Domestic drones can be hijacked, turned into weapons, researchers show

A research team from the University of Texas at Austin's Radionavigation Laboratory recently demonstrated to federal officials that anyone with $1,000 and technological know-how can take over a drone for nefarious purposes, potentially leading to the United States facing attacks from its own drones.

Professor Todd Humphreys and his team performed the demonstration June 19 at the White Sands Missile Range in New Mexico, showing officials from the Homeland Security Department and the Federal Aviation Administration how they used spoofing technology to hijack the drones.

Spoofing tricks a Global Positioning System device into thinking false information sent to it is real. Until now, the primary concern with unmanned aerial vehicles was GPS jamming, which was suspected when Iran downed a U.S. drone in December. Successful spoofing would allow an attacker to take control.


Related stories:

Domestic drones: What are they good for?

Should domestic drone regs be loosened?


Speaking to FoxNews after the demonstration, Humphreys noted that in five or 10 years, the United States could have 30,000 drones operating within its borders.

“Each one of these could be a potential missile used against us,” he said. For example, a drone used by FedEx to deliver packages could be hijacked and used as a missile. They could be used to crash into other planes or buildings, killing people. “That’s the same mentality the 9-11 attackers had,” he said.

Most drones that will fly over the U.S. will rely on civilian GPS, which is not encrypted and open to infiltration.

In a January GPS World article by Humphreys and Kyle Wesson and Daniel Shepard, both post-graduate students at the University of Texas and members of the Radionavigation Laboratory, the authors noted the “tough sell” of security, with a primary challenge being the “tremendous inertia behind GPS signal definitions. ... Although promising anti-spoofing techniques exist, the reality is that no anti-spoofing techniques currently defend civil GPS receivers.”

“It just shows that the kind of mentality that we got after 9-11, where we reinforced the cockpit door to prevent people hijacking planes — well, we need to adopt that mentality as far as the navigation systems for these UAVs,” Humphreys said to FoxNews.

The hacking threat could grow as more and more departments and agencies at the federal, state and local levels are using unmanned aircraft systems (UAS), also known as unmanned aerial vehicles (UAVs), within the United States. A bill in Congress could dramatically increase the number of drones allowed in U.S. airspace, reported GCN in February.

Currently the FAA is restricting drone usage for fear of midair collisions. Any public agency seeking to operate unmanned aircraft systems must apply for a certificate of authorization. In addition, the operator must maintain visual contact with the aircraft.

Originally built for the military for reconnaissance and attack, drones today are used for a variety of purposes, including inspecting dams, and monitoring changes in wildlife populations and river erosion. Researchers are building their own, smaller drones. In fact, you can build one yourself for less than $800.

Plus, drones aren’t the only GPS systems that could be hijacked. “One could use the technology to spoof aircraft, ship, or vehicle navigation systems that feature unencrypted GPS systems (think of what would happen to a spoofed autonomously driven car). This technique could even be used to bring down a smart grid or financial market, Robert N. Charette of the Institute of Electrical and Electronics Engineers (IEEE) wrote in a recent blog post on the drone hack.

Commercial airliners are relying more and more heavily on GPS signals to locate airport runways, Charette noted. Next-generation air traffic control will rely on GPS for navigation; funding for the project was approved by Congress earlier this year.

However, both government and industry are working to improve GPS security. DHS has established a Detection and Mitigation (IDM) Program to address the issue, although the program is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers, said FoxNews.

In a note to IEEE’s blog post, the nonprofit Association of Unmanned Vehicle Systems International’s President and CEO Michael Toscano wrote that the UAV industry is developing anti-spoofing technologies, such as Selective Availability Anti-Spoofing Module.

“This technology is already in use by the military to thwart GPS spoofing abroad, and we expect it will transition to civilian unmanned aircraft in the coming years to protect aircraft flying in the national airspace,” he wrote. He also pointed out that some UAVs have alternate navigation systems that provide backup to GPS, and that they have a person at the controls.

Reader Comments

Wed, Aug 29, 2012 ConcernedPerson Bristol

"Successful spoofing would allow an attacker to take control." And successful GPS jamming would allow anyone to protect themselves from those drones when attacker will take control over them. This technology is great because drones cannot avoid it. More details at jammer-store.com and their blog.

Fri, Jul 6, 2012 CR

There have been a number of "official suggestions" for solving spoofing such as the "Selective Availability Anti-Spoofing Module". Unfortunatly they all have disadvantages one such is that the conventional encryption of the GPS signal needs to be decrypted to be of use which requires the "decryption key" is "known in advance". Thus for a suitably sophisticated adversary there is the practical possibility that they will reverse engineer the anti-tamper module and forward engineer a spoofing system. A similar argument applies for unconventional encryption systems. Thus it is better to look for alternative solutions to the problem that are effectivly "out of channel". As another commenter has indicated there are systems that use other physical data in the form of terrain following, celestial navigation etc. However each of these external sources have their own issues such as "knowing the terrain" prior to flight and being able to see the stars at all times of day etc. Thus there are internal physical properties that can be used such as inertial navigation which provides a reasonable approximation to cross check against. Another method is to actually use the charecteristics of the spoofing signal to identify it is not the actual GPS satellites. There are a number of ways to do this but the simplest to understand is if you use two or more receiving antennas on the drone that are then compared. If done correctly the distance via the radius can be deduced and unless the originator of the spoofing signals can be at the right place it's radius will be wrong. As the satellites are on very accuratly known orbits their possitions in the short term future (considerably longer than a drone flight time) are also known with significant accuracy. Whilst not making spoofing impossible (there are still some types of replay attack that in theory...) it makes using the existing and future systems significantly more robust if the receiver antennas are mounted sufficiently far appart.

Mon, Jul 2, 2012

We've known about-man-in-the middle attacks and what could be compromised. This seems like a "no duh" moment. In 2003, OMB issued M-04-04. People are supposed to evaluate the danger of information being compromised. While the focus was on compromise of PII (confidentiality), the effect of compromise on integrity or availablity still needs to be evaluated during the risk assessment. I really find it hard to believe that the integrity of GPS data wasn't debated at the agency that funded the satellite. This is the problem with having managers not being held responsible for past funding decisions.

Mon, Jul 2, 2012 SoutheastUS

Check systems, such as celestial navigation by cosmic radio sources as well as terrestrial methods using the earth's magnetic field and detailed magnetic maps as well as radar/laser terrain mapping can "double-check" GPS signals and drop GPS use altogether if it differs too much from the other "check" methods of navigation.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above