PDA

View Full Version : stealth drone gps hacked



graffix
12-17-2011, 11:06 AM
http://news.yahoo.com/video/world-15749633/top-secret-stealth-drone-captured-by-iran-27497154.html;_ylt=AtfEoicAKO.CBRlX3HbpYaOzoc0F;_y lu=X3oDMTJzM2NrcGY2BG1pdANWaWRlbyBCcm93c2UgQ2Fyb3V zZWwEcGtnA2lkLTI3NDk3MTU0BHBvcwMzBHNlYwNNZWRpYUNhc m91c2VsQ2hhbm5lbFZpZGVvc0Rpc2NvdmVyeQR2ZXID;_ylg=X 3oDMTFub3NkcmFlBGludGwDdXMEbGFuZwNlbi11cwRwc3RhaWQ DBHBzdGNhdAMEcHQDdmlkLWdhbGxlcnkEdGVzdAM-;_ylv=3

http://www.yahoo.com/_ylt=AvbLPt6mTciX_NmW.ZQdO_2bvZx4;_ylc=X3oDMWE0YTQ ydWFoBF9TAzIwMjM1MzgwNzUEYQMxMTEyMTYgbmV3cy10ZWNoI GlyYW4gZHJvbmUgY2xhaW0gdARjY29kZQNwemJ1ZmNhaDUEY3B vcwMzBGQDc3QEZWQDMQRnA2lkLTgzMzAwOQRpbnRsA3VzBGl0Y wMwBGx0eHQDS25vd25wcm9ibGVtBG1jb2RlA3B6YnVhbGxjYWg 1BG1wb3MDMQRwa2d0AzEEcGtndgM4BHBvcwMzBHNlYwN0ZC1mZ WEEc2xrA21vcmUEdGFyA2h0dHA6Ly9uZXdzLnlhaG9vLmNvbS9 ibG9ncy90ZWNobm9sb2d5LWJsb2cvaXJhbi1tYXktY2FwdHVyZ WQtdS1zdGVhbHRoLWRyb25lLWhhY2tpbmctZ3BzLTAzMDQ0NzQ 2OS5odG1sBHRlc3QDNzAxBHdvZQMxMjc2MzQ2NA--/SIG=13s134ijj/EXP=1324209866/**http%3A//news.yahoo.com/blogs/technology-blog/iran-may-captured-u-stealth-drone-hacking-gps-030447469.html

Loopy Byteloose
12-17-2011, 12:01 PM
I suspect this may have been involved. It may also be the case with the current USA crisis with Pakistan over 24 military killed in a US attack that the coordinates submitted to the Pakistani for approval were 15KM away from the true target.

It is a brave new world if GPS can be effectively hacked.

Ron Czapala
12-17-2011, 12:39 PM
http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer-Video
Istanbul, Turkey

Iran guided the CIA's "lost" stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone's systems inside Iran.

Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian military and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.

Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.

"The GPS navigation is the weakest point," the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran's "electronic ambush" of the highly classified US drone. "By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain."

The “spoofing” technique that the Iranians used – which took into account precise landing altitudes, as well as latitudinal and longitudinal data – made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.

The revelations about Iran's apparent electronic prowess come as the US, Israel, and some European nations appear to be engaged in an ever-widening covert war with Iran, which has seen assassinations of Iranian nuclear scientists, explosions at Iran's missile and industrial facilities, and the Stuxnet computer virus that set back Iran’s nuclear program.

Now this engineer’s account of how Iran took over one of America’s most sophisticated drones suggests Tehran has found a way to hit back. The techniques were developed from reverse-engineering several less sophisticated American drones captured or shot down in recent years, the engineer says, and by taking advantage of weak, easily manipulated GPS signals, which calculate location and speed from multiple satellites.

Western military experts and a number of published papers on GPS spoofing indicate that the scenario described by the Iranian engineer is plausible.

"Even modern combat-grade GPS [is] very susceptible” to manipulation, says former US Navy electronic warfare specialist Robert Densmore, adding that it is “certainly possible” to recalibrate the GPS on a drone so that it flies on a different course. “I wouldn't say it's easy, but the technology is there.”

In 2009, Iran-backed Shiite militants in Iraq were found to have downloaded live, unencrypted video streams from American Predator drones with inexpensive, off-the-shelf software. But Iran’s apparent ability now to actually take control of a drone is far more significant.

Iran asserted its ability to do this in September, as pressure mounted over its nuclear program.
Gen. Moharam Gholizadeh, the deputy for electronic warfare at the air defense headquarters of the Islamic Revolutionary Guard Corps (IRGC), described to Fars News how Iran could alter the path of a GPS-guided missile – a tactic more easily applied to a slower-moving drone.

“We have a project on hand that is one step ahead of jamming, meaning ‘deception’ of the aggressive systems,” said Gholizadeh, such that “we can define our own desired information for it so the path of the missile would change to our desired destination.”

Gholizadeh said that “all the movements of these [enemy drones]” were being watched, and “obstructing” their work was “always on our agenda.”
That interview has since been pulled from Fars’ Persian-language website. And last month, the relatively young Gholizadeh died of a heart attack, which some Iranian news sites called suspicious – suggesting the electronic warfare expert may have been a casualty in the covert war against Iran.

Iran's growing electronic capabilities

Iranian lawmakers say the drone capture is a "great epic" and claim to be "in the final steps of breaking into the aircraft's secret code."

Secretary of Defense Leon Panetta told Fox News on Dec. 13 that the US will "absolutely" continue the drone campaign over Iran, looking for evidence of any nuclear weapons work. But the stakes are higher for such surveillance, now that Iran can apparently disrupt the work of US drones.

US officials skeptical of Iran’s capabilities blame a malfunction, but so far can't explain how Iran acquired the drone intact. One American analyst ridiculed Iran’s capability, telling Defense News that the loss was “like dropping a Ferrari into an ox-cart technology culture.”

Yet Iran’s claims to the contrary resonate more in light of new details about how it brought down the drone – and other markers that signal growing electronic expertise.

A former senior Iranian official who asked not to be named said: "There are a lot of human resources in Iran.... Iran is not like Pakistan."

“Technologically, our distance from the Americans, the Zionists, and other advanced countries is not so far to make the downing of this plane seem like a dream for us … but it could be amazing for others,” deputy IRGC commander Gen. Hossein Salami said this week.

According to a European intelligence source, Iran shocked Western intelligence agencies in a previously unreported incident that took place sometime in the past two years, when it managed to “blind” a CIA spy satellite by “aiming a laser burst quite accurately.”

More recently, Iran was able to hack Google security certificates, says the engineer. In September, the Google accounts of 300,000 Iranians were made accessible by hackers. The targeted company said "circumstantial evidence" pointed to a "state-driven attack" coming from Iran, meant to snoop on users.

Cracking the protected GPS coordinates on the Sentinel drone was no more difficult, asserts the engineer.
US knew of GPS systems' vulnerability

Use of drones has become more risky as adversaries like Iran hone countermeasures. The US military has reportedly been aware of vulnerabilities with pirating unencrypted drone data streams since the Bosnia campaign in the mid-1990s.

Top US officials said in 2009 that they were working to encrypt all drone data streams in Iraq, Pakistan, and Afghanistan – after finding militant laptops loaded with days' worth of data in Iraq – and acknowledged that they were "subject to listening and exploitation."

Perhaps as easily exploited are the GPS navigational systems upon which so much of the modern military depends.

"GPS signals are weak and can be easily outpunched [overridden] by poorly controlled signals from television towers, devices such as laptops and MP3 players, or even mobile satellite services," Andrew Dempster, a professor from the University of New South Wales School of Surveying and Spatial Information Systems, told a
March conference on GPS vulnerability in Australia.

"This is not only a significant hazard for military, industrial, and civilian transport and communication systems, but criminals have worked out how they can jam GPS," he says.

The US military has sought for years to fortify or find alternatives to the GPS system of satellites, which are used for both military and civilian purposes. In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.

“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” reads the Los Alamos report. “In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.”

The vulnerability remains unresolved, and a paper presented at a Chicago communications security conference in October laid out parameters for successful spoofing of both civilian and military GPS units to allow a "seamless takeover" of drones or other targets.

To “better cope with hostile electronic attacks,” the US Air Force in late September awarded two $47 million contracts to develop a "navigation warfare" system to replace GPS on aircraft and missiles, according to the Defense Update website.

Official US data on GPS describes "the ongoing GPS modernization program" for the Air Force, which "will enhance the jam resistance of the military GPS service, making it more robust."

Why the drone's underbelly was damaged

Iran's drone-watching project began in 2007, says the Iranian engineer, and then was stepped up and became public in 2009 – the same year that the RQ-170 was first deployed in Afghanistan with what were then state-of-the-art surveillance systems.

In January, Iran said it had shot down two conventional (nonstealth) drones, and in July, Iran showed Russian experts several US drones – including one that had been watching over the underground uranium enrichment facility at Fordo, near the holy city of Qom.

In capturing the stealth drone this month at Kashmar, 140 miles inside northeast Iran, the Islamic Republic appears to have learned from two years of close observation.
Iran displayed the drone on state-run TV last week, with a dent in the left wing and the undercarriage and landing gear hidden by anti-American banners.

The Iranian engineer explains why: "If you look at the location where we made it land and the bird's home base, they both have [almost] the same altitude," says the Iranian engineer. "There was a problem [of a few meters] with the exact altitude so the bird's underbelly was damaged in landing; that's why it was covered in the broadcast footage."

Prior to the disappearance of the stealth drone earlier this month, Iran’s electronic warfare capabilities were largely unknown – and often dismissed.
"We all feel drunk [with happiness] now," says the Iranian engineer. "Have you ever had a new laptop? Imagine that excitement multiplied many-fold." When the Revolutionary Guard first recovered the drone, they were aware it might be rigged to self-destruct, but they "were so excited they could not stay away."

graffix
12-17-2011, 01:22 PM
Question if they put noise on the communications (jammed) and put it in autopilot (coasting) how were they able to communicate with it at that time?

