An Iranian engineer working on the captured US drone has said that Iran exploited a weakness in the craft’s navigation system to hijack it. The aircraft was downed through a relatively unsophisticated cyber-attack that tricked its global positioning systems (GPS).
The technique, known as “GPS spoofing” has been around for several years, and the Iranians began studying it in 2007, the engineer reportedly said. The U.S. Department of Energy notes that GPS is widely used, but insecure, although few users have taken note. GPS signals for the U.S. military are similarly insecure, and drones often rely on signals from multiple satellites. It’s possible to spoof unencrypted civilian GPS systems. But military GPS receivers, such as the one likely installed on the missing drone, use the encrypted P(Y)-code to communicate with satellites.
“With spoofing, an adversary provides fake GPS signals. This convinces the GPS receiver that it is located in the wrong place and/or time,” the vulnerability assessment team at Argonne National Laboratory explained. “Remarkably, spoofing can be accomplished without having much knowledge about electronics, computers, or GPS itself.”
Other drone vulnerabilities have also highlighted security fears. In October, Danger Room broke the news that the cockpits at the Air Force’s drone fleet based out of Creech Air Force Base in Nevada were infected with a virus. Malware had apparently made its way onto computers because someone had been using one to play the Mafia Wars game a stunning security faux pas.
The RQ-170 Sentinel has been seen on display by Iran’s gloating military after it went missing along the Afghan-Iran border earlier this month – but a former Pentagon official said it seems to be a fake. However the engineer working on the CIA drone’s system told the Christian Science Monitor that his country fooled the aircraft into touching down in Iran – instead of its programmed destination.The engineer claimed the electronic attack made it ‘land on its own where we wanted it to, without having to crack the remote-control signals and communications’ from the U.S. control centre.
The drone was used for covert surveillance such as the operation to spy on the Pakistan compound of Osama Bin Laden before he was killed in a U.S. raid in May.Iranian officials have said the drone came down over eastern Iran, hundreds of miles from the cluster of nuclear sites in the central and north-west of the country.They believe they can ‘mass produce’ the captured drone by ‘reverse engineering’ the aircraft.