How to hijack a drone using GPS spoofing
By Stewart Mitchell
Posted on 9 Jul 2012 at 10:49
Drones are in the news for all the wrong reason, with accusations of civilian casualties from remote air strikes, but they won’t be the preserve of the military for much longer.
The aviation authorities in the US are set to open up the skies to commercial unmanned air vehicles (UAVs) in 2015, and with it futurologists are predicting a slew of services based on airborne transport.
“The opening of the skies means the post could be sent by drone, they could be delivering the mail, urgent medical supplies could get around faster and I even have in my mind that they could be used to bring me takeout food from my favourite restaurant,” said professor Todd Humphries of the University of Texas.
However, as shown when a US drone was apparently downed intact over Iran, the communications systems used to control UAVs remain insecure and Humphries believes more needs to be done to increase safeguards and raise awareness of the dangers.
In retrospect, it looks like a mistake to have passed over encrypting civilian signals or authenticating them
“It’s exciting, and I’m in favour of our skies having these busy bots moving about," he said. "But I want them to be opened up safely because otherwise if these drones are going to be cohabiting with manned aircraft I’ll be nervous.”
Humphries’ warning came after he led a group of students that hijacked a civilian drone using spoofed GPS signals, pulling the UAV from the skies and landing it in the college athletics ground.
Although the UK's Civil Aviation Authority says it has no plans to relax restrictions on larger drones in Britain, small model craft are already up and running and mapping companies are already pondering drone-collected images.
We caught up with Humphries to find out how he took control of the drone and discuss the consequences of such a simple attack.
Q. How do you actually fool the plane into listening to you and not the official satellite signals?
A. The civilian systems are unauthenticated, and they are entirely predictable. If you can receive signals and have a good fix on your own location and your own time, then you can develop and generate your own counterfeit signals that happen to be perfectly aligned with the originals.
It’s a consequence of the fact that the signals are entirely predictable. We predict the signals and generate them and send them out, and by the time they arrive at the target receiver they are perfectly aligned and indistinguishable from the authentic signals coming down from the satellites.
You ain't seen nothin' yet!
In addition to Dominos replacing their yoofs on scooters with drones, there is a burgeoning interest in, and availability of small aerial Remotely Piloted Vehicles (RPVs).
In hobby circles this is called First Person View (FPV). Try typing that into Youtube and you'll see what's happening.
The most accessible technology 'out there' is the tri or quad-rotor platform, which uses electric power.
These 'quadcopters' are incredibly stable and hence relatively easy to control and fly. They make ideal camera platforms.
You can buy of-the-shelf packages of Camera, tilt\rotate mount, 5.8Ghz Tx\Rx, and viewing goggles\monitor. £500 gets a sophisticated HD system.
For substantially less than £1000 you can have a hugely sophisticated HD video platform that can both record and transmit video and stills back to base.
Soon to be available to the mass market are model 'helicopter' control systems which will provide near 'hands-off' flying to pre-determined waypoints at user-specified altitude, and back to the take-off place. These systems are going to be available for around $700 in USA very soon.
These semi-pro systems mainly use 2.4GHz Radio-control and 5.8Ghz for video transmissions. Other frequencies are, as they say, available.
You can fly some using an iPhone App!
Needless to say whilst fascinating on many levels these 'toys' have a significant danger both to privacy and simple Elf 'n Safety.
Just imagine what a 3 kilo camera-coper hitting a high-speed train or car head-on might be like, or if they got sucked-into the engines of a Jumbo, or.....
By wittgenfrog on 9 Jul 2012
- Google Glass: mugger bait, pub problem and other lessons learned from two dangerous weeks
- Twitter, please don't fiddle with my feed
- How Satya Nadella can get some pay-raise karma
- Windows 10: a step back to go forward
- Michael Dell: Cloud infrastructure is the roads, bridges and highways of the 21st century
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold