The real question is whether hijacking a drone and having it under the control of random individuals will change their performance significantly. It might just result in a non-significant increase in innocent people killed and be more efficient because hey no paperwork!
posted by srboisvert at 7:14 AM on June 28, 2012

Might actually be a *decrease* in innocent people killed because of the potential accountability if you are caught.
posted by DU at 7:17 AM on June 28, 2012 [1 favorite]

"Plausible deniability"
posted by mfu at 7:34 AM on June 28, 2012

Wow. That's a Russia Today story that repackages a Fox News story. Know what happens when you go through a looking glass inside a looking glass? *Everyone* looks like John Malkovich.
posted by bicyclefish at 7:37 AM on June 28, 2012 [10 favorites]

Rats! I thought it was Reuters :) But still....
posted by zeoslap at 7:39 AM on June 28, 2012

Malkovich, Malkovich? Malkovich. Malkovich, Malkovich, Malkovich!
posted by TheWhiteSkull at 8:01 AM on June 28, 2012 [1 favorite]

once the drones are sentient, it won't be so easy. you won't be able to hack them, you will have to convince them.
posted by th3ph17 at 8:12 AM on June 28, 2012 [5 favorites]

The first link isn't loading for me, but I don't know whether I agree with the second link. At first I did, but then I realized that, hey, maybe it's not unreasonable that they might have stored maintenance records on the drone itself. If you want to know the last time it was serviced, wouldn't it be nice if the drone itself told you, rather than having to fight with a bureaucracy to find out? That's not especially sensitive information.

So, at first I thought it meant that Iran's claims are bullshit, but the more I think about it, the more I'm starting to find it plausible. Local service records would be useful, and I don't think we'd care that much if it leaked.

Iran is spinning it hard, but knowing that a US drone was in California for service isn't exactly a major intelligence coup. It's probably of slight use, in the sense that it will confirm that California has maintenance facilities for drones. That's probably something we'd prefer they didn't know, but it doesn't seem like the sky will fall if they do.

If they did indeed extract that data, it's probably not even encrypted... the 'codes and ciphers' are probably just binary storage of standard ASCII or Unicode data. The military knows how to do encryption, and I doubt that Iran has gotten anything truly sensitive. If they had, they would keep it quiet, because they'd want us to think they were much stupider than they actually were.

In other words: if they were smart enough to break those ciphers, they absolutely wouldn't announce that capability on national news.
posted by Malor at 8:13 AM on June 28, 2012

They're gonna hafta go back to using manned drones.
posted by weapons-grade pandemonium at 8:47 AM on June 28, 2012

They could be playing Sicilian.

"We have the codes, but they think that if we had the codes we would not go public. Therefore they will assume we do not have the codes and send us more tasty drones to hack."

"We don't have the codes, but we know that they know that we know that it would not be to our advantage to publicize having the codes if we had them. Therefore, by announcing that we have the codes, they will assume that we do have the codes and that we are are trying to trick them into sending more drones, therefore they will stop flying drones over our country, which is good for us, since we don't really have the codes."

"Except we know that we know that they know that we know that they know..."

Never go against an Iranian when drones are on the line!
posted by justsomebodythatyouusedtoknow at 8:49 AM on June 28, 2012 [1 favorite]

Hmm...misleading headline is misleading. It sounds like all they did was send bogus GPS signals to the drone to make it think it was someplace different. In order to "control" the drone, you'd have to know its original preprogrammed flight path (assuming it's automated) and then continuously change the spoofed signals to get it to go where you want. Doable, but it's not like they were remotely joystick-flying it and receiving visual from the drone. I would think that the true controllers on the ground would catch on pretty quickly and either over-ride the GPS or drive it into the ground (vs letting it reach a population center)
posted by Mr. Big Business at 8:50 AM on June 28, 2012

I'm really amazed this was gone through GPS spoofing. The encrypted P-code system which cryptographically protects against that has been in place for military application since the inception of GPS. Then when you detect someone is spoofing your GPS, just switch over to internal/inertial navigation for a bit... INS systems are now small enough to fit in the palm of your hand.

Either the drone designers really dropped the ball or we're not being told something.
posted by frontmn23 at 9:05 AM on June 28, 2012

"...or we're not being told something."

Perhaps.

Consider "The Manchurian