Go Back  PPRuNe Forums > Flight Deck Forums > Tech Log
Reload this Page >

Hijacking of drones/UAVs?

Tech Log The very best in practical technical discussion on the web

Hijacking of drones/UAVs?

Old 5th Oct 2010, 19:39
  #1 (permalink)  
Thread Starter
 
Join Date: Jan 1998
Location: Where the job is!
Posts: 451
Likes: 0
Received 0 Likes on 0 Posts
Hijacking of drones/UAVs?

In August the US Navy lost control of an unmanned helicopter. This flew towards the US capital. According to reports, after about 20 minutes the operators regained control. Did they just lose control or was control taken over by someone else for a limited time as a test?

Some time ago I was watching a Canadian Pacific train pass by. It had four engines, two at the front, one about two thirds of the way along the train and one at the rear. The two crew members ride in the front engine. One drives this and there are wired connections to control the adjoining engine. Apparently the ones cut into a train or at the rear are controlled by radio from the front engine.

Thinking of the chaos at radio control model aircraft and car meets if frequencies are not carefully allocated I wondered if CPR trains ever suffer from radio interference or temporary black-outs. Worse still, would it be possible for somebody to use a pirate radio set to take over the remote controlled engines and deliberately give opposite control inputs? The train would not climb the hill too well if two of the engines are in reverse or applying the brakes.

Then I wondered the same about drones. It seems highly likely to me that possible enemy states and terrorist organisations are monitoring the signals to American (and other) drones and working on ways to take control of them, possibly even to turn them against their owners. Have others wondered about this possibility? Have there been instances of unauthorised control of drones? Was the August US Navy helicopter incident an example?
Carrier is offline  
Old 5th Oct 2010, 19:55
  #2 (permalink)  
 
Join Date: Apr 2007
Location: Here, there, everywhere
Posts: 251
Likes: 0
Received 0 Likes on 0 Posts
You raise valid points, though a little bit of a conspiracy theory regarding the AWOL UAV.

Imagine the risks if they ever go to 'wireless' flight controls....

This has been muted before. IMHO you cannot beat the pulleys n cables!
Love_joy is offline  
Old 5th Oct 2010, 20:15
  #3 (permalink)  
 
Join Date: Jul 2010
Location: SYD
Posts: 2
Likes: 0
Received 0 Likes on 0 Posts
I do not know about UAV's, but most R/C transmitters these days work off a digital signal. The Reciever and transmitter are 'bound' by way of each signal sent carrying an identifier tag so that the reciever knows which signals are intented for it.

In order to take over such a system one would need to know the identifier signal.
Skycatcher69 is offline  
Old 5th Oct 2010, 23:18
  #4 (permalink)  
 
Join Date: Feb 2009
Location: Jungles of SW London
Age: 77
Posts: 354
Likes: 0
Received 0 Likes on 0 Posts
Skycatcher69

In order to take over such a system one would need to know the identifier signal.
Then replicate it and play it back in such a way that the UAV 'believes' you rather than its rightful controller. Not only which my signals, which after all have only the same validity as the original owners, have to be more powerful and more 'believable'. Otherwise, all that will happen is a series of conflicting commands at which, I suspect, the onboard signal processors will simply throw up their electronic hands, give up the struggle and leave the aircraft in the hands of its onboard 'get home safe' processor and its protocols.

Did the wayward UAV not simply loose signal - for whatever reason - and wander off on its own, which happened to be toward Washington DC?

Roger.
Landroger is offline  
Old 6th Oct 2010, 05:32
  #5 (permalink)  
 
Join Date: Oct 2005
Location: USA
Posts: 3,218
Likes: 0
Received 0 Likes on 0 Posts
In August the US Navy lost control of an unmanned helicopter. This flew towards the US capital. According to reports, after about 20 minutes the operators regained control. Did they just lose control or was control taken over by someone else for a limited time as a test?
Hardly. The incident in question occurred during a test operation of an experimental project, and a test error occurred. It has been corrected.
SNS3Guppy is offline  
Old 6th Oct 2010, 12:46
  #6 (permalink)  
 
Join Date: Aug 2007
Location: London, UK
Posts: 184
Likes: 0
Received 0 Likes on 0 Posts
You can do lots of processing with the signal in terms of encryption. Regarding the 'playback attack' you can do something by timestamping the signal so when the drone decrypts the attackers higher strength pre-recorded message it recognises the disparity. The 'playback' attack is a very basic attack even on something as basic as Windows Logon and is therefore fairly well understood by both sides.
demomonkey is offline  
Old 8th Oct 2010, 16:56
  #7 (permalink)  
 
Join Date: May 2007
Location: Banished (twice) to the pointless forest
Posts: 1,558
Likes: 0
Received 0 Likes on 0 Posts
Thread drift

SKYCATCHER TOUCHES ON THE BASIS OF THE FOLLOWING MANTRA:


[If wireless networking was safe, computer companies would use it.]

People are sold wireless routers and BT home Hub devices with talk of Encryption and it seems to work, for the sales people anyway.

Think about this for a second, the password is requested, or offered, (blind) and then accepted, so any handshake, needs to be in the clear and therefore can be monitored.

