Iran Claims It Hacked Into U.S. Drone And Forced It To Land

The Christian Science Monitor is out with a story that Iranian engineers are claiming that they were actually able to electronically take control of the RQ-170 drone captured last week:

Iran guided the CIA’s “lost” stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone’s systems inside Iran.

Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian military and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.

Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone’s GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.

“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran’s “electronic ambush” of the highly classified US drone. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

The “spoofing” technique that the Iranians used – which took into account precise landing altitudes, as well as latitudinal and longitudinal data – made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.

The revelations about Iran’s apparent electronic prowess come as the US, Israel, and some European nations appear to be engaged in an ever-widening covert war with Iran, which has seen assassinations of Iranian nuclear scientists, explosions at Iran’s missile and industrial facilities, and the Stuxnet computer virus that set back Iran’s nuclear program.

Now this engineer’s account of how Iran took over one of America’s most sophisticated drones suggests Tehran has found a way to hit back. The techniques were developed from reverse-engineering several less sophisticated American drones captured or shot down in recent years, the engineer says, and by taking advantage of weak, easily manipulated GPS signals, which calculate location and speed from multiple satellites.

Western military experts and a number of published papers on GPS spoofing indicate that the scenario described by the Iranian engineer is plausible.

“Even modern combat-grade GPS [is] very susceptible” to manipulation, says former US Navy electronic warfare specialist Robert Densmore, adding that it is “certainly possible” to recalibrate the GPS on a drone so that it flies on a different course. “I wouldn’t say it’s easy, but the technology is there.”

If true, this would explain why the drone displayed by the Iranians seems to be in such relatively good shape, which one would not expect if the vehicle had crashed somewhere or been downed by enemy fire. This is also the second time we’ve heard about possible electronic vulnerabilities in the U.S. drone fleet. Just a few months ago, it was reported that Predator Drone’s had been infected by a virus in their control software. This would also answer the question of why an auto-destruct mechanism was not activated, assuming the drone actually has one. And, finally, it would indicate why a mission to retrieve or destroy the craft was not feasible. From the article, it seems clear that the Iranians were able to guide the RQ-170 to a landing in an area they controlled.

Needless to say, this isn’t a good development.

FILED UNDER: Intelligence, Middle East, Military Affairs, National Security, Quick Takes, World Politics,
Doug Mataconis
About Doug Mataconis
Doug holds a B.A. in Political Science from Rutgers University and J.D. from George Mason University School of Law. He joined the staff of OTB in May 2010. Before joining OTB, he wrote at Below The BeltwayThe Liberty Papers, and United Liberty Follow Doug on Twitter | Facebook

Comments

  1. Anon says:

    Hm…there is an encrypted GPS signal used by the military. It would be odd for the drone to rely on the unencrypted signal.

  2. Andy says:

    speculating here, but if the encrypted signal was jammed, the aircraft could use the unencrypted signal as a backup.

    It’s kind of funny how so many people have been predicting the demise of manned aircraft. I think this incident shows we’ll still have manned aircraft for a long time to come.

  3. I’d like to quibble with the title: spoofing a fake GPS signal is not the same as hacking into the drone.

  4. john personna says:

    @Stormy Dragon:

    Yes. Hacking would indeed take over the drone (from the inside), but as I understand it the drone was instead “mislead” (from the outside).

    Possibly some new software could detect GPS spoofs and react accordingly.

  5. Anon says:

    but if the encrypted signal was jammed, the aircraft could use the unencrypted signal as a backup.

    True, but that seems to be a glaring security hole, and not that useful. If an enemy can jam the encrypted signal, they can most likely jam the unencrypted signal.

  6. Liberty60 says:

    Just going to repeat myself here, but it will be interesting to say the least, when Iran or Pakistan develops a drone fleet, and decides to take out a “terrorist” in New York City.

  7. matt says:

    @Stormy Dragon: Some of the greatest hacks in the world were just social engineering that resulted in the divulging of critical information. This is an exploit that the military should of seen coming a mile away and why they weren’t prepared for it I don’t know.

    This kind of crap is the number one reason why I’ve been worried about drones replacing pilots. I would hate for us to invest everything in drone warfare only to “find out” that the rest of the world isn’t as electronically backwards as we had thought….

  8. Liberty60 says:

    Not to mention that fact that China designs and makes many of the chips that control these things.

    Or at least China tells us they do.

    Its not like the best computer engineers in the world are found in the Muslim world, right?

  9. Boyd says:

    It seems likely that we’re leaping to some conclusions here. In fact, what the public is told that we “know” may, in fact, be nowhere near the truth. Or it may be 100% accurate. Or there may be a vulnerability exactly as described here, or that may not exist, but instead it’s a different one entirely.

    Someone likely made a design mistake here, but I have little doubt that this is the last time this particular vulnerability will be exploited.

  10. john personna says:

    @matt:

    The quibble is about the words “hacked into.”

    Not “hacked,” nor “exploit,” etc.

  11. matt says:

    @john personna: Then you could spend the next millions years trying to parse the proper usage of “hack”…

  12. rodney dill says:

    @matt: Well you could probably spend a million years trying to explain the difference to a non-programmer, but people with a certain level of computer literacy would understand the difference and the implications for increasing the security of the device.

  13. john personna says:

    @matt:

    You sure won’t convince anyone who drops the “into,” that’s for sure!

  14. john personna says:

    BTW, on computer literacy, I actually typed up some pages on how YOU TOO can learn to be a computer programmer. Feedback is welcome.