Vulnerabilities / Threats
6/29/2012
11:09 AM
Connect Directly
RSS
E-Mail
50%
50%

GPS Spoofer Hacks Civilian Drone Navigation System

University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.

Mission Intelligence: NRO's Newest Spy Satellites
Mission Intelligence: NRO's Newest Spy Satellites
(click image for larger view and for slideshow)
Civilian drones' navigation systems are vulnerable to being taken over by attackers, using "spoofing" equipment that can be built for as little as $1,000.

That fact was demonstrated this month in White Sands, N.M., by a team from the University of Texas at Austin, which was able to redirect a hovering unmanned aerial vehicle (UAV)--otherwise known as a drone--located one kilometer (0.6 miles) away by feeding it arbitrary global positioning system (GPS) data. Officials from the Department of Homeland Security (DHS) were on hand to witness the demonstration, involving a mini helicopter drone owned by the university, reported Fox News, which broke the story.

GPS spoofing "creates false civil GPS signals that trick the vehicle's GPS receiver into thinking nothing is amiss--even as it steers a new navigational course induced by the outside hacker," according to a statement released by the university. Furthermore, civilian drones' navigation systems aren't necessarily the only civilian GPS-using systems at risk. "Because spoofing fools GPS receivers' on both their location and time, some fear that most GPS-reliant devices, infrastructure, and markets are vulnerable to attacks," according to the university.

"I think this demonstration should certainly raise some eyebrows and serve as a wake-up call of sorts as to how safe our critical infrastructure is from spoofing attacks," said Milton R. Clary. Clary is a senior Department of Defense aviation policy analyst at Overlook Systems Technologies, which is working with the government on counter-spoofing technologies--in a statement.

[ Learn more about civilian drones. Read NASA Sees Drones Flying In U.S. Airspace. ]

Last year, Iran claimed to use GPS spoofing to capture a CIA batwing stealth drone that was flying over the country, conducting reconnaissance of potential nuclear energy or weapons production sites. An Iranian engineer reported that the country had been studying U.S. drone technology for weaknesses since 2007.

One student involved in the University of Texas spoofing research, combining custom-developed software as well as $1,000 in parts--described it as a "fusion of electrical engineering and aerospace engineering." Next year, the team plans to intercept a moving drone from 10 kilometers (6 miles) away.

"We're raising the flag early on in this process so there is ample opportunity to improve the security of civilian drones from these attacks, as the government is committed to doing," said project leader Todd Humphreys, an assistant professor in the University of Texas at Austin's engineering department and head of its Radionavigation Laboratory, in a statement. Humphreys, who specializes in "orbital mechanics," in 2008 cofounded startup Coherent Navigation, which aims to harden GPS signals.

Per the FAA Reauthorization Act passed earlier this year, the Federal Aviation Administration must detail rules for allowing unmanned aircraft systems (or UAS, in FAA-speak) to fly in national airspace by 2015.

To that end, Congress instructed the FAA to open six UAS testing sites across the country, and also commissioned a new FAA Office for New Technology, which the agency said will bring together aviation safety and air traffic specialists, while serving "as the FAA's one-stop [shop] for all matters related to civil and public use of unmanned aircraft systems in U.S. airspace."

Civilian uses aside, the military also remains intent on pushing the limits of drones, as demonstrated by a $100,000 DARPA competition to develop a "military-relevant, backpack-portable UAV" that could "perch and stare," meaning either land on a structure or hover about it, for a long enough period to conduct surveillance. But the contest, involving 140 teams and nine finalists, using UAVs that cost up to $10,000 to build, ended without a winner. "The fact that no team completed the baseline scenario reflects the underlying difficulty of the very real challenges of small perch and stare for operational use," according to the DARPA contest website.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
7/1/2012 | 10:38:42 PM
re: GPS Spoofer Hacks Civilian Drone Navigation System
I think that it is very good that the group asked the Department of Defense to be present when showing the demonstration. It shows first hand the effects that spoofing could have and the potential threats that $1000 and a group of educated college students can do with some knowledge and determination. I am looking forward to reading about their next demonstration where they plan to intercept a drone from 10km. Is anybody aware of any other similar experiments that have been conducted to better explain spoofing?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.