I don't suppose, given the shambles (of the cctv downlink and no encryption) in recent years, that taking control is impossible.
airpolice is offline  
Old 8th Oct 2010, 18:08
  #8 (permalink)  
 
Join Date: Jun 2009
Location: Canada
Posts: 464
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by airpolice
People are sold wireless routers and BT home Hub devices with talk of Encryption and it seems to work, for the sales people anyway.

Think about this for a second, the password is requested, or offered, (blind) and then accepted, so any handshake, needs to be in the clear and therefore can be monitored.
Uh, there are well-known and well-documented means of securely setting up an encrypted connection with a remote system when both sides have a shared secret (in that case the password); the simplest and most obvious is to just encrypt the messages with the password and if it's not the correct password then the other system will receive gibberish and ignore it. If the UAVs have an encrypted connection using any well-designed modern algorithm then there's no way for an attacker to take control of them; the downside is that if you somehow get the wrong key on one side then there's no way for you to regain control, but that's unlikely unless something damages the computer on the UAV.

The reason companies are reluctant to trust wireless networking is because there have been numerous attacks on early wireless algorithms which weren't designed properly, allowing either insertion of data or recovery of the key. It also allows people to attack the network from outside the building, whereas a wired network requires physical access.
MG23 is offline  
Old 10th Oct 2010, 07:08
  #9 (permalink)  
 
Join Date: Sep 2010
Location: earth
Posts: 1,341
Likes: 0
Received 0 Likes on 0 Posts
Heck, my company can not update FMS/EGPWS..etc etc over wireless because they can not ensure the propritary information can not be stolen. Granted, it is more legal bs than actual technical ability.

If someone can place encryption on data, it is sure that someone else can decrypt it..
grounded27 is offline  
Old 11th Oct 2010, 08:01
  #10 (permalink)  
 
Join Date: Jun 2009
Location: Canada
Posts: 464
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by grounded27
If someone can place encryption on data, it is sure that someone else can decrypt it..
Well, yes, encrypting something that no-one can decrypt is rather pointless.

But any competently implemented encryption system today is unbreakable by any means currently known. The problem is that many encryption systems are not competently implemented, usually because they're designed by people who aren't trained cryptographers and aren't aware of previous attacks.
MG23 is offline  
Old 12th Oct 2010, 14:11
  #11 (permalink)  
 
Join Date: Jan 2004
Location: Germany
Posts: 128
Likes: 0
Received 0 Likes on 0 Posts
Let's rephrase that last sentence ("is unbreakable by any means currently known") to "is unbreakable by any means currently within a reasonable timeframe" which is a key addition.

Given enough time and computing power, you will eventually be able to decrypt anything (after all, its just a bunch of 1's and 0's that are sent "over the air").
But that's not going to happen in real time and as long as the relevant keys are cycled you should be on the safe side as long as the bad guys don't get access to the keys somehow...
Ka8 Flyer is offline  
Old 12th Oct 2010, 14:30
  #12 (permalink)  
 
Join Date: May 2007
Location: Banished (twice) to the pointless forest
Posts: 1,558
Likes: 0
Received 0 Likes on 0 Posts
Given enough time indeed, this guy got 16 months.

This is the mess the legal system is in despite the shedloads of money spent on the national hi tech crime unit.

The right to remain silent has indeed been done away with.


A teenager was jailed yesterday for refusing to hand over his computer password to police during an investigation.
Fast-food worker Oliver Drage, 19, was taken to court after police tried to search his PC after a tip-off only to find it locked with a 50-character encrypted code.
Officers investigating a child exploitation racket ordered Drage to disclose the password hoping the contents of his computer might help their inquiries - but the teenager refused. He was then prosecuted for failing to disclose an encryption key.
This is an offence covered by the Regulation of Investigatory Powers Act 2000, which came into force in 2007 to crack down on terrorists. He is the youngest person in Britain to be convicted of the charge.

Drage of Freckleton, near Blackpool, was sent to a young offender institution for 16 weeks. Police are still trying to decipher his password 17 months after they seized his computer.
Det Sgt Neil Fowler said: "Drage was previously of good character so the immediate custodial sentence handed down by the judge in this case shows just how seriously the courts take this kind of offence."
After being arrested in May 2009, Drage pleaded not guilty at Preston crown court but at a trial last month a jury took less than 15 minutes to convict him.

So a teenager in Blackpool can keep his (whatever) a secret for months but the US Military could not protect the CCTV images from their fleet of UAV mounted cameras.


Iraqi insurgents have reportedly intercepted live video feeds from Predator drones using a $25 Windows application that allows them to track the pilotless aircraft undetected. The US military has fixed the problem, a defense official said on Thursday.

Shiite fighters in Iraq used software programs such as SkyGrabber generally used for satellite television reception and available for as little as $25.95 from Russian company Sky Software, reports the Wall Street Journal.



I don't think the issue is that they can't, but in fact that they won't secure it. More stuff like this will keep happening until everyone understands the principle of data security, which is that it is almost impossible to guarantee as soon as you start sharing the data.
airpolice is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.