Ron Czapala
12-17-2011, 01:42 PM
Question if they put noise on the communications (jammed) and put it in autopilot (coasting) how were they able to communicate with it at that time?

Apparently once it went to autopilot (along with the spoofing of the GPS location), it landed itself.


The “spoofing” technique that the Iranians used – which took into account precise landing altitudes, as well as latitudinal and longitudinal data – made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.

W9GFO
12-17-2011, 01:57 PM
I would have thought that these things had inertial navigation, dead reckoning at least.

Loopy Byteloose
12-17-2011, 03:27 PM
And it would seem that rather than merely making a force landing with auto-pilot, there would at the least be a self-destruct in a combat context of the most sensitive portions. But we will never really know - will we?

Kevin Wood
12-17-2011, 05:06 PM
Question if they put noise on the communications (jammed) and put it in autopilot (coasting) how were they able to communicate with it at that time?

The command & control data link and GPS signals would have been on different frequencies, so jamming one signal shouldn't have affected the other, provided they were far enough apart.

The theory here is that if the command & control link is lost (in this case via jamming), then the UAV would revert to autopilot and return to base. If the GPS was spoofed at this point, the UAV would think that the base was somewhere other than the real location.

tl;dr - ALL YOUR BASE ARE BELONG TO US! :)

W9GFO
12-17-2011, 05:16 PM
How hard would it be to program the UAV to navigate back to friendly airspace when communication is lost whilst cross checking dead reckoning with GPS, and weighing more heavily on the former, knowing that GPS is able to be spoofed?

I think there are some significant details that are being held back.

graffix
12-17-2011, 05:19 PM
The command & control data link and GPS signals would have been on different frequencies, so jamming one signal shouldn't have affected the other, provided they were far enough apart.

The theory here is that if the command & control link is lost (in this case via jamming), then the UAV would revert to autopilot and return to base. If the GPS was spoofed at this point, the UAV would think that the base was somewhere other than the real location.

tl;dr - ALL YOUR BASE ARE BELONG TO US! :)
That makes sense, thanks

Gadgetman
12-17-2011, 07:03 PM
I'm really not surprised about this.

For America 'data security' seems to mean 'Something not sold directly to Iran'.
Unencrypted videostreams...
No form of 'doublechecking' the GPS data it receives.
No self-destruct on sensitive equipment...

The US Army is testing GPS-guided artillery-shells, the air force has GPS-guided 'smart' bombs...
Imagine that the enemy fears that GPS tech is being used against them, and activates a 'GPS jumper' system that randomly shifts the co-ordinates 200meters after the weapons is launched?

During the Libya campaign, the Norwegian Airforce released a couple of pictures of a command-bunker in the middle of a city.
The first was a night-time (IR) targetting picture, the second was of the explosion, and the third(taken the day after) shows the remains of he building, with a 'neat' hole in the middle of the roof, and no significant damage to the civilian buildings around it.
(That smart-bomb was dropped using laser-guidance, though)
A miss of 20meters during that one mission and the nearby buildings would have been badly damaged.

frank freedman
12-18-2011, 04:34 AM
So, according to the article Ron posted, I could technically cause a GPS to be unable to determine where it was and then "allow it to recover its signal" but using the data to make it think it is now where it is not. Glad that I fly seldom, and don't know enough to be concerned if that is all the commercial air relies on for position. Do they still track w/ radar, or is it now just gps coordinates sent to ATC to update the position to controllers? Yep, the less ya know, the better..............

Frank

As a side note, how were we tracking the drone? Was someone asleep at the switch when it deviated and did some very strange and unplanned moves.....

Gadgetman
12-18-2011, 10:55 AM
Yes, it can definitely mess with a JDAM. Not enough to cause damage to whoever dropped it, I guess, but enough to steer it away from whatever target it's aimed at, if they can spot it early enough.
JDAM also have inertial guidance, but I'm willing to bet that GPS is the main control, and inertial is there just in case GPS signal is lost.

Clock Loop
12-18-2011, 02:47 PM
What do we expect to happen when we allow our out of control government to spend all our money on war instead of education, innovation, business, invention, and science.

Inexcusable.

87760


Spreading our power too far and wide allows weakness at every location.

"In the grand scheme of things, the actual numbers aren’t all that important. Whether the most accurate total is 900 bases, 1,000 bases or 1,100 posts in foreign lands, what’s undeniable is that the US military maintains…an empire of bases so large and shadowy that no one – not even at the Pentagon – really knows its full size and scope…An honest count of US bases abroad – a true, full and comprehensive list – would be a tiny first step in the necessary process of downsizing the global mission."

No wonder why we can't even solve a simple gps problem, too many baskets, not enough apples.
A problem that many of us on this forum could have answered years ago.