backtop


Print 116 comment(s) - last by jimhsu.. on Dec 22 at 10:16 PM

Officials say there is no evidence that flight control systems were compromised

The U.S. military makes heavy use of UAVs in many areas of the world for reconnaissance duties. The UAV is widely used in Iraq and Afghanistan as well as in Somalia and other locations. The drones are used to track and sometimes attack targets when needed.

The Wall Street Journal reports that enemy insurgents have been able to use a commonly available piece of software to intercept the unencrypted feeds that the drone uses between the aircraft and ground control. The software used by the insurgents to capture the video feeds was a $26 app available online called Sky Grabber.

One of the developers of the Sky Grabber software told the WSJ in an email, "It [Sky Grabber] was developed to intercept music, photos, video, programs and other content that other users download from the internet -- no military data or other commercial data, only free legal content."

The military claims that there is no indication that he insurgents were able to take control of the drones or interfere with their flight in any way. However, some fear that the ability to capture the live video feeds will allow the insurgents to track the position of the drones to better avoid attack and surveillance. The big fear is that intercepted feeds could be used to discover allied troop surprise attacks and lead to the death of allied soldiers.

The interception of the video feeds from the aircraft was apparently not a onetime occurrence. In the summer of 2009, the WSJ reports that the military found "days and days and hours and hours of proof" that the video feeds were being intercepted on a laptop that was recovered from a Shiite militant.

A defense official James Clapper was asked to assess the interception of the feeds and concluded, "There did appear to be vulnerability. There's been no harm done to troops or missions compromised as a result of it, but there's an issue that we can take care of and we're doing so."

The military is working on encrypting all feeds from its drone aircraft, but adding encryption to the feeds requires not only updates be added to the drones, but updates to the control systems on the ground as well. The U.S. first learned of the flaw in unencrypted drone feeds in Bosnia during the 1990s, but the Pentagon assumed that the insurgents wouldn't know how to exploit the vulnerability.

While the evidence of feeds found was most prolific in Iraq, there is evidence that the feeds have been intercepted in Afghanistan as well. "There was evidence this was not a one-time deal," said a person close to the matter.

Fixing the security gap in the drones during the program development would have added delays according to former security officials and would have added to the cost of the drones. Even the new generation of drones called Reaper have feeds that are unencrypted.

It's unclear whether the successor to the Reaper called the Avenger will suffer from the same issue with unencrypted security feeds.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

WTF
By Smilin on 12/17/2009 10:00:49 AM , Rating: 2
WTF do they mean "learned of the flaw"??

How does that flaw need to be learned? Thats like saying "Oh gee, I just learned that when I had my house built a decade ago with no front door that it's a security concern".

How could this thing have been engineered that way to begin with? Someone designed the video transmission system and made the deliberate choice of how it was going to be done. It is not hard in the *slightest* to encrypt video using geez...the list is so frickin long. SRTP for starters?




RE: WTF
By AnotherGuy on 12/17/2009 11:33:43 AM , Rating: 3
im sure there were problems setting up the encryption at first... causing delays... thats why that might have skipped it at first... but thats not an excuse for them to not deploy it in the newer models


RE: WTF
By fatedtodie on 12/17/09, Rating: 0
RE: WTF
By Donovan on 12/17/2009 1:02:14 PM , Rating: 5
Encryption doesn't require any bandwidth overhead as long as you do any compression before you encrypt...the output is generally the exact same size as the input. It does require some processing overhead, but preventing monumentally stupid f-ups like this is well worth the extra cost. I'm astounded that there wasn't even some simple scrambling or obfuscation being done.

It's pretty sad when our state-of-the-art military weaponry has less security than a home gaming console. Those consoles may get hacked too, but I would like to see the enemy trying to perform the Twiizer attack on a UAV in flight.


RE: WTF
By JediJeb on 12/17/2009 5:51:59 PM , Rating: 1
And how big would a computer that is comparable to an Xbox or PS3 have been in the early 90s when these were being developed? It's like comparing an Atari 2600 to a PS3 and saying they would have no trouble running the PS3 games on the Atari. Who know that headaches would have been involved with encryption back when these were being designed.

As someone else also posted, back when these were being designed noone would have thought that for $26 you could buy some software that would pick up the feed.

It was an oversite that they have not yet been retrofitted with something to encrypt the data, but I don't think you can put all the blame on the original designers.


RE: WTF
By Smilin on 12/17/2009 1:36:22 PM , Rating: 2
Both the bandwidth and processing overhead of encryption are negligible (look at say IPSec or SRTP) and transmitting video across the globe has been commonplace since the days of black and white.

