How to hijack a drone using GPS spoofing
Unmanned planes could become commonplace, but communications hacking raises safety concerns
Drones are in the news for all the wrong reason, with accusations of civilian casualties from remote air strikes, but they won’t be the preserve of the military for much longer.
The aviation authorities in the US are set to open up the skies to commercial unmanned air vehicles (UAVs) in 2015, and with it futurologists are predicting a slew of services based on airborne transport.
“The opening of the skies means the post could be sent by drone, they could be delivering the mail, urgent medical supplies could get around faster and I even have in my mind that they could be used to bring me takeout food from my favourite restaurant,” said professor Todd Humphries of the University of Texas.
However, as shown when a US drone was apparently downed intact over Iran, the communications systems used to control UAVs remain insecure and Humphries believes more needs to be done to increase safeguards and raise awareness of the dangers.
In retrospect, it looks like a mistake to have passed over encrypting civilian signals or authenticating them
“It’s exciting, and I’m in favour of our skies having these busy bots moving about," he said. "But I want them to be opened up safely because otherwise if these drones are going to be cohabiting with manned aircraft I’ll be nervous.”
Humphries’ warning came after he led a group of students that hijacked a civilian drone using spoofed GPS signals, pulling the UAV from the skies and landing it in the college athletics ground.
Although the UK's Civil Aviation Authority says it has no plans to relax restrictions on larger drones in Britain, small model craft are already up and running and mapping companies are already pondering drone-collected images.
We caught up with Humphries to find out how he took control of the drone and discuss the consequences of such a simple attack.
Q. How do you actually fool the plane into listening to you and not the official satellite signals?
A. The civilian systems are unauthenticated, and they are entirely predictable. If you can receive signals and have a good fix on your own location and your own time, then you can develop and generate your own counterfeit signals that happen to be perfectly aligned with the originals.
It’s a consequence of the fact that the signals are entirely predictable. We predict the signals and generate them and send them out, and by the time they arrive at the target receiver they are perfectly aligned and indistinguishable from the authentic signals coming down from the satellites.