Domestic drones can be hijacked, turned into weapons, researchers show
- By Kathleen Hickey
- Jun 29, 2012
A research team from the University of Texas at Austin's Radionavigation Laboratory recently demonstrated to federal officials that anyone with $1,000 and technological know-how can take over a drone for nefarious purposes, potentially leading to the United States facing attacks from its own drones.
Professor Todd Humphreys and his team performed the demonstration June 19 at the White Sands Missile Range in New Mexico, showing officials from the Homeland Security Department and the Federal Aviation Administration how they used spoofing technology to hijack the drones.
Spoofing tricks a Global Positioning System device into thinking false information sent to it is real. Until now, the primary concern with unmanned aerial vehicles was GPS jamming, which was suspected when Iran downed a U.S. drone in December. Successful spoofing would allow an attacker to take control.
Domestic drones: What are they good for?
Should domestic drone regs be loosened?
Speaking to FoxNews after the demonstration, Humphreys noted that in five or 10 years, the United States could have 30,000 drones operating within its borders.
“Each one of these could be a potential missile used against us,” he said. For example, a drone used by FedEx to deliver packages could be hijacked and used as a missile. They could be used to crash into other planes or buildings, killing people. “That’s the same mentality the 9-11 attackers had,” he said.
Most drones that will fly over the U.S. will rely on civilian GPS, which is not encrypted and open to infiltration.
In a January GPS World article by Humphreys and Kyle Wesson and Daniel Shepard, both post-graduate students at the University of Texas and members of the Radionavigation Laboratory, the authors noted the “tough sell” of security, with a primary challenge being the “tremendous inertia behind GPS signal definitions. ... Although promising anti-spoofing techniques exist, the reality is that no anti-spoofing techniques currently defend civil GPS receivers.”
“It just shows that the kind of mentality that we got after 9-11, where we reinforced the cockpit door to prevent people hijacking planes — well, we need to adopt that mentality as far as the navigation systems for these UAVs,” Humphreys said to FoxNews.
The hacking threat could grow as more and more departments and agencies at the federal, state and local levels are using unmanned aircraft systems (UAS), also known as unmanned aerial vehicles (UAVs), within the United States. A bill in Congress could dramatically increase the number of drones allowed in U.S. airspace, reported GCN in February.
Currently the FAA is restricting drone usage for fear of midair collisions. Any public agency seeking to operate unmanned aircraft systems must apply for a certificate of authorization. In addition, the operator must maintain visual contact with the aircraft.
Originally built for the military for reconnaissance and attack, drones today are used for a variety of purposes, including inspecting dams, and monitoring changes in wildlife populations and river erosion. Researchers are building their own, smaller drones. In fact, you can build one yourself for less than $800.
Plus, drones aren’t the only GPS systems that could be hijacked. “One could use the technology to spoof aircraft, ship, or vehicle navigation systems that feature unencrypted GPS systems (think of what would happen to a spoofed autonomously driven car). This technique could even be used to bring down a smart grid or financial market, Robert N. Charette of the Institute of Electrical and Electronics Engineers (IEEE) wrote in a recent blog post on the drone hack.
Commercial airliners are relying more and more heavily on GPS signals to locate airport runways, Charette noted. Next-generation air traffic control will rely on GPS for navigation; funding for the project was approved by Congress earlier this year.
However, both government and industry are working to improve GPS security. DHS has established a Detection and Mitigation (IDM) Program to address the issue, although the program is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers, said FoxNews.
In a note to IEEE’s blog post, the nonprofit Association of Unmanned Vehicle Systems International’s President and CEO Michael Toscano wrote that the UAV industry is developing anti-spoofing technologies, such as Selective Availability Anti-Spoofing Module.
“This technology is already in use by the military to thwart GPS spoofing abroad, and we expect it will transition to civilian unmanned aircraft in the coming years to protect aircraft flying in the national airspace,” he wrote. He also pointed out that some UAVs have alternate navigation systems that provide backup to GPS, and that they have a person at the controls.
Kathleen Hickey is a freelance writer for GCN.