notes.husk.org/likes images.

interdome:

wolvensnothere:

Hey yo interdome! [EDIT: Oh never mind that’s old.]

thinksquad:

Texas Students Hijack a U.S. Government Drone in Midair

The U.S. government, understandably, doesn’t want its drone technology to fall out of the sky and into other peoples’ laps. But being able to hijack a drone and control it? That’s even worse. And a team of researchers has done it for 1,000 bucks.

The University of Texas at Austin team successfully nabbed the drone on a dare from the Department of Homeland Security. They managed to do it through spoofing, a technique where a signal from hackers pretends to be the same as one sent to the drone’s GPS.

We’ve seen spoofing before; it was reportedly used to bring down the drone that crashed in Iran last year. As the researchers point out, we’ll be seeing (or maybe not seeing) more and more drones in the skies as the technology becomes more widely used, so making this technique ineffective will be high on Homeland Security’s priority list.

Since I like dronesplaining…. :)

The issue in this case is that the satellite coms are unencrypted in almost all military drone applications. Like almost all satellite coms in general, because the antennas are typically line-of-sight, so the standard what-me-worry approach to security says don’t even worry about it, what is the likelihood of someone standing in the radio broadcast cone and intercepting transmissions, let alone spoofing them?

And then this is the proof of concept. Non-encrypted transmissions are inherently vulnerable, no matter what you think the use case might be. One might expect the military is in the process of encrypting their satellite coms. It would be cool if commercial satellite phones and GPS also did the same thing… But then the government couldn’t listen in on your satellite calls and mess with your GPS when the president was in town (this happens, btw).

So, from a drone-countermeasure point of view, is GPS spoofing a good tactic? Sure, maybe. But this is kind of like Anonymous hacking a bunch of vulnerable police sites for lulz. That works fine, until they all fix their security. Then there are less lulz. Infosec like this tends to bring vulnerabilities to the fore, which are then fixed, and are no longer exploitable. Until the next vulnerabilitiy is found. But neither you are I are attempting to hack the government’s drones, so, well, whatever.

Side-note: commercial drone makers currently work with certain governments to DISABLE their drones in particular GPS no-fly-zones. The maker of the Phantom specifically said at DARC they do this for the Chinese government. In particular areas, their drones will not leave the ground. So, this opens the question of who GPS vulnerabilities and backdoors harm more—governments, or people? The drones issue, like everything else, is data and power structures, all the way down.