The US stealth drone broadcast last week on Iranian state television was captured by spoofing its GPS coordinates, a hack that tricked the bird into landing in Iranian territory instead of where it was programmed to touch down, The Christian Science Monitor reported. The 1700-word article cited an unnamed Iranian engineer who …
Cue all the sysadmins....
....who've been complaining for years that no one pays attention to security. Security is not an afterthought, it's something that has to be baked in to every stage of the design process of anything that is expected to survive in a hostile environment, which definitely includes any communications gear.
Funny how back when I was in the service I grumbled about reliance on GPS and I was told I was being paranoid.
As we said when the drone videos we found.... unencrypted streams? WTF? If you can't encrypt it as is, stream a low-res version that can be and bring the raw take back to base.
And before the usual Windows/Linux/BSD flame war starts, can we just note that some are better than others but all are flawed and move on?
Sometimes an embarrassing international incident has to occur before people sit up and take note.
Cant miss this
Bill Hicks seemed to remember a scene from "Shane"...
Which never existed but hey ho, the sentiment is there.
...Pick up the gun. Pick it up!
So now the good old US-of-A has all the reason they need to go marching in there, blah blah regime change blah blah, and pinch all their lovely Arabian oil.
I smell something fishy... And I'm not talking about the contents of Baldrick's apple crumble.
Can't miss this, you mean:
My paranoid? Or his paranoid? Let's just all share and call it ours.
Even more so with GPS, back in the days of the cold war GPS used to be MADE inaccurate for everybody and the US forces used the undoctored but encrypted signals. Since the birds in orbit are still the same and they still can make the signals inaccurate, there must still be a way to use an encrypted signal.
What's next? A Tomahawk turning around and attacking it's mothership?
There's no point making the signals inaccurate any more, it's quite easy to fix them, just record their signals at known locations.
Over a captured spy drone? I very much doubt it. The American public is so sick of being at war at this point that starting another one would be tantamount to political suicide for any American politician. With a Presidential election coming up and the current President looking like the underdog already no one in DC is going to make that mistake.
There is no need to to send out incorrect signals in the first place. Simply signing with a private key should suffice. It doesn't encrypt the data, but rather prevents a data packet from being tampered with by a man-in-the-middle attack, guaranteeing that the data packet actually came from a GPS satellite. The signature could be appended to the current packet so that existing receivers would still work, while new receivers would be made to check the appended digital signature and simply discard bogus packets. Naturally, the new receiver would warn of the ongoing attack, and the attacker is making his transmitter an easy target.
@ user/ Engrish
I apologise for my poor use of English and now to get around this I will put the blame on The Reg.
>_< Dammit why can't the reg put a grammar checker on!
I'm presuming the drone was using the encrypted P-Code (or better still, M-Code) GPS signals. So either the Iranians have hacked it (extremely doubtful). More likely an operative close to the US air base (Miramar or wherever the drone launched from) is receiving the GPS signals and forwarding them to a broadcast station in Iran.
this was a plant to hit Iran with a nuclear virus
the US let them get it so they will use their most powerful computers to try and decode the software which will set them back years again with their nuke project
Re: Bill Hicks
I totally agree with your sentiment - the USA is perfectly capable of creating causus belli deliberately in order to attack a nation. They have done so multiple times. But they invent stories about Iraqi soldiers taking babies out of incubators or Gaddafi supplying his army with viagra in order to better rape people (oh wait - that one was *our* national newspapers). But the USA doesn't invent stories that make themselves look stupid or weak. Bush signed off approval for CIA counter-government activities in Iran and Congress has approved huge funding for such operations. When Ahmadinejad said that the post-election protests were being whipped up by US agents there was a lot of truth to that. And if you want to find likely examples of US manufactured causus belli, look at the pretty silly and unlikely story about Iran trying to assassinate the Saudi ambassador in October. But having a massively expensive drone safely land itself in Iran and them not give it back, that just makes the US sound a bit silly and therefore is unlikely to be a conspiracy on their part. Plus they wouldn't *actually* want the Iranians to have one of their drones.
Whaddaya mean "Next"?
I remember the good old days, when the Brits used to send in half a dozen tanks where only four were needed. The USA routinely offed 2/3rds of their allies.
The home team shot down all the US aircraft at Pearl Harbour just before WW2.
It is MY paranoid! Honestly, people! Why there is always someone trying to steal from me?
