Hacked drones could become missiles over U.S., researchers warn

GPS spoofing is easy and effective, demo proves, making plan for domestic drone flights risky

Over the course of the next 10 years as many as 30,000 military or military-inspired drones will be flying patrols over the continental United States to monitor illegal immigration, track down criminals on the run and help with search and rescue missions, according to Pentagon and other government estimates cited in an investigative report in the Christian Science Monitor earlier this month.

The prospect makes a lot of people nervous, though in oddly specific ways.

Eighty percent of U.S. residents think drones would be great additions to search-and-rescue operations and more than two thirds think they'd be great helping police catch criminals on the run, according to a survey released June 12 by Monmouth University.

Two thirds would also be flatly opposed to drones being used to catch speeders, however.

Libertarian Congressman Rand Paul worries that drones carrying high-resolution cameras would invade the privacy of individual citizens, especially those the police may be targeting for investigation. He's proposed a bill that would require require police or federal law enforcement agencies to get a warrant giving them permission to use drones for surveillance. Without a warrant any evidence drones collect would be inadmissible as evidence of a crime.

Nebraska Rep. Mike Johanns worries drones will invade the privacy of ranchers and farmers who are currently free to pollute the land out of sight of EPA investigators. A bill he proposed prevent the EPA from using drones to scout for violations of environmental regulations.

There's a lot more to worry about than invasion of privacy, following a demonstration in researchers from the University of Texas at Austin Radionavigation Laboratory showed the DHS and FAA how easy it is for outsiders to confuse drone guidance systems to redirect drones to new targets, or simply let them crash and burn, according to a story in IEEE Spectrum.

The demo was conducted first in a Univ. Texas football stadium using a small helicopter and later at White Sands Missile Range in New Mexico, whose oft-impacted ground nearly ate another aircraft after the spoofed drone tried to find the ground too quickly. Its remote pilot pulled it out of a dive just in time to avoid a crash, according to Fox News, which also covered the story.

“Spoofing a GPS receiver on a UAV is just another way of hijacking a plane,” according to Todd Humphreys, director of the Radionavigation Laboratory, researcher and founder of Coherent Navigation, a company working on spoof-resistant GPS technology.

With someone other than a legitimate GPS satellite feeding location data to a drone, an unmanned aerial vehicle stops being a useful tool for observation, law enforcement and interdiction of drug- and immigrant traffic and become "missiles," Humphrey said.

Using what Humphreys called the most advanced GPS spoofer ever built, which still cost less than $1,000, Humphreys and his team catch the drone by sending accurate GPS signals to it, overwhelming the legitimate signal with the spoofer's greater power and location data that agrees with the legitimate signal – at first.

With little difficulty, Humphreys redirects the drone by changing the numbers in his signal so the drone has to correct its heading, attitude and altitude to stay on course.

Jamming a GPS signal is fairly simple, Humphreys said. Spoofing is harder, but not difficult or expensive enough to deter terrorists or criminals.

"In 5 or 10 years you have 30,000 drones in the airspace,” he said. "Each one of these could be a potential missile used against us."

Both the U.S. and the U.K. have programs run by various law enforcement agencies to try to track down GPS signal jammers – at DHS under the Patriot Shield and Patriot Watch programs and under the Sentinel program in the U.K., IEEE Spectrum reported.

Robot- and unmanned-vehicle manufacturers are also working on an anti-spoofing technology it calls SAASM – Selective Availability Anti-Spoofing Module – which the U.S. military is already using in Afghanistan to keep Predator and other drones from being hijacked.

Other preventative measures include radio-beacon backups to keep the drone from getting confused by a single false signal, or inertial systems that create real-time dead-reckoning estimates of the drone's location to reality check the GPS, according to a letter the Association of Unmanned Vehicle Systems International (AUVSI) wrote to Spectrum after publication of its initial story June 26.

Not only are manufacturers trying to harden drones against spoofing, they continue to promote the safety/backup role of drone pilots, who are much less easily fooled than the drones themselves.

"While an aircraft itself may be unmanned, a trained professional is behind the controls, ready to respond, and bring a safe resolution to any problem that may arise," the letter read, in part.

Humphreys and his research team, meanwhile have published a number of papers describing spoofing techniques and countermeasures, as well as descriptions of how GPS spoofing works and how to manage it on your own.

Without some form of resistance to spoofing, the intelligence to respond effectively to a loss of remote control – rather than crashing or just flying in a straight line until it does – putting 30,000 drones in the skies over the U.S. would put every drone and every American over whom it flies in serious danger, Humphreys said.

"Spoofing a GPS receiver on a UAV is just another way of hijacking a plane," Humphreys told Fox News.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies