The information necessary to hack a military drone is freely available to the public, in academic publications and online documents, according to an Israeli defense manufacturer.
One such paper was published just a month before Iran claimed it downed a CIA stealth drone in 2011, Esti Peshin said Monday at the Defensive Cyberspace Operations and Intelligence conference in Washington DC. Peshin is the director of cyber programs for Israel Aerospace Industries.
A 2011 study, titled “The Requirements for Successful GPS Spoofing Attacks,” explains how to fool GPS sensors like those in drones by mimicking GPS signals.
There’s no way to know, Peshin said, if this report in fact directly informed the Iranians, but it does go to show how easily available this information is.
“It’s a PDF file… essentially, a blueprint for hackers,” Peshin said. “You can Google, just look up ‘Tippenhauer’ — it’s the first result in Google. Look up ‘UAV cyberattacks’ — it’s the third one. ‘UAV GPS spoofing attacks’ — the first one.”
The study explains how to feed the GPS system fake signals so the drone ends up “losing the ability to calculate its position.” The study then goes on to describe ways to prevent these kinds of attacks as well.
The researchers said their goal was to point out “effective receiver-based countermeasures, which are not implemented yet in current standard GPS receivers.”
In the lag time between when the study was published, and when manufacturers managed to implement fixes, however, its possible that hackers could have used the study to exploit the vulnerabilities in a drone’s systems, Peshin said.
A 2013 assessment from NATO itself detailed the risk of drones being hacked and commandeered.
“At the end of the article, as if this was not enough, they listed several UAVs and said these are riskier than others by the way,” Peshin said.
Included in that short list are the MQ-9 Reaper and the RQ-170 Sentinel, the drone Iran claimed it commandeered and captured.
Iran Downs Drone, Reverse Engineers a Copy
Iran claimed that on December 4, 2011 it managed to bring down an RQ-170 Sentinel in its airspace. Though doubts circulated about Iran’s claims — most notable was the skepticism of then-Secretary of Defense Leon Panetta — the White House tacitly acknowledged as much when it later asked for the drone to be returned.
But Tehran said it wanted to reverse engineer the drone. In Feb. 2013, Iran released footage purportedly decoded from the drone’s systems.
In May 2014, Iran unveiled what it claimed was a successful copy of the Sentinel drone, and in November released a video purporting to show the drone’s first successful flight.
“We promised that a model of RQ-170 would fly in the second half of the year, and this has happened. A film of the flight will be released soon,” Brigadier General Amir Ali Hajizadeh told the IRNA state news agency at the time of the announcement.
Each subsequent announcement — including the veracity of the flight video — has been challenged by skeptics. But the NATO report, in its section on the Iran’s claims, admits, “Although the described attack is difficult to execute, it is not impossible.”
Even though the details of how Iran got the drone remain “controversial” and the report goes on to outline two possible explanations emphasizing that “[b]oth theories indicate security problems.”