The Wall Street Journal reports that enemy
insurgents have been able to use a commonly available piece of
software to intercept
the unencrypted feeds that the drone uses between the aircraft
and ground control. The software used by the insurgents to capture
the video feeds was a $26 app available online called Sky
One of the developers of the Sky Grabber software
told the WSJ in an email, "It [Sky Grabber] was developed
to intercept music, photos, video, programs and other content that
other users download from the internet -- no military data or other
commercial data, only free legal content."
claims that there is no indication that he insurgents were able to
take control of the drones or interfere with their flight in any way.
However, some fear that the ability to capture the live video feeds
will allow the insurgents to track the position of the drones to
better avoid attack and surveillance. The big fear is that
intercepted feeds could be used to discover allied troop surprise
attacks and lead to the death of allied soldiers.
interception of the video feeds from the aircraft was apparently not
a onetime occurrence. In the summer of 2009, the WSJ reports
that the military found "days and days and hours and hours of
proof" that the video feeds were being intercepted on a laptop
that was recovered from a Shiite militant.
A defense official
James Clapper was asked to assess the interception of the feeds and
concluded, "There did appear to be vulnerability. There's been
no harm done to troops or missions compromised as a result of it, but
there's an issue that we can take care of and we're doing so."
military is working on encrypting all feeds from its drone aircraft,
but adding encryption to the feeds requires not only updates be added
to the drones, but updates to the control systems on the ground as
well. The U.S. first learned of the flaw in unencrypted
drone feeds in Bosnia during the 1990s, but the Pentagon assumed that the
insurgents wouldn't know how to exploit the vulnerability.
the evidence of feeds found was most prolific in Iraq, there is
evidence that the feeds have been intercepted in Afghanistan as well.
"There was evidence this was not a one-time deal," said a
person close to the matter.
Fixing the security gap in the
drones during the program development would have added delays
according to former security officials and would have added to the
cost of the drones. Even the new generation of drones called Reaper
have feeds that are unencrypted.
It's unclear whether the successor to
the Reaper called the Avenger
will suffer from the same issue with unencrypted security feeds.
quote: The U.S. first learned of the flaw in the drones unencrypted feeds in Bosnia in the 1990s, but the Pentagon assumed that the insurgents wouldn't know how to exploit the vulnerability.
quote: Outside of cost, do you think there could have been a reason they chose NOT to encrypt the feed?
quote: If they were stuck using 286s they wouldn't even have enough horsepower to process the video.
quote: Encryption hardware would add weight to drones thus reducing useful load they can carry. That's one of the reasons.
quote: You obviously feel this was a "must-have" but it appears that someone that spent more than 10 minutes thinking about it, and had some position of power in government or industry, didn't.
quote: I've learned through my years that a failure to recongize that the things other people do probably include the same challenges and non-obvious details as the things I do is a sign of an inexperienced or closed mind
quote: You'll see examples of that when you get out into the real world.
quote: Shouldn't the contractor be responsible to retrofit?
quote: Exactly. The contractors get requirements and must build to match them. Simple as that. Someone probably said encryption would cost an additional $1 million in development or something and somebody in the govt said to scrap it.
quote: by BarkyMcWoof on December 17, 2009 at 10:41 AMYou want efficiency in running any system, turn it over to government. Health care, for instance.
quote: Well lets see the government has been running this country for over 230 years and not collapsed and failed yet. How many private companies can make that claim?
quote: was developed to intercept music, photos, video, programs and other content that other users download from the internet -- no military data or other commercial data, only free legal content