Behind the doors, inside the trash cans, crawling on the ceiling. I know You are there, hear me?
And I will not allow You to take my paranoid away! I may be the trusting type, but not he! No, sir!
I don't know - I'd expect the drone to be using the encrypted military GPS signals, not the open civilian signals. And without the keys you can't spoof the encrypted signals - that's kind of why they exist in the first place.
Perhaps the military encrypted GPS signal was being jammed and the drone fell back to using the civilian GPS?
Exactly, it should be impossible to spoof the military GPS signal.
I have a suspicion that this report originated as US disinformation. There has possibly been a monumental cock-up with the security of the drone's command and control channel - it has already been reported that these drones transmit unencrypted video. Such a FUBAR would be very, very embarrassing to the Americans who are just as sensitive to losing face as a Chinese emperor was.
You could even make an argument that the US Military (who were fuming that Bill Clinton ordered GPS selective availability to be permanently turned off) would like an excuse to argue for the return of selective availability to the civilian GPS signal. Hell, they might even stage-manage it all, deliberately losing a drone that in fact had non-standard internals as a disinformation campaign in its own right.
Some of the above might sound paranoid but when you're dealing with an outfit that would break arms embargoes (to Iran no less) to raise funds to fund terrorists (the Contras) that Congress had forbidden them to fund, help them to smuggle illegal drugs to raise funds, and generally break domestic and international law whenever it suits them it pays to be a bit paranoid. Remember, these are the people who brought you Fidel Castro's exploding cigar and many other incredible tales.
How long do you think it would take to break a code if you had a box that took in the encypted signal on one side, and output the decoded information on the other side, with unlimited data samples available? They've shot down other drones. Were they all flown by dead reckoning or civilian GPS?
Differential GPS made SA moot
The need for SA in precision GPS devices, i.e. those used in surveying and for other civilian purposes, were made moot through the use of differential GPS, which can provide centimeter level accuracy without the need for any of the previously encrypted information. It is only the low cost GPS receivers that need to make use of SA to provide a higher level of accuracy because they only use one antenna and not multiple to triangulate and calculate the correct location.
Nah, it's much easier to improve accuracy.
Umm, at the velocity those drones fly I doubt diff GPS will actually work (I'm not certain you get stable enough conditions for the required statistics to work) but I could be wrong.
From what I know from the US military, accuracy is best improved by placing a Chinese embassy right next to the target. Guaranteed hit. Sometimes just quickly sticking a sheet of paper with "Chinese embassy" to the building is enough.
"Encrypted military GPS"
Since GPS is a one-way communication (ie there is no mutual authentication), if you simply listen to the data from the satellite and retransmit it with a suitable delay (and repeat for enough satellites) then how is a GPS receiver meant to know it is hearing your streams rather than the satellites' streams? The only way it could know is by already knowing both its position and the time very accurately, in which case it would not need GPS.
The civilian signal is designed to go funny if you are travelling over 400km/h (ish), whereas the encrypted military one isn't...
"Were they all flown by dead reckoning or civilian GPS?"
You'd hope that some redundant systems like dead reckoning and a simple clock might be involved, though. At least then the drone can check its GPS position and think "Wow, that must have been hyperspace or something! I was just by the Iranian border and now I'm over Kandahar!" and can suspect foul play before coming to the obvious conclusion that it is still by the Iranian border and that someone has been playing silly buggers with the GPS signal.
Jamming works on both signals, you can't know which frequency is in use by the receiver so you jam all.
Hacking into a command and control channel looks easier to me than feeding handmade GPS signals which are good enough so the drone can land on an airfield thousands of miles from it's intended place of landing, most probably with a landing strip in slightly different direction and different length and so on.
Forged position with forged direction but correct speed over ground, most probably with a forged time as well.
And all this while the flight controller is looking!
Civilian GPS receivers
First of all what was encrypted but now isn't is SA. What SA (selective availability) is, is the wobble of the satellite in orbit. Even though a satellite is in a fixed orbit it wobbles in space. Since your position is calculated using no less than three satellites (four if you need attitude) the compounded wobble of the satellites is what causes the error in position. The reason civilian receivers don't work at high speeds, besides there being laws against US companies selling them that work at high speeds, is the cost involved with processing power needed to calculate the signal changes at high speed. Also the antennas for high speeds are not like the ones that operate at low speeds. All receivers use the same information it was only the availability of the corrections information that has changed.
When it comes to differential GPS there are two methods. The one most people know about involves a base station that knows where it is located and can calculate the satellite wobble and transmit that information to the roving one. The second version involves a single GPS receiver with enough channels to handle processing the information from several antennas at the same time. Because it is a geometry calculation each antenna receives slightly different signal timing information from a satellite. By doing some matrix calculations on the data the wobble can be calculated real time for each satellite. Aircraft have an easier time doing these type of calculations because the satellite constellation is not obscured by items close to the horizon that block the signal. The better the satellite geometry (spacial positions) the better the calculations that can be performed. The differential GPS class I took about 10 years ago was taught by one of the system creators. In the test he and his students performed they attached several antennas to an airplane and then flew the airplane around before doing the post processing on the data collected (this was before the civilian receivers we have today which can process the data real time). they couldn't figure out what an error they were seeing in the data was until they realized that it was actually measuring the yaw of the wings where two antenna were located.
Spoofing is done using devices call pseudolites which are also located sometimes around airports to provide ground based GPS information for landing purposes since the satellite geometry, and precision, is worse the closer you get to the ground due to signal interfering items (the geometry of the tracked satellites determines the accuracy of your position). The newer surveying grade receivers are being made that not only use the GPS but the GLONASS constellation as well to provide better world wide geometry. For ground based location you only need 3 satellites in good position for attitude positioning you need at least 4 in good positions.
The first key-recovery attacks on full AES, due to Bogdanov, Khovratovich, and Rechberger, were published in 2011. A brute force attack requires 2^256 permutations. The aforementioned mathematicians managed to reduce that number to 2^189. So, it would likely take around 10^37 years at a rate of 1 trillion tries per second on a supercomputer.
Thanks to all contributors above, the debate is interesting and informative.
No-one picks up on the detail that the a/c appears undamaged in photos. If the gps was spoofed then this was precise enough to bring it to earth at an airfield or landing strip. Good effort for a first try.
The problem with jamming is that the transmitter becomes the easiest target imaginable..
Once again America is made to look idiotic by an inferior enemy.
I, for one, welcome our muti-polar world where power is to be balanced, and points of views are to cohexist.
Kudos for Iranian engineers!
I tend to agree Tchou, although the Iranian government are the biggest bunch of theocratic tossers out there, responsible for some of the worst repression on the planet.
AIMaster Key Control Crack is a Very Convenient Hack for either Mayhem or CHAOS.
Once again America is made to look idiotic by an inferior enemy." ......Norfolk 'n' Goode Thursday 15th December 2011 23:50 GMT
An interior enemy with superior intelligence is also most likely another quantum entanglement to engage and ponder with paranoia, and launch such tales as would imagine foreign foes to wage dumb battles with, into a whole new ball game, way beyond current and conventional control and certainly way out of the reach of any established might is right players whenever it is always so very wrong.
And there is also the very real probability, for a possibility always allows such a likelihood, that the East is in ITs Ways, light years ahead of the West with ITs Toys, for Reliance on the Might of the Physical always Falls and Fails to the Right of the MetaPhysical. But y'all knew that, didn't you, but are unable to heed it and disenabled to seed and feed it with IT, which would indicate a primitive sub-prime programming requiring a few tweaks to remove and replace corrupted components/elements with upgraded units. AI Work in Stealthy Cloud Layers you can consider is already in HyperRadioProActive Progress, and quite sufficient that you know about but there is no real great need that you understand, for such are as you are well familiar with, known unknowns and unknown unknowns ....."Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
I see they gave you internet privilegs back!
RE: Norfolk 'n' Goode
"Once again America is made to look idiotic by an inferior enemy." More of a case of you making yourself look stupid by eagerly swallowing Iranian propaganda. Please do explain how the Iranians hacked the encrypted/authenticated US military GPS, which is what would be required for such a hack. And then consider that the drone would fall back on inertial navigation systems first developed for the old cruise missiles should the GPS be jammed. In short, the Iranians are talking out their backsides, and you're happilly slurping away at their rear orifices. The drone had a tech problem, the Iranians got lucky and recovered it, and now they are shouting out rediculous porpaganda for consumption by twits such as yourself.
You cant say that matt.
In this case we can trust both sides as far as we can throw them. Remember, the Iranians aren't stupid at all. They are surrounded by country's that dont like them and they dont like. They are more capable then most people think.
Same goes for the USA. They have a capable fighting force but that doesnt mean they cant screw up and leave flaws in the system. Anybody remember the clock on the patriot missiles?
Anyway, we will probably never know the whole truth.
Skunks not what they used to be
It would never have happened to a Blackbird. But this is inevitable when Skunks decide life is sweet when attached to the Milch cow's public teat (and find justification for it in the Topper Secret InfanTilisation program of Freudianism).
Tossers, yes. But not the biggest bunch, as you describe them. Saudi Arabia and Qatar (both of which we directly and indirectly) support are significantly worse. The trouble with Iran is that they are not *our* tossers. The areas that Iran is worst on, tend not to be "repression" in the sense of government repression or putting down rebellions, etc. It's in the areas of backwards attitudes to harmless things like homosexuality. Ahmadinejad was actually fairly elected and with a bigger majority than our last several UK governments. Of course his power is limited by the Ayatollah - it's hardly a pure democracy. But it's not quite the totallitarian regime that it is portrayed as in the West. There are worse regimes - ones that we support. We're installing one in Libya as I type, for example!
Worse than the USA?
Where have you been living for the last decade or so?
Good on ya, Americans always have some idiotic excuse why their shit always fails but this is very commendable to have the balls to take over their equipment without them trying to blast you into next Tuesday i had a look at the paper as well if you ignore all the basic information its actually pretty easy to do if you have a decent understanding of mathematics.
Mil GPS is encrypted
"Only the military GPS signals are encrypted (authenticated), but these are generally unavailable to civilians, foreign governments, and most of the U.S. government, including most of the Department of Defense"
But surely to the drone warriors?
And does it fall back to civilian?
And does it fall back to civilian? What does it do if the encrypted signal is corrupted/jammed and the civilian is blaring at 20db above the real SAT signal?
In any case - if they managed this, applause.
Continuing the old adage about "You know that the world is mad if the best rapper is white, the best golfer is black..." - "And the Iranians do a successful reenactment of a Bond flick hijacking real western equipment"
If the GO-TeaParty win in 2012......
Then I forsee the middle east getting a heck of a lot hotter, I wouldn't bet against one of those fruitloops nuking Iran to bolster their divebombing poll ratings or to hide bad domestic news.
Something along the lines of
"Tonight on Fox, Iran preps nuclear missile, possibly aimed your home, your children, your church"
"just in, President fruitbat has ordered a nuclear strike to pre-emptively destroy the Iranian threat and declared the start of the war on Islam"
Didn't think of a self destruct option?? Surely the intel value is far higher than the monetary value?
wouldn't be that hard to set it to go bang below 1.000 feet unless the correct code was sent to it, say 25 characters encrypted? Auto destruct being a different system to the navigational systems, would have been quite amusing....Iranians think drone is on final approach and boom, little bits everywhere.....
Tonight on Fox, we are about to witness the live coverage of the dropping of a bomb over Iran. US GPS controls are invulnerable to attack and our bomber is so stealthy, only it itself knows where it is. Here is the live feed..... hey wait... that looks just like our studio building. NOOOOOOOOOOO!!!!!..... BEEEEEEEEEEEEEP
However, you miss the real reason for the fruitloops wanting to create more conflict in the Middle East. It's nothing at all to to with domestic politics. It's far bigger than that.
War in the Middle East is a Good Thing. Because it indicates that Armageddon and therefore The Rapture and the return of Jesus are nearer. So let's help prod God along a little bit. After all, we are doing his work, aren't we ??
Of course, in their selective bible reading, they miss Jesus saying that no-one will know the time of his return, not even himself.
What you miss is that the bible is an ancient book and the stories in it are long gone. We are far far after the end of the book. It is time to move to a new life. Bible is over. Finish. Finito. Exit(0).
Holy Bible Disclaimer
In Todays news, archaeological dig has recovered first two pages of the Holy Bible - the scientist deciphered the texts which were saying:
"All characters appearing in this work are fictitious. Any resemblance to real persons, living or dead, is purely coincidental.
Dedicated to my Love, Elma"
Upvoted Mike JVX purely for the amusing ideas generated by the phrase "President Fruitbat".
Jim-Bob Carter the Unstoppable Sex Machine?