Security Flaw In Commercial GPS Still Present After Being Exposed a Year Ago...

broken-lock

Last year we opened up a can of worms when we covered the discovery of how vulnerable commercial (and possibly military) drones were when it comes to keeping them on course. The GPS signals used to make sure that these drones are where they need to be was vulnerable to a simple spoofing attack that was put together by a group of college kids and with a budget of only $3,000. Considering the budgets that criminal organizations and governments have this news was not good at all.

 

The news also seems to be something that no one really wanted to talk about. After we incorrectly identified the drone as being a Vanguard Defense Industry (VDI) Piston Type Shadow Mark-I we received emails from both VDI and Todd Humphreys (the professor from the University of Texas that started it all). Both VDI and Humphreys stated clearly that the drone used was not a VDI product, but would not comment on what drone it was. VDI also did not respond to our questions about how they guarantee the safety of their drone GPS other than to say that their military grade drones use encrypted GPS signals. This seemed to be the crucial part of the event; that the drones in use were commercial products, because of this they use unencrypted signals from GPS satellites.

At the time of the demonstration the FAA (Federal Aviation Administration) was working on rewriting laws to allow for the use of commercial drones over US airspace. We already know they have relaxed the laws concerning the use of military and law enforcement drones (there is even a city that has a bounty on them). The concern (and rightly so) was that if these devices could be fooled into thinking they were somewhere they were not it represented a danger to civilians.  Humphreys and his team showed the spoof to DHS (Department of Homeland Security) to hammer home the details. Promises were made that the GPS system would be made secure before commercial drones were put in the skies.

Sadly these changes were never made and Humphreys and his crew are back at it again. This time they were able to steer an $80 million ship off course without the crew even noticing something was wrong. Using a laptop and an antenna they broadcast a GPS signal to the ship and fooled the auto pilot into thinking it needed to correct course. By making the changed subtle and pushing the ship onto a parallel course they keep the crew unaware because the corrections would appear normal changes to maintain the proper heading and the compass would still show the proper general direction.

This shows how vulnerable some of the key navigation systems are even after a flaw is exposed. The simple techniques and technology used to perform this make the hack even more concerning. If a group of college kids on a limited budget can do this what can a government or criminal enterprise do with their budgets? The thought is sobering when you consider that other types of transport are vulnerable to this type of attack just how safe are out transport systems if the utilities pilots rely on are compromised?

Tell us what you think in our Forum

 

No comments

Leave your comment

In reply to Some User