Threats & Defenses
Drone Hacking and Information SecurityBy: Beau Woods
In Die Hard 2, a group of terrorists virtually take over an airport, knocking the legitimate air control systems offline and replicating those same systems from a different location. In this way they control the airspace over the airport and the planes in the air know nothing is wrong. The terrorists recalibrate a vital piece of equipment that tells airplanes what their altitude is above the ground. Thus when one plane attempts to land it instead crashes into the ground.
This is a fairly simple but clever attack on the plane's information and flight control systems. The terrorists didn't hack the plane, they hacked the ground-based systems on which the plane relied. I always thought this was a pretty cool attack vector but figured commercial aviation was probably not susceptible to it - and it may not be. But if a recent article is to be believed, Iran has captured some of the US and Israeli drone aircraft using essentially the same method.
The story goes that Iran first knocked communication with the drone offline, then convinced it to land inside Iran. The first step is fairly simple - you just find out what frequencies the drone communicates on and send loud noise to interfere with communications. When the drone is cut off from its command and control channel, it attempts to autopilot back to friendly territory and land. That's a fairly reasonable safety precaution. This autopilot feature relies on GPS to do this and that's what leads to the really interesting part of the story.
It seems that the Iranians fed bogus GPS coordinates to the drone leading it to land within their territory. In essence, the Iranians tricked the drone into thinking it was in safe airspace and could land itself. That takes a lot more precision and accuracy than simply throwing out a bunch of noise because you have to send just the right signals out. That type of hack shows creativity and higher technical sophistication.
Some stories say Iran could not have actually controlled the drone by manipulating GPS. It's a hard problem to be sure, but it's credible that a group with nation-state backing could pull this off. In fact, at least one academic paper contains the exact methodologies and mathematical calculations needed to spoof GPS signals. So regardless of whether this type of attack is actually what has been downing drones relatively unharmed, it's at least theoretically possible.
If you can't hack the device to bring it to the ground, hack the ground to bring it to the drone. Classic relativistic thinking - when you jump in the air, you can equally say the ground jumps away from your feet. If this story is accurate, the Iranians sent GPS signals to the drone which fooled it into thinking it was at home and it landed. The Iranians virtually brought the ground to the drone.
There are many lessons to be learned here for information security folks.
- Use technologies that provide authentication and/or non-repudiation. This tells you that the person or system that is giving you the information is who it says it is. Currently GPS does not use authentication, but there could be a system that does this without too much extra overhead, such as digital signatures.
- Make sure you validate input. If you can't validate it you should assume it's bad data and not make critical decisions based solely on that. In this case that could mean using multiple GPS-like technologies, some kind of an out-of-band "you're home" beacon, distrusting signals that are "too loud" and therefore likely spoofed, accelerometer data to confirm paths and distances, etc. Some of these and more are laid out in a Los Alamos National Laboratory report on GPS spoofing countermeasures from 2003.
- Use a strategy of defense in depth. If one system fails make sure your security doesn't totally fail because of it. So in this case, if the data is not good or if there's a suspicion that something else may be going on, do what has to be done to make sure sensitive technology doesn't get disclosed - destroy the drone or whatever. (Interestingly, according to one report the Israelis blew up a captured drone.)
- Look for holes or flaws in all of your systems and question everything. Often times hackers get into systems by finding weaknesses that nobody really thought about. Impersonating the GPS system is probably one of those weaknesses in the design of the failsafe system. Many times hidden assumptions cause us to miss flaws that in retrospect seem very clear.
- Keep up with the threats and understand that groups share information. In this case, reports of Hezbollah attempting to do this have apparently been out there for months. And if one group is doing it, they may be teaching others to do it or doing it for them.