More on the Captured U.S. Drone [telecom]

Another story from Bruce Schneier: this is from his "Schneier on Security" blog.

There's a report that Iran hacked the drones' GPS systems:

"The GPS navigation is the weakest point," the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran's "electronic ambush" of the highly classified US drone. "By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain."

The "spoofing" technique that the Iranians used -- which took into account precise landing altitudes, as well as latitudinal and longitudinal data -- made the drone "land on its own where we wanted it to, without having to crack the remote-control signals and communications" from the US control center, says the engineer.

Now, here's the part that confuses me: if Iran was able to spoof GPS signals to misguide a drone to land outside it's home field, that seems to indicate that the drone wasn't using the encrypted military version of the GPS signal, which raises lots of questions about just who is in charge of designing the guidance systems for these devices, and how much Uncle Sam is paying for them. If all the Iranians did was jam the GPS frequencies, which is a much more believable attack, then the questions get more pointed and less polite. After all, interfering with military communications is as old as the telegraph, so I would have thought that a military airborne vehicle would have some internal logic and inertial navigation adequate to return it to friendly territory if it lost the GPS signals.

Of course, the internals of the drones are highly classified, known only to the defense contractors who are paid immense amounts of money to manufacture them, to the Defense Department, and now to whomever has the ante to buy the captured drone from Iran. Your tax dollars are at work, creating jobs for hidden, anonymous, unaccountable people who don't have to defend their design choices.

formatting link

Reply to
Bill Horne
Loading thread data ...

There is no indication of successful 'spoofing' in the above quote, nor in the other articles.

The published reports indicate that GPS was simply 'jammed' -- such that the drone could not get a GPS fix -- and had to 'fall back' to purely 'on-board' navigation smarts (i.e. "autopilot", as explicitly mentioned in the quote above).

You're assuming a *LOT* of things that are not supported by, and are, in fact, decidedly _contrary_to_, the published information.

Pure "inertial" navigation for anything other than ground-based vehicles is very problematic. there is no reliable 'self-contained' means for measuring speed -- the best you can do is estimate, based on integration from acceleration. And this means that 'position' -- integrated from speed -- has order-of-magnitude higher uncertainty.

In addition, while you know what direction the aircraft is pointed in, and what 'airspeed' it is moving at, you simply *don't* know what direction it is moving in, or what the TRUE 'speed over ground' is.

One can derive this data, IF one has a reference-point -- at a known location _and_ distance -- or multiple reference-points at known locations, without need of knowing distance. (This is basically what GPS does, albeit with somewhat more 'smarts', to accommodate the the fact that both the reference and the target are moving, _and_ that one cannot use 'directional' bearings on the GPS transmitter.)

Unfortunately the 'reference point(s)' can be subject to disinformation attacks as well. RF emitters can be duplicated, 'terrain recognition' can be spoofed, _if_ you know (or can figure out) what is being used.

Jam a number of drone flights, and observe where they go -- 'going home' on autopilot, and you learn the terrain you need to simulate. set it up, and wait for a drone to show in the right place, jam -it-, and it follows _your_ faked terrain waypoints.

There are a multitude of design trade-offs in such a vehicle. You have to consider; 1) compromise of command-and-control links -- where the bad guy can issue commands to the vehicle. 2) blocking of command-and-control links -- a DOS attack, you can't tell it what to do, but neither can anybody else. 3) loss of navigation reference data -- how does it know 'where to go from here'?

Obviously, under 'irrecoverable' circumstances, you want a self-destruct mechanism. *BUT*, that is over-reaction to a 'temporary', recoverable, outage. Deciding 'how' and 'where' to draw that line is *NOT* easy.

It's also a lot easier to 'armchair quarterback' the decisions after the fact, than it is to make them in the first place.

Especially, when what you 'think you know' about the other side's capabilities turns out, AFTER THE FACT, to have been incorrect.

One other possibility to consider -- this just might be a 'disinformation' event. That the drone had 'special' equipment -meant- to be captured.

Reply to
Robert Bonomi

It doesn't. But if you want to jam the signal and cause the aircraft you're trying to divert to land in the wrong place because of the observed behavior of its fallback autopilot system, then it does certainly seem like you'd better have an airfield ready that's just like the one it expects to land at, according to all the sensors you know it _will_ retain access to.

Which probably includes having that field at the same altitude, pointed in the same direction, and perhaps at the same coordinate either latitudinally or longitudinally as the real one. Looking quickly at a map of Iran, Afghanistan, and Pakistan, I don't think it would be too hard to do this somewhere in Iran -- though certainly nontrivial.

I would suspect the basic procedure has to consist of carefully observing the drone's usual flight patterns and interrupting its GPS access while it's in the middle of a maneuver you know will leave it, if interrupted, pointed at you, rather than at home. Be sure it doesn't get GPS back, and see what happens. It's likely possible to try this out several times and get a lot of data about the autopilot's behavior before anyone even notices. If the drone is stealthy enough that your adversary (that'd be the guy running the drone) thinks you can't follow it around, even better -- he will be much less likely to interpret brief interruptions to GPS as tampering while you're figuring out how to work the rest of your evil magic.


Reply to
Thor Lancelot Simon Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.