Hacking Drones

Insurgents have learned how to intercept video relays from drones in Iraq and Afghanistan and the vulnerability has existed for some time. Hacking warfare robots will become more of an issue as they become more commonplace. Think about how network hacking techniques can be applied to war scenarios and vice-versa: botnets – encrypted control channels – session hijacking – stealing authentication codes – passing the hash – backdoors – amplification attacks – denial of service – exploit frameworks – cracking – spoofing. This is also a classic example of OODA loop tactics – “Pentagon assumed local adversaries wouldn’t know how to exploit it.”

Insurgents Hack U.S. Drones

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

Learning from the Drone Hacking Case

What lessons are applicable to your organization? Three points to think about:

1. Putting off dealing with security concerns. While I can understand that adding encryption to a network over a decade old could present problems, the risk the lack of encryption represents has been known about since the 1990s. With each drone costing $10-12 million, and the Air Force expected to buy 375, that is a sizable investment. That cost is in addition to what has been spent.

2. Developing with a lack of standards. Future development with possible different contractors seems unlikely if widely used encryption systems are not readily compatible with the current contractor’s proprietary communications technology. It is also unlikely that sharing information will be possible with allies unless widely encryptions systems can be used.

3. Not being realistic when assessing the risk. The most disturbing point is that “Pentagon assumed local adversaries wouldn’t know how to exploit it.”

SEE ALSO:
OODA Loops

Leave a Reply

You must be logged in to post a comment.