Vulnerabilities / Threats
6/29/2012
11:09 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

GPS Spoofer Hacks Civilian Drone Navigation System

University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.

Mission Intelligence: NRO's Newest Spy Satellites
Mission Intelligence: NRO's Newest Spy Satellites
(click image for larger view and for slideshow)
Civilian drones' navigation systems are vulnerable to being taken over by attackers, using "spoofing" equipment that can be built for as little as $1,000.

That fact was demonstrated this month in White Sands, N.M., by a team from the University of Texas at Austin, which was able to redirect a hovering unmanned aerial vehicle (UAV)--otherwise known as a drone--located one kilometer (0.6 miles) away by feeding it arbitrary global positioning system (GPS) data. Officials from the Department of Homeland Security (DHS) were on hand to witness the demonstration, involving a mini helicopter drone owned by the university, reported Fox News, which broke the story.

GPS spoofing "creates false civil GPS signals that trick the vehicle's GPS receiver into thinking nothing is amiss--even as it steers a new navigational course induced by the outside hacker," according to a statement released by the university. Furthermore, civilian drones' navigation systems aren't necessarily the only civilian GPS-using systems at risk. "Because spoofing fools GPS receivers' on both their location and time, some fear that most GPS-reliant devices, infrastructure, and markets are vulnerable to attacks," according to the university.

"I think this demonstration should certainly raise some eyebrows and serve as a wake-up call of sorts as to how safe our critical infrastructure is from spoofing attacks," said Milton R. Clary. Clary is a senior Department of Defense aviation policy analyst at Overlook Systems Technologies, which is working with the government on counter-spoofing technologies--in a statement.

[ Learn more about civilian drones. Read NASA Sees Drones Flying In U.S. Airspace. ]

Last year, Iran claimed to use GPS spoofing to capture a CIA batwing stealth drone that was flying over the country, conducting reconnaissance of potential nuclear energy or weapons production sites. An Iranian engineer reported that the country had been studying U.S. drone technology for weaknesses since 2007.

One student involved in the University of Texas spoofing research, combining custom-developed software as well as $1,000 in parts--described it as a "fusion of electrical engineering and aerospace engineering." Next year, the team plans to intercept a moving drone from 10 kilometers (6 miles) away.

"We're raising the flag early on in this process so there is ample opportunity to improve the security of civilian drones from these attacks, as the government is committed to doing," said project leader Todd Humphreys, an assistant professor in the University of Texas at Austin's engineering department and head of its Radionavigation Laboratory, in a statement. Humphreys, who specializes in "orbital mechanics," in 2008 cofounded startup Coherent Navigation, which aims to harden GPS signals.

Per the FAA Reauthorization Act passed earlier this year, the Federal Aviation Administration must detail rules for allowing unmanned aircraft systems (or UAS, in FAA-speak) to fly in national airspace by 2015.

To that end, Congress instructed the FAA to open six UAS testing sites across the country, and also commissioned a new FAA Office for New Technology, which the agency said will bring together aviation safety and air traffic specialists, while serving "as the FAA's one-stop [shop] for all matters related to civil and public use of unmanned aircraft systems in U.S. airspace."

Civilian uses aside, the military also remains intent on pushing the limits of drones, as demonstrated by a $100,000 DARPA competition to develop a "military-relevant, backpack-portable UAV" that could "perch and stare," meaning either land on a structure or hover about it, for a long enough period to conduct surveillance. But the contest, involving 140 teams and nine finalists, using UAVs that cost up to $10,000 to build, ended without a winner. "The fact that no team completed the baseline scenario reflects the underlying difficulty of the very real challenges of small perch and stare for operational use," according to the DARPA contest website.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
7/1/2012 | 10:38:42 PM
re: GPS Spoofer Hacks Civilian Drone Navigation System
I think that it is very good that the group asked the Department of Defense to be present when showing the demonstration. It shows first hand the effects that spoofing could have and the potential threats that $1000 and a group of educated college students can do with some knowledge and determination. I am looking forward to reading about their next demonstration where they plan to intercept a drone from 10km. Is anybody aware of any other similar experiments that have been conducted to better explain spoofing?

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web