Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

GPS Spoofer Hacks Civilian Drone Navigation System

University of Texas researchers built a $1,000 system able to forcibly reroute or crash a civilian drone.

Mission Intelligence: NRO's Newest Spy Satellites
Mission Intelligence: NRO's Newest Spy Satellites
(click image for larger view and for slideshow)
Civilian drones' navigation systems are vulnerable to being taken over by attackers, using "spoofing" equipment that can be built for as little as $1,000.

That fact was demonstrated this month in White Sands, N.M., by a team from the University of Texas at Austin, which was able to redirect a hovering unmanned aerial vehicle (UAV)--otherwise known as a drone--located one kilometer (0.6 miles) away by feeding it arbitrary global positioning system (GPS) data. Officials from the Department of Homeland Security (DHS) were on hand to witness the demonstration, involving a mini helicopter drone owned by the university, reported Fox News, which broke the story.

GPS spoofing "creates false civil GPS signals that trick the vehicle's GPS receiver into thinking nothing is amiss--even as it steers a new navigational course induced by the outside hacker," according to a statement released by the university. Furthermore, civilian drones' navigation systems aren't necessarily the only civilian GPS-using systems at risk. "Because spoofing fools GPS receivers' on both their location and time, some fear that most GPS-reliant devices, infrastructure, and markets are vulnerable to attacks," according to the university.

"I think this demonstration should certainly raise some eyebrows and serve as a wake-up call of sorts as to how safe our critical infrastructure is from spoofing attacks," said Milton R. Clary. Clary is a senior Department of Defense aviation policy analyst at Overlook Systems Technologies, which is working with the government on counter-spoofing technologies--in a statement.

[ Learn more about civilian drones. Read NASA Sees Drones Flying In U.S. Airspace. ]

Last year, Iran claimed to use GPS spoofing to capture a CIA batwing stealth drone that was flying over the country, conducting reconnaissance of potential nuclear energy or weapons production sites. An Iranian engineer reported that the country had been studying U.S. drone technology for weaknesses since 2007.

One student involved in the University of Texas spoofing research, combining custom-developed software as well as $1,000 in parts--described it as a "fusion of electrical engineering and aerospace engineering." Next year, the team plans to intercept a moving drone from 10 kilometers (6 miles) away.

"We're raising the flag early on in this process so there is ample opportunity to improve the security of civilian drones from these attacks, as the government is committed to doing," said project leader Todd Humphreys, an assistant professor in the University of Texas at Austin's engineering department and head of its Radionavigation Laboratory, in a statement. Humphreys, who specializes in "orbital mechanics," in 2008 cofounded startup Coherent Navigation, which aims to harden GPS signals.

Per the FAA Reauthorization Act passed earlier this year, the Federal Aviation Administration must detail rules for allowing unmanned aircraft systems (or UAS, in FAA-speak) to fly in national airspace by 2015.

To that end, Congress instructed the FAA to open six UAS testing sites across the country, and also commissioned a new FAA Office for New Technology, which the agency said will bring together aviation safety and air traffic specialists, while serving "as the FAA's one-stop [shop] for all matters related to civil and public use of unmanned aircraft systems in U.S. airspace."

Civilian uses aside, the military also remains intent on pushing the limits of drones, as demonstrated by a $100,000 DARPA competition to develop a "military-relevant, backpack-portable UAV" that could "perch and stare," meaning either land on a structure or hover about it, for a long enough period to conduct surveillance. But the contest, involving 140 teams and nine finalists, using UAVs that cost up to $10,000 to build, ended without a winner. "The fact that no team completed the baseline scenario reflects the underlying difficulty of the very real challenges of small perch and stare for operational use," according to the DARPA contest website.

More than 900 IT and security professionals responded to InformationWeek’s 2012 Strategic Security Survey. Our results cover a variety of areas critical to information risk management, including cloud, mobility, and software development. Download the 2012 Strategic Security report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
PJS880
50%
50%
PJS880,
User Rank: Ninja
7/1/2012 | 10:38:42 PM
re: GPS Spoofer Hacks Civilian Drone Navigation System
I think that it is very good that the group asked the Department of Defense to be present when showing the demonstration. It shows first hand the effects that spoofing could have and the potential threats that $1000 and a group of educated college students can do with some knowledge and determination. I am looking forward to reading about their next demonstration where they plan to intercept a drone from 10km. Is anybody aware of any other similar experiments that have been conducted to better explain spoofing?

Paul Sprague
InformationWeek Contributor
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
CVE-2020-8247
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...