Video across wifi works just fine AND it's modestly encrypted already. A UAV is going to have far more bandwidth available and have less strenuous latency requirements. Running encryption will not make or break a video stream. If the network fails with encryption it was almost certainly going to fail without.

This has nothing to do with "real reasons" of why it was done this way. This is outright incompetence.


RE: WTF
By fatedtodie on 12/17/09, Rating: -1
RE: WTF
By blowfish on 12/17/2009 4:26:43 PM , Rating: 3
in English perhaps?


RE: WTF
By Smilin on 12/17/2009 4:30:22 PM , Rating: 2
What you are calling "mom mentality" the rest of us call logic. Or here is another colorful phrase we could use for the USAF right now: "stupid is as stupid does". You asked for proof though. Here it is...

My proof that this is incompetence lies in the fact that:
1. It was a deliberate decision not to encrypt.
2. This was a stupid decision.

Now since you clearly disagree please tell me if it's #1 or #2 you disagree with.

Was it an accident rather than a deliberate decision? "oops I encrypted the control channel but just totally spaced the video..my bad!!!" or... do you argue that it was a smart decision? (and please do enlighten us with your genius on this).

If you are really looking at all of this and saying "oh people just want to complain" rather than "this is fcuking stupid" then you sir are the fcuking stupid one.


RE: WTF
By donxvi on 12/17/2009 10:59:26 PM , Rating: 2
Do you have a design tradeoff document that was used in making this decision ? Was it in error ? Think pros & cons.

Have you ever been involved in design of a complex system ? Heck, the ones I work on in my job aren't THAT amazing, but in the real world of engineering, it's rare that there's a RIGHT or WRONG big decision or else it wouldn't be an issue. It's a ROCK and a HARD PLACE decision. Engineering is all about tradeoffs and compromises. That's how products get turned from ideas into hardware.

You'll see examples of that when you get out into the real world.


RE: WTF
By SlyNine on 12/18/2009 3:12:55 AM , Rating: 2
Encryption has been done since WW2 transmissions. There is no tradeoff. Its as simple as this. If it has to do with intelligence and protecting information that can be used to kill our troops, YOU ENCRYPT IT! Its not like they used an encryption that got broke, they simply did not use anything at all.

This is not a rock in a hard place or a trade off. This is broadcasting military intelligence for the world to intercept. It sounds ludicrous that it's that big of a fug up. But it is and there IS NO excuse.


RE: WTF
By donxvi on 12/18/2009 6:08:55 AM , Rating: 2
I don't know much about signals broadcasting, much less encryption of such, how do you know so much ? I don't see many engineering decisions that don't involve a tradeoff out there in industry. You obviously feel this was a "must-have" but it appears that someone that spent more than 10 minutes thinking about it, and had some position of power in government or industry, didn't.

I've learned through my years that a failure to recongize that the things other people do probably include the same challenges and non-obvious details as the things I do is a sign of an inexperienced or closed mind.


RE: WTF
By Smilin on 12/18/2009 11:55:52 AM , Rating: 1
quote:
You obviously feel this was a "must-have" but it appears that someone that spent more than 10 minutes thinking about it, and had some position of power in government or industry, didn't.


That is exactly my point. It *IS* a must-have and that person in power made the wrong decision. I do not have to be an expert in their field or do years long analysis to see this.

There is no way you can frame this as a good decision. When you start weighing pros and cons of cost, development time, technical limitations in the 90s etc you are just chipping dimes onto a scale. The need for intelligence data to be encrypted is a 50lb rock on the other side of the scale.

Put it this way: If it was a good decision would we be having this discussion?

quote:
I've learned through my years that a failure to recongize that the things other people do probably include the same challenges and non-obvious details as the things I do is a sign of an inexperienced or closed mind


Really? That's where you went with him?

We'll I've learned through my years that blubbidy bluuuuh and blibbudy-blib that you are an inferior bluh.

Let your argument speak for itself. Don't make (likely incorrect) assumptions about the person you are debating with or lend yourself some unverifiable credentials. Nobody here is so close minded that they don't recognize that UAV development is *hard*.


RE: WTF
By SlyNine on 12/19/2009 4:01:49 PM , Rating: 2
You're using an appeal to authority fallacy in your argument. Your conclusion is, since supposed experts in x field didn't do something there must have been a "GOOD" reason. If you have an argument then use it. This is like when the moon hoax believers say Jan Lunberg couldn't explain a photo and that means the moon landing might be faked.

There is nothing wrong with asking what's the trade off and getting both sides. But don't just assume because an expert didn't do it wasn't some sorta blunder.


RE: WTF
By Smilin on 12/18/2009 12:04:42 PM , Rating: 2
quote:
You'll see examples of that when you get out into the real world.


