Not a member yet? Register for full benefits!

Drone Hacking Shows System Vulnerabilities

Drone aircraft have been used by various military throughout the world – notably the US and UK military forces – for a number of years now. Surveillance drones, bomber drones, even fighter drones have taken to the skies over battlefields in Iraq and Afghanistan.

Both the UK and USA have been considering expanding their drone fleets to include civilian activities over their own territories. The UK has plans for civilian-carrying commercial flights under drone control, whilst the US is particularly interested in surveillance drones for police units.

There have been many objections raised to these plans by everything from safety experts to privacy campaigners. However, most of those objections have not included technical reasons why these AI planes could not or perhaps should not be employed as they are currently envisaged.

A research effort from a University of Texas at Austin team has changed that, discovering a security flaw in the US surveillance drone plans as currently envisaged. A flaw through which the craft can be hijacked by outside agencies, and remotely flown into buildings, stolen, or crashed. The UK drones do not exhibit the same flaw because of differences in implementation. The US drones' primary flaw is their reliance on a single artificial sense for position information. More specifically, their reliance on GPS.

When the team consisting of lead researcher Todd Humphreys and colleagues, presented their information to the US department of homeland security, they were met with disbelief, and told to prove it. Put their money where their mouth was so to speak. One of the universities own drone aircraft was loaded with DHS software, the same as the planned police units, and set flying about the campus. The researchers were tasked with stealing it there and then, whilst the officials watched on.

They used GPS spoofing, taking advantage of the fact that non-military GPS systems (such as police units) do not use encrypted GPS. But even if they did encrypt the signal, it does not lessen the base problem their spoofing took advantage of. The drones rely on GPS as their only self-position system. They use visual and radar systems to determine their position relative to any obstacles, but GPS is the only system they use for determining their position relative to their destination. They don't even use altimeters, relying on GPS for height information as well. Wityh a single sense having such an importance as that, it becomes the obvious thing to attack.

Sure enough the helicopter-style surveillance drone hovered happily over the universities football stadium, surveying the events below, in the moments before the team started their hacking attempt – from a point a half mile away from the stadium, and out of the drone's field of sight. The couinterfeit GPS signals were indistinguishable from normal GPS signals, and fed false information to the drone, telling it, it was climbing uncontrollably. The unit was not programmed to consider its own visual data as equally important to its GPS data, and so the GPS overrode what it's camera eyes were telling it, and the unit dropped sharply to compensate for the 'rise'.

It thumped solidly into the ground of the field. Again despite the cameras steadily showing the ground alarmingly screaming near.

Humphreys said the Global Positioning System needs to be fortified with "electronic watermarks" that would make its signals much harder to falsify. That would cost millions of dollars, he said.

But the problem goes much deeper than that. The drones have multiple other senses – such as the camera and radar systems they carry. This research illustrates perhaps morte than any other, that relying on a single sense for your information on the outside world, is quite frankly insane. If the unit has multiple senses, and treats these multiple senses as equals, then one can correct the other. Machine vision capable of determining the relative placement of nearby objects is well within our grasp – in fact both the UK civilian prototypes and the US bomber drones use such machine vision for relative placement.

The problem is, such machine vision systems require more cameras than the surveillance drones would typically carry, a greater on-board computer power to run, and specialist learning software – in short a larger, more costly unit. Unfortunately for the bean-counters, the evidence is now mounting that the simplest systems with a single sense are the easiest to hack, and convince to do crazy things. If they can be convinced to slam into a football field, they can be convinced to slam into the side of a building – which their GPS suddenly informs them, isn't really there. Well, until the unit slams into said building and explodes, anyway.


UT researchers demonstrate vulnerability of civilian drones to hacking

Statesman: UT Researchers Demonstrate Vulnerability of Civilian Drones to Hacking, July 2012

Staff Comments


Untitled Document .