Whose drone is it?

The drones and wild wacky world of GPS spoofing.

America is drone crazy. The military has found a variety uses in the air, on the ground, on and under the sea. The American people are solidly behind the use of drones internationally as a weapon against suspected terrorist.

During the conflict in Iraq, US forces found that Shiite insurgents had been able to access video feeds from nearby operating drones. The insurgents found that drones normally broadcasted in the clear. This made it very easy for anyone to intercept. That’s the nature of hacking; using logic holes, trapdoors, human error, stupidity or plain laziness to access electronic devices that should be moderately secure.

Since the wars in Iraq and Afghanistan there have been incredible interest in utilizing drones in a variety of non-military roles. Jeff Bezos (CEO of Amazon) has publicly stated that Amazon expects to have autonomous drones delivering products around the country in four to five years. The applications in the public sector has been robust, current users are the US Customs and Border Protection, fire service, police, and universities. The introduction of drones by law enforcement has attracted concern from those interested in privacy issues. In 2012 Congress voted to expand and loosen the legal constraints governing commercial drone use. Privacy and safety have dominated public debate but the Christian Science Monitor reports that the federal government and the Federal Aviation Administration (FAA) are concerned with lack of secure guidance signaling and GPS “spoofing” would lead to widespread drone hacking. Drone vulnerabilities are exploited by faking GPS signals also known as “spoofing.” This is accomplished using inexpensive GPS transmitting equipment to simulate satellite navigation signals. This can cause the drone to crash or go wildly off course.

The FAA is developing the Next Generation Air Transportation System; it is expected to increase reliance on GPS. To address the GPS spoofing threat, the FAA in 2012 initiated a federal study of GPS navigation vulnerability (the Global Navigation Satellite System International Interference and Spoofing Study Team). The study team identified and explored various scenarios involving intentional interference (signal jamming) and GPS signal spoofing threats.

Though the results are still not public the Monitor obtained an overview of the study that “lists major vulnerabilities that affect UAVs — as well as newly identified countermeasures to defeat attackers.”

The report notes that “ability to recognize deception is problematic” for equipment, pilots, and air traffic controllers. The study team provided a variety of technical recommendations that included advanced antennas, digital authentication for satellite signals. These recommendations are not cheap and may be a major issue for US drone manufactures ability to compete (with foreign competition).

Todd Humphreys (professor University of Texas and a pioneer in GPS spoofing) told the Monitor the he predicts that the ability for the industry to implement these security recommendations could take as long as 5 to 10 years or more.

That is outside Jeff Bezos timeline.