Vulnerabilities / Threats
6/29/2012
11:09 AM
Connect Directly
RSS
E-Mail
50%
50%

GPS Spoofer Hacks Civilian Drone Navigation System

University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.

Mission Intelligence: NRO's Newest Spy Satellites
Mission Intelligence: NRO's Newest Spy Satellites
(click image for larger view and for slideshow)
Civilian drones' navigation systems are vulnerable to being taken over by attackers, using "spoofing" equipment that can be built for as little as $1,000.

That fact was demonstrated this month in White Sands, N.M., by a team from the University of Texas at Austin, which was able to redirect a hovering unmanned aerial vehicle (UAV)--otherwise known as a drone--located one kilometer (0.6 miles) away by feeding it arbitrary global positioning system (GPS) data. Officials from the Department of Homeland Security (DHS) were on hand to witness the demonstration, involving a mini helicopter drone owned by the university, reported Fox News, which broke the story.

GPS spoofing "creates false civil GPS signals that trick the vehicle's GPS receiver into thinking nothing is amiss--even as it steers a new navigational course induced by the outside hacker," according to a statement released by the university. Furthermore, civilian drones' navigation systems aren't necessarily the only civilian GPS-using systems at risk. "Because spoofing fools GPS receivers' on both their location and time, some fear that most GPS-reliant devices, infrastructure, and markets are vulnerable to attacks," according to the university.

"I think this demonstration should certainly raise some eyebrows and serve as a wake-up call of sorts as to how safe our critical infrastructure is from spoofing attacks," said Milton R. Clary. Clary is a senior Department of Defense aviation policy analyst at Overlook Systems Technologies, which is working with the government on counter-spoofing technologies--in a statement.

[ Learn more about civilian drones. Read NASA Sees Drones Flying In U.S. Airspace. ]

Last year, Iran claimed to use GPS spoofing to capture a CIA batwing stealth drone that was flying over the country, conducting reconnaissance of potential nuclear energy or weapons production sites. An Iranian engineer reported that the country had been studying U.S. drone technology for weaknesses since 2007.

One student involved in the University of Texas spoofing research, combining custom-developed software as well as $1,000 in parts--described it as a "fusion of electrical engineering and aerospace engineering." Next year, the team plans to intercept a moving drone from 10 kilometers (6 miles) away.

"We're raising the flag early on in this process so there is ample opportunity to improve the security of civilian drones from these attacks, as the government is committed to doing," said project leader Todd Humphreys, an assistant professor in the University of Texas at Austin's engineering department and head of its Radionavigation Laboratory, in a statement. Humphreys, who specializes in "orbital mechanics," in 2008 cofounded startup Coherent Navigation, which aims to harden GPS signals.

Per the FAA Reauthorization Act passed earlier this year, the Federal Aviation Administration must detail rules for allowing unmanned aircraft systems (or UAS, in FAA-speak) to fly in national airspace by 2015.

To that end, Congress instructed the FAA to open six UAS testing sites across the country, and also commissioned a new FAA Office for New Technology, which the agency said will bring together aviation safety and air traffic specialists, while serving "as the FAA's one-stop [shop] for all matters related to civil and public use of unmanned aircraft systems in U.S. airspace."

Civilian uses aside, the military also remains intent on pushing the limits of drones, as demonstrated by a $100,000 DARPA competition to develop a "military-relevant, backpack-portable UAV" that could "perch and stare," meaning either land on a structure or hover about it, for a long enough period to conduct surveillance. But the contest, involving 140 teams and nine finalists, using UAVs that cost up to $10,000 to build, ended without a winner. "The fact that no team completed the baseline scenario reflects the underlying difficulty of the very real challenges of small perch and stare for operational use," according to the DARPA contest website.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
7/1/2012 | 10:38:42 PM
re: GPS Spoofer Hacks Civilian Drone Navigation System
I think that it is very good that the group asked the Department of Defense to be present when showing the demonstration. It shows first hand the effects that spoofing could have and the potential threats that $1000 and a group of educated college students can do with some knowledge and determination. I am looking forward to reading about their next demonstration where they plan to intercept a drone from 10km. Is anybody aware of any other similar experiments that have been conducted to better explain spoofing?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.