Insurgents Hack U.S. Drones

[chrisf]

Once you have built a working UAS capable of MALE operations complete with a fully functional Ku band full motion video datalink that provides video in h.264 format, can provide a feed to any allied receiver and can be broadcasted to authorized stations half a world away, you let me know.

:

I think you missed my point, I might be over simplfying this, and I'm not going to bother pushing this any further after this, but bare with me. For the purposes of the moderators, nothing I'm about to cover is classified in any way, what so ever, it's just a theoretical way of solving this problem.

I'm not boeing, I'm not general dynamics, I'm not a major defense contractor, my point had nothing to do with building a useful UAV, that's been done,  my point had more to do with the fact that you can take the UAV data stream, and encrypt it, quite easily and cheaply.

Since the apparently the stream isn't encrypted now, we're not talking about including NSA approved encryption gear, if the stream were that secret, then it's been done.

16 bits of encryption in a rotater stream cipher would suffice, and shouldn't slow down the data feed, inline with the video, and you're good to go. The electronics to accomplish such wouldn't take up much room, control it with on board DIP switches set before the flight, and you're good to go. Don't want to encrypt feed, either have the rotater set to 0 or have a switch to by pass the encrypter. Use GPS time for synchronization.

The receiving electronics in turn, decryption inline with the video stream, again, no need for NSA certified electronics, just simple stuff..

16 bits isn't going to keep the information secure forever, but 16 bits should be just enough to keep it secure long enough to keep somone from watching somone watch them, live at least, so for example, sufficient UAV providing overwatch for a patrol and that seems to me to be what's needed, unless I've missed somthing.

Have the 16 bit number changed per flight, in a similar manner to patrol passwords, and you're good to go.

 

[Loachman]

I think you missed my point,

Well, what was your point?

You made a promise:

Give me a week, and I can produce for you a flying reconaisance drone which provides an encrypted video feed, and that's not an exageration.

How's it coming? You only have five days left, and parts are not going to be available on the 25th.

I might be over simplfying this,

Just a tad.

but bare with me.

No offence, but I'm not into that with guys.

I might be convinced to bear with you, however.

my point had nothing to do with building a useful UAV

I have a reasonable grasp of the English language, and there is little in the quote from your earlier post, as reproduced above, that is open to differing interpretations.

my point had more to do with the fact that you can take the UAV data stream, and encrypt it, quite easily and cheaply.

Opinion, not fact.

Unless you have far more experience with UAV video feeds than you've included in your profile.

and shouldn't slow down the data feed, inline with the video

Any slowing or degradation of video feed and telemetry is completely unacceptable.

should be just enough to keep it secure long enough to keep somone from watching somone watch them, live at least, so for example, sufficient UAV providing overwatch for a patrol and that seems to me to be what's needed, unless I've missed somthing.

From what has appeared in open sources, many "Taliban supporters" are simply ordinary people who have been offered money to carry out tasks. They are paid far less than a laptop would cost, no matter how cheap the critical software is. These guys are completely expendable.

There are lots of aircraft bumbling around providing feeds. Any expendable hole-diggers who miraculously have a suitably-programmed laptop would have to pick the right one, be able to recognize the area under observaton from a completely unfamiliar vantage point, be able to recognize themselves, be able to interpret unfamiliar thermal imagery, and be able to react in a timely fashion.

Have the 16 bit number changed per flight, in a similar manner to patrol passwords, and you're good to go.

With multiple aircraft, manned or otherwise, up and about around the clock, conducting overlapping missions of varying length, taking off and landing at vastly different times from several widely-scattered airfields, and providing feed to many different agencies around the world this is not so easy.

 

[Jarnhamar]

No offence, but I'm not into that with guys.

I might be convinced to bear with you, however.

Before you're convinced to be a bear with Sig Op you might consider looking up what a "bear" is in the homosexual community.

Just saying 
http://en.wikipedia.org/wiki/Bear_%28gay_culture%29

 

[Loachman]

But that's not what I said, was it...?

 

[Jammer]

...anyone have a ROVER freq?

 

[rampage800]

Jammer

Squawking on C Band 5211, call Good Handshake.  ;D

Sig Op

While I applaud your effort to come up with a way to encrypt the VDL its really not that simple, as a matter of fact your idea might lead to the ACC having a massive heart attack. Theres a lot more going on over there with regards to this stuff than I think you realize.

 

[Journeyman]

The story has been updated on Wired Online
Shared in accordance with copyright regulations.

Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (Updated)
By Noah Shachtman  December 17, 2009

Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought.

The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq.
----
“This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”

Complete article at LINK above


Apparently some high-priced folks have already been giving this some thought (not that I doubt a Sig Op's capabilities  )

 

[chrisf]

I'm not going to bother to push this one any further.

If you want to use the standard military logic of "if we're not doing it now, it can't be done" then carry on.

 

[rampage800]

If you want to use the standard military logic of "if we're not doing it now, it can't be done" then carry on.

I guess maybe you just know more about this stuff than some of the guys on here do eh  :-\

I'm not going to bother push this one any further

That's the best idea you've had, you may have strayed just a touch outside your lane.

 

[aesop081]

If you want to use the standard military logic of "if we're not doing it now, it can't be done" then carry on.

After you are done sulking, take a good look and see that no one said it couldnt be done. Encrypting a signal is not that difficult from a technical standpoint.. It is the ramifications that harder to deal with.

Whatever, you're the expert.

 

[blacktriangle]

but the fact that it CAN be done, begs the question why it's not being done.

Perhaps because...

some high-priced folks have already been giving this some thought

Therefore...

There's a lot more going on over there with regards to this stuff than I think you realize.

 

[tomahawk6]

The vulnerability is with our smaller UAV's like Hunter/Shadow.The bad guy has to be in line of sight of the UAV to hack the feed. This begs the obvious as to how the taliban can access the internet from a mountain top where electricity is spotty at best.

 

[Jarnhamar]

The Taliban probably really like those stupid MAC commercials too.

What kind of operational security dangers does the Taliban having our UAV footage mean for us?
What kind of advantages will it give? For the life of me I know this must be a big deal but I can't exactly think how. Probably just something simple that I'm over looking.
Could someone explain it to us less technically savvy types?

 

[PanaEng]

Opinion, not fact.

Unless you have far more experience with UAV video feeds than you've included in your profile.

Fact! and he dosn't need to put anything in his profile to have experience on something.
video feeds are easily encrypted real-time with imperceptible delay.
The technology is old and is cheap. It does not require a lot of processing or power.

What makes retrofitting this to existing platforms difficult is the cost - not because the technology is expensive, it's because it is old (yes, it is old technology and old production runs for the exact chips and modules may have to be re-started/contracted), has to integrate with existing components (many of those as alluded to by the article posted by Journeyman) and has to withstand mechanical stress. 

You can encrypt a video stream with AES at 256 bits with commodity HW - a cheap Arm processor, like in the Blackberry (hey, a good example right there: all the comms are encrypted). You can even do it smaller with a little ASIC or FPGA. No need to talk about other components in the data chain like the TX or sat link - they only take what you give them and send it along - red herings (there should be an emoticon for that  :christmas happy: )

So, I think Sig Op is right - but it might not be able to talk to the existing infrastructure without some serious hacking.
I don't know why you guys are piling-on to him - hi might just know what he is talking about (are any of you Elec Eng ?)

disclaimer: I know what I am talking about but maybe I just misunderstood the issue  ;D

cheers,
Frank

 

[Jammer]

Sure you can encrypt it. That's not the issue. It has to be the following:

1: Encrypted without losing ANY live data streaming.]

2: Make it compatible with existing coalition systems.

3: It has to be meet or exceed existing security requirements.

4: Be adaptable to required changes (I won't elaborate on this).

PanaEng
I don't think you know about the standards that have to met for implementing a new cryptosecurity system.
You don't have to be an electrical engineer as you profess.

 

[KingofKeys]

http://amfix.blogs.cnn.com/2009/12/17/wsj-militants-used-26-software-to-hack-u-s-drones/

Watch the video. Very interesting. Some interesting twist in there too.

 

[aesop081]

Watch the video.

CNN is to news what McDonald is to food.......

Very interesting.

Yes it is....if by interesting you mean that CNN still calls them "drones" after all this time.

Some interesting twist in there too.

Not sure what you mean by that. That Iran is involved ?

 

[George Wallace]

Just a point that is lost in this whole discussion, right from the git go:  A DRONE is a UAV that is NOT controlled from the ground.  It has a preloaded flight path programmed into it prior to its take off and will fly that mission.  There is no further ground communication to change/amend its flight path.  The video feed is not in anyway related to the flight controls of this vehicle.

 

[Jammer]

....so to alleviate any confusion, henceforth and from this day forward the term "drone" will be replaced by the term "worker bee"... ;D

 

[George Wallace]

The terminology for UAVs is being used incorrectly in most conversations/discusions.  UAVs have two classes: Drones and RPVs.  Drones have their flights preprogrammed on the ground and sent off to fly a fixed flight with no further control from the ground.  Remote Piloted Vehicles (RPVs) are what we are most familiar with in Predator, Global Hawk, Reaper, Heron, Spewar, etc. where they are actually piloted remotely from a ground station.

All are "worker bees".    :camo: