Home » Air » Drones » Drone TV — The #1 Show in Iran, Afghanistan and Iraq

Drone TV — The #1 Show in Iran, Afghanistan and Iraq

by christian on December 17, 2009

drone-pilot

This story is just stunning…

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter.

I guess in a sense I’m not surprised by the revelation; but that doesn’t stop me from having my stomach drop out thinking about the bad guys watching American intel operations while under way. If they have this technology in Iraq and Afghanistan, they certainly have it in Pakistan where the AQ and Talib chieftans are holed up.

Here are some of the details of the awesome WSJ story…

The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.

Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. “There was evidence this was not a one-time deal,” this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.

The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software’s developers, said he was unaware that his software could be used to intercept drone feeds. “It was developed to intercept music, photos, video, programs and other content that other users download from the Internet — no military data or other commercial data, only free legal content,” he said by email from Russia.

This clearly falls into the “cyber vulnerability” realm, and I’ve got our boy Kevin Coleman on the case. We’ll be updating this story as details emerge, but clearly this is the opening salvo in low-cost exploitation of our most high-tech assets and should be locked up before the administration sends even more drones to Afghanistan for operational overwatch.

– Christian

Share |

{ 22 comments… read them below or add one }

gsak December 17, 2009 at 2:21 pm

Really. A single AES .DLL and two lines of code to prevent this.

Reply

Jeff December 17, 2009 at 3:40 pm

I bet the people who will make the decisions on fixing this don't know how simple a fix it can be. Instead of the $25 fix to a $25 problem, how much do you think they'll spend. Probably a couple hundred thousand per drone… more when you consider how much beauraucracy will probably be involved.

Reply

B.Price December 17, 2009 at 10:05 pm

Truer words.

Reply

Jon January 1, 2010 at 2:39 am

Did I just see 'DLL'? Agree with the intended point, but if these drones are running any code under a Windows OS, then I would also focus attention at that frayed pile of cords, since it would very likely provide endless sources of 'entertainment' for foes.

Reply

Alexander December 17, 2009 at 2:43 pm

"But the Pentagon ASSUMED local adver saries wouldn’t know how to exploit it, the officials said."

Heres the problem, shouldn't people learn by now that you can't assume things. Ever.

Reply

Solomon December 17, 2009 at 2:51 pm

Its not fancy but you can't beat a recon team and a big radio.

Bigger question. If the Taliban can do this on a low tech level then what does this mean for next gen weapons like unmanned bombers and X-47B?

Reply

Matt December 17, 2009 at 2:53 pm

This gives us a small hint of the huge risks in relying on networks, satellites, and interdependent technologies. Interdependence means many potential vulnerabilities – and a $25 piece of software can render the whole million-dollar edifice useless.

I sure hope we've got some plan to keep China from destroying our satellites… or to operate successfully without them.

Reply

Philo December 17, 2009 at 6:04 pm

@Matt:
It's not the reliance on networks, satellites, and interdependent tech that is the problem. Every system in the military can be defeated by some kind of interception and evasion tactic.
The problem is the reliance on pin-heads at the Pentagon. Now if we could only find a way to fool proof those guys……

Reply

L33Tsniper December 20, 2009 at 7:38 pm

AMEN brother!!!!!…..Why don't we force them to read (mabye like the RAND files) so they are a bit (no pun intended) more educated than my wife's chihuahua….the first and most important step is to admit there is a problem

Reply

Ryan Taylor December 17, 2009 at 2:54 pm

This is freakin rediculous! They need to fix this ASAP! Just the glimpse (and I'm hoping it was just a glimpse) into what our drones see is completely unacceptable!

I can only imagine what the insurgents have been able to learn about how we employ our drones from watching these feeds!

Reply

alex December 17, 2009 at 5:55 pm

Well there are no shortage of drone feeds from Hellfire strikes on youtube, so I doubt it's much they already don't know.

Reply

Ryan Taylor December 18, 2009 at 2:36 pm

Were not just talking hellfire strikes though, we are talking hours of observation footage. If they were close enough to the target the drone was tracking they could have observed and recorded the entire session. From this they can extrapalate flight patterns used to observe stationary targets, and mobile targets, different visual modes and capabilities and so on. Dont underestimate what they can learn from this and put to use to fool our drones. There are always little low-tech tricks they will find to fool the operators and systems. This whole story is an example of them overcoming a sophisticated system with low tech devices and tactics.

Reply

Jef December 17, 2009 at 5:56 pm

Lord… if it's that easy to find and view the feed, it means it's just as easy, with the right equipment, to flood that frequency with noise and make the drone useless.

Nice to think that 36% of the Air Force's budget could be disabled by a technologically competent foe.

Reply

DavidB December 17, 2009 at 7:56 pm

Seriously…what sort of MORON in the Pentagon approves an surveillance system streams out unencrytped signals? What OTHER such IDIOT decisions are we going to find out about next?

Reply

Cole December 17, 2009 at 11:47 pm

What kind of fool assumes the Pentagon is full of morons?

From a Guardian article:

"Air force Lieutenant General David Deptula, deputy chief of staff for intelligence, surveillance and reconnaissance, said: "Any time you have a system that broadcasts information using omnidirectional signals, those are subject to listening and exploitation. One of the ways we deal with that is encrypting signals.""

"When asked about the problem, a Pentagon spokesman, Lieutenant Colonel Mark Wright, indicated that it had been addressed. He said: "The department of defence constantly evaluates and seeks to improve the performance and security of our various ISR [intelligence, surveillance and reconnaissance] systems. As we identify shortfalls, we correct them as part of a continuous process of seeking to improve capabilities and security.""

Reply

atacms December 17, 2009 at 4:49 pm

Looks like the Pentagon has already addressed this issue according to reporting by Defense News. See here:

http://www.defensenews.com/story.php?i=4423871&am

Reply

Curtis December 18, 2009 at 12:03 am

They've intercepted the signals coming off the drone, how big of a leap is it to interfere or override with the command signals going to the drone?

Asymmetric enemies do not have to rely on a slow and costly acquisitions system, getting the gear could be as simple as raiding the local radio shack or television station.

While this is would certainly be a challenge to pull off in Afghanistan, due to the lack of radio shacks, television stations, or anything other then rocks, it wouldn't be a challenge should we have to fight another insurgency in an area with more stuff to steal.

Reply

Kevin December 17, 2009 at 7:51 pm

It’s easy to encrypt on the drone. It’s hard to modify several thousand ground and air terminals. It’s terrifyingly hard to reliably do secure key distribution to several thousand ground and air terminals.

Reply

The Engineer December 18, 2009 at 9:31 am

Also, note that the software has been around for 15+ years, I strongly suspect it's not written in a dot net language, it's probably not even object oriented, you need more that two lines of code and a dll. that said, in 15 years time even a worthless programmer should be able to fix it…

Reply

gsak December 21, 2009 at 6:45 am

The point was that encryption is simple. Even something symmetric like c = b XOR a could have prevented this; say every drone has a password. Whether static object, dynamic, cut-and-paste from the internet source code, it doesn't matter. This problem, and the means to fix it, is a no-brainer over the time we've had. It sounds like we agree.

Reply

albydam June 8, 2010 at 2:35 pm

What happens when we are in a comms denied environment? UAVs go away and we are back to humans.

Reply

alex December 17, 2009 at 6:02 pm

This has nothing to do with manned or unmanned..this drone was not "hacked"..at no point was anyone other than the U.S. in control of the drone. Having a man in the cockpit of an ISR platform doesn't do anything if the communication links are unencrypted. Obviously the network needs to get encrypted ASAP, but I suspect this really won't have a large impact, if any, on our "drone war". Even if they are watching a predator feed, what good does that do them? None, really. Assuming they were even able to tell who/what was being monitored, how would someone watching disseminate that information? Pick up a cell phone and warn the other person? Ha.

Reply

Leave a Comment

Previous post:

Next post: