What to do when an enemy drone comes calling
UAVs may be an easy way for a country to collect information, but they are also an easy way for targets to mislead their enemies
A drone has just entered your airspace, origin and destination unknown. Upon discovering the unmanned plane, do you a) shoot it down, or b) let it fly around a little longer to try to find out where it’s going and what it already knows about you?
Israel was recently put to that test; some harbor suspicions the country’s decision to shoot down the drone only once it approached the Dimona nuclear installation may have been part of an attempt to hack into the plane’s system and gain as much intelligence on it as the UAV was gaining on Israel.
Cyber warfare by hacking gangs or governments has long moved beyond servers connected to the Internet. “Hackers, whoever they were, managed to get into the Iranian nuclear system, which is almost certainly cut off from the Internet, as are all nuclear reactors around the world,” said Israeli security expert Shai Rod. “Anything with an operating system can be hacked. It’s just a matter of getting the virus or code in place.”
That goes for drones as well, which are also not connected to the Internet, and ostensibly communicate with their home base using super-secure communication channels. In our increasingly digital world, governments and armies are relying more and more on automated defense systems, such as drones — devices, Rod told The Times of Israel, that are ripe for hacking. “A few days after NASA landed the Curiosity rover on Mars, Anonymous and other hacker groups threatened to hack it. The fact that they haven’t done it yet — or perhaps haven’t tried it yet — definitely does not mean that they will not try it, and they certainly could do it, in my opinion. Drones are no different from Curiosity, or a computer in a bank connected to the Internet.”
The issue of drone infiltration — and how Israel deals with it — came to the fore last week, as a drone flew into Israeli airspace, and remained aloft for a good 20-30 minutes. According to the IDF, the army followed the progress of the drone, and shot it down over an unpopulated area.
But why not shoot it down right away? Could the IDF have been hacking into the drone, using it to send false data back to whatever group dispatched it?
“The IDF is very much on the ball, and they have many brains working there, with technological capabilities that you and I can only guess at. We are in a major war here, and we have to fight technology with technology,” Rod opined.
Drones may be even more susceptible to hack attacks than computers. “Drones need to be light; equipment to protect the drone’s navigation, photography, detection and other systems add weight, slowing them down,” Rod added. It’s certainly possible, claimed Rod, who is a top administrator for Avnet, one of Israel’s largest security firms. “Designers of drones often make compromises in order to keep the weight down, choosing to install a protection system for some modules, but not others.”
Drones are seen by many countries as the latest in electronic surveillance and spy technology, and a much easier way to gather information than using agents on the ground. But relying strictly on electronic means to gather data is risky, said Rod; there are many ways for hackers to compromise the data they gather. “Hackers could hijack a surveillance session, feeding false information directly into the drone for transmission back to headquarters.” They could also compromise the drone’s GPS system, providing inaccurate information about where the drone is located, and what it is seeing. Hackers could even get control of a drone’s avionics, controlling its flight path, claimed Rod.
And there are always the old standbys of viruses, inserted into the drone’s operating system for uploading to the server that it communicates with. “Drones use the same Unix or Windows operating systems that computers use, so installing a virus would be simple.” Drone hackers could also upload a heavy amount of data to the drone, causing a denial-of-service attack to the server the drone is communicating with. Or, they could reverse-engineer the drone’s operating system to determine who sent it, and where it is sending the data. An ambitious hacker could even upload a Trojan horse, to infect a larger system.
There are plenty of examples of drone hacking, said Rod. “American drones have been hacked in Afghanistan, with the Taliban downloading photos from the drones and perhaps uploading false information. There are also rumors that Hezbollah was able to hack into some of our drones during the Second Lebanon War. And — according to discussions on hacker websites — there have been numerous accounts of hackers causing drones to crash.”
Whether all these events actually happened, continued Rod, is irrelevant; the technology to cause this kind of havoc definitely exists. “We can be sure that our enemies are trying every method possible to hack into the drones we send into their airspace, and that we are doing the same to the drones they send our way. Designers have to come up with novel methods to ensure the security of drones and to prevent their takeover by the enemy.”