Iran tricked U.S. spy drone into landing in country, report says
Electronic warfare experts used GPS spoofing techniques to snag drone, Christian Science Monitor says
The U.S. RQ-170 Sentinel spy drone that was recently captured and displayed by Iranian authorities may have been tricked into landing in that country after being electronically ambushed.
An unconfirmed report in the Christian Science Monitor Thursday quotes an unnamed Iranian engineer as saying that electronic warfare experts in the country were able to cut off the drone’s communications links and reconfigure its GPS coordinates to trick it into landing in Iran.
The engineer was described as someone working for an Iranian team that is engaged in trying to glean information from the drone.
The techniques used to attack the drone were developed by reverse-engineering older U.S. drones that were either captured or shot down in recent years, the engineer is quoted as saying in the Monitor report. The attack also took advantage of weaknesses in the drone’s navigation system to spoof its landing coordinates and bring it down on Iranian territory.
“The GPS navigation is the weakest point,” the Iranian engineer is quoted as telling the Monitor. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”
According to the Monitor, the GPS spoofing techniques fooled the drone into “landing” at a U.S. military base in Kandahar, Afghanistan, while it was actually landing inside Iran. The drone apparently landed precisely where the Iranians wanted it to without their having to crack remote-control signals and communications from the drone’s control center.
The Jane’s website describes the RQ-170 Sentinel as an unmanned aerial vehicle manufactured by Lockheed Martin for the U.S. Air Force.
The Air Force acknowledged the existence of the drone in December 2009. However, it appears to have been around since at least 2007 based on unofficial photographs of the vehicle taken in Kandahar, according to Jane’s.
Ira Winkler, president of the Internet Security Advisors Group and a Computerworld columnist, said the attack as described sounds plausible. “I saw other reports saying that there was a known vulnerability,” that was exploited, Winkler said. “However there are a couple of things to consider that might not involve direct hacking of the drones.
“For example, if you know where a drone is, and you can beam a stronger GPS signal at the drone than it would get from a satellite, it would pick up the fake signal and think it is somewhere else. If signals arent encrypted, the people with the strongest transmitter win,” he said.
If the drone was captured as described, it wouldn’t be the first time that a U.S. drone has been attacked in a similar fashion.
Two years ago, militants in Iraq and Afghanistan intercepted live video feeds from unmanned U.S. Predator drones using $26 off-the-shelf software called SkyGrabber made by a Russian company.
While there was little evidence that militants were able to gain control of the drones, the interception could have given them vital information on targets under U.S. surveillance. In that case, U.S. officials apparently knew about the possibility of such interception for years but did little to encrypt the data streams.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld.