacks on early wireless algorithms which weren't designed properly, allowing either insertion of data or recovery of the key. It also allows people to attack the network from outside the building, whereas a wired network requires physical access.

grounded27
10th Oct 2010, 08:08
Heck, my company can not update FMS/EGPWS..etc etc over wireless because they can not ensure the propritary information can not be stolen. Granted, it is more legal bs than actual technical ability.

If someone can place encryption on data, it is sure that someone else can decrypt it..

MG23
11th Oct 2010, 09:01
If someone can place encryption on data, it is sure that someone else can decrypt it..

Well, yes, encrypting something that no-one can decrypt is rather pointless.

But any competently implemented encryption system today is unbreakable by any means currently known. The problem is that many encryption systems are not competently implemented, usually because they're designed by people who aren't trained cryptographers and aren't aware of previous attacks.

Ka8 Flyer
12th Oct 2010, 15:11
Let's rephrase that last sentence ("is unbreakable by any means currently known") to "is unbreakable by any means currently within a reasonable timeframe" which is a key addition.

Given enough time and computing power, you will eventually be able to decrypt anything (after all, its just a bunch of 1's and 0's that are sent "over the air").
But that's not going to happen in real time and as long as the relevant keys are cycled you should be on the safe side as long as the bad guys don't get access to the keys somehow...

airpolice
12th Oct 2010, 15:30
This is the mess the legal system is in despite the shedloads of money spent on the national hi tech crime unit.

The right to remain silent has indeed been done away with.



A teenager was jailed yesterday for refusing to hand over his computer password to police during an investigation.
Fast-food worker Oliver Drage, 19, was taken to court after police tried to search his PC after a tip-off only to find it locked with a 50-character encrypted code.
Officers investigating a child exploitation racket ordered Drage to disclose the password hoping the contents of his computer might help their inquiries - but the teenager refused. He was then prosecuted for failing to disclose an encryption key.
This is an offence covered by the Regulation of Investigatory Powers Act 2000, which came into force in 2007 to crack down on terrorists. He is the youngest person in Britain to be convicted of the charge.

Drage of Freckleton, near Blackpool, was sent to a young offender institution for 16 weeks. Police are still trying to decipher his password 17 months after they seized his computer.
Det Sgt Neil Fowler said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence."
After being arrested in May 2009, Drage pleaded not guilty at Preston crown court but at a trial last month a jury took less than 15 minutes to convict him.



So a teenager in Blackpool can keep his (whatever) a secret for months but the US Military could not protect the CCTV images from their fleet of UAV mounted cameras.



Iraqi insurgents have reportedly intercepted live video feeds from Predator drones (http://news.cnet.com/8301-1009_3-10417247-83.html) using a $25 Windows application that allows them to track the pilotless aircraft undetected. The US military has fixed the problem (http://www.spacewar.com/reports/US_fixed_problem_with_drones_hacked_by_insurgents_Pentagon_9 99.html), a defense official said on Thursday.

Shiite fighters in Iraq used software programs such as SkyGrabber (http://www.skygrabber.com/) generally used for satellite television reception and available for as little as $25.95 from Russian company Sky Software (http://www.sky-software.com/), reports the Wall Street Journal (http://online.wsj.com/article/SB126102247889095011.html).




I don't think the issue is that they can't, but in fact that they won't secure it. More stuff like this will keep happening until everyone understands the principle of data security, which is that it is almost impossible to guarantee as soon as you start sharing the data.