And I'm sure you'll have better success at whatever it is you do once you lose your condescending attitude and incorrect assumption that others lack your experience.


RE: WTF
By donxvi on 12/17/2009 10:47:38 PM , Rating: 2
Great idea, "It is not hard in the slightest to encrypt video using SRTP" you say.
SRTP came out about a decade after the Predator, so unless some of these guys fired up the captured alien time machines at Area 51 (which the Predator probably didn't rate, it was being used for B2s or Aurora or something) they couldn't have done it. How would SRTP run on those hot 100MHz processors we were using in our PCs back then ?


RE: WTF
By weskurtz0081 on 12/17/2009 11:55:02 PM , Rating: 2
Also, keep in mind, most of the computers used in military aviation are already old by consumer standards by the time they hit the street (I know first hand, I have experience in aviation/avionics).

So, depending on when it came out, the hardware might have been 5 years or more outdated. There are many good reasons for this, and some downsides as well, but fact remains that it's generally the way it is.


RE: WTF
By SlyNine on 12/18/2009 3:14:37 AM , Rating: 2
Encryption has been around since WW2. It could have been encrypted.


RE: WTF
By weskurtz0081 on 12/18/2009 5:50:10 PM , Rating: 2
Video encryption has been? Do you think any encryption that was around in the 80's would take more than a minute for a modern computer to break?


RE: WTF
By SlyNine on 12/19/2009 4:07:19 PM , Rating: 2
It does not matter what the medium is, we are scrambling the transmission data ( the data packets them self) and it wont be known what kinda data it is until its decrypted on the other end. AES 128 and DES doesn't care WHAT the packets contain.


RE: WTF
By weskurtz0081 on 12/20/2009 6:18:12 PM , Rating: 2
So, then, I ask the question, is ANY of the encryption that was available then secure today? Would the hardware that they were able to use on the drone able to handle such encryption?


RE: WTF
By SlyNine on 12/21/2009 6:12:11 AM , Rating: 2
Encryption isn't particularly hard to do, if you add a specialized chip to do it.

The Encryption isn't persay secure today, however its certainly better then none, you do not have to broadcast what kind of encryption you are using during the transmission just as long as you know what it is.

The insurgents would have to have a ridiculous amount of money and resources to figure out what encryption it is. The only way that would be possible is if you broke the encryption either through brute force ( not happening) or other means. I am not a cipher cryptography expert so I couldn't tell you everything, anything was safer then broadcasting standard video container files and codecs with no encryption and any encryption would have been better then none.

Remember this is time sensitive data, if you don't decrypt it in a week, its useless to you. As it stands any nut with a laptop and this program can capture the feeds.


RE: WTF
By SlyNine on 12/21/2009 6:17:46 AM , Rating: 2
But I will say this, The first part to breaking encryption is knowing what encryption is being employed. Otherwise you are using multiple methods to decrypt and probably avoiding the ones that are less likely to succeed. This adds a lot of time and complicates the process.

We have to remember that this is 2009 going on 2010. Even in 2000 if they didn't have encryption because of whatever reason, they should have added it before deploying it to Afgan and Iraq.


RE: WTF
By weskurtz0081 on 12/21/2009 10:04:33 AM , Rating: 2
They were set to replace the original drone around the turn of the century, but the funding ended up getting cut. This would have fixed the encryption problem.


RE: WTF
By Smilin on 12/18/2009 12:52:34 PM , Rating: 2
Most of the stuff I saw when working on military aircraft was 10-20 years outdated not just 5.

But..they have a lot of really specialized hardware. The general purpose CPUs of the day (386/486/Pentium) would not have handled such encryption but specialized chips would have no problem. Think IPSec module on a router.

Regardless the technology for encrypting a video stream was available to the USAF in the 90s. Somebody made a design decision not to use it.


RE: WTF
By SlyNine on 12/19/2009 4:12:48 PM , Rating: 2
Just like a current CPU would struggle to produce graphics that a radeon 9700 could.

Our desktops would probably struggle doing things that specialized processors in the early 90s could do.


RE: WTF
By Smilin on 12/18/2009 12:47:40 PM , Rating: 2
Easy there wise-ass. SRTP is the first thing that came to mind and I used it to make a point. I do not even know if it would be applicable for what they are doing.

The real point:
Encryption is not that hard and does not require much computing power.

Heck the computing power to actually process video in realtime is far worse. If they could send video in the 90s they could encrypt it...and if they don't encrypt it then at least send it using frequency hopping (70-80s technology).


"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

Related Articles
Air Force Debuts New Jet-powered UAV
April 29, 2009, 12:00 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki