How the RQ-170 Was Hijacked

Thursday, December 15, 2011

Ron Baklarz


The Christian Science Monitor is reporting that the RQ-170 was hijacked by the Iranians using a well know exploit that sure seems to me to be a lot like an old and well known cyber attack known as "the man-in-the-middle" attack. 

Using intelligence gleaned from previously downed and less sophisticated drones, an Iranian engineer, identified that the global positioning system (GPS) is the weak link in the drone's security posture.

The "electronic ambush" begins by jamming the drone's communications forcing the plane into autopilot whereby it loses its "brain".  From there, the Iranians were able to "spoof" and interject landing coordinates to get the plane to land where they wanted it to land.

In the pictures we have seen of the downed RQ-170 there is apparent damage to one part of the wing and the underbelly of the plane itself and landing gear as it is shown resting on boxes. 

Apparently, the Iranians attempted to land the drone at a similar altitude as its home landing base.  Due to a slight difference between the two landing sites, the drone was damaged in landing.

While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990's, examples of these types of exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones pilfered using inexpensive, off-the-shelf software.

According to the article, other Iranian officials are describing tactics more advanced than simply "jamming" whereby deceptive techniques could be used to re-direct missiles from their intended targets to target coordinates input by the Iranians.

If this account is accurate and the explanation seems entirely plausible, the exploitation of drone technology in this manner is astounding and speaks to the need to build security in at the beginning of a project rather than later as an afterthought. 

Possibly Related Articles:
Vulnerabilities Iran Military Hijack GPS Drone Electronic Warfare RQ-170
Post Rating I Like this!
Ron Baklarz Who says they haven't? Other than a normal malfunction (which one would assume, wreck the plane much more than it was damaged) this explanantion seems entirely plausible to me. Remember that one of the other failsafes is a self-destruct which didn't work either. No matter, unfortunately we look really bad on this one.
Ron Baklarz Good point Lance, a comment to Jeffrey Carr's recent posting on the RQ-170 included a link suggesting that the Russians provided Iran with a jamming device only six weeks ago. Shortly after the downing of the RQ-170, I recall mainstream news mentioning possible Russian jamming technology support in the endeavor. Could it be that this technique is fairly new and the downing of the RQ-170 is the near-first attempt? This is great fun to speculate, for sure! See link below:
Doug DePeppe I'm doing some checking, but I gotta believe the GPS link has more security than to allow such a fairly simply MinM attack. It is encrypted, for starters, but I guess the issue is how easily it could be jammed.
Krypt3ia GPS spoofing paper. Note the RF needs and the stories about the Russian tech that was sold to Iran recently...
Jim Palazzolo More drones = fantastic job security!

Now, if I could just get our universities to allow our IA programs to operate out side of the box we'd be all set...

A group of us on campus had a round table on this, and there is security designed into the product; but, as we all know as soon as you make contact with the enemy your plan goes right out the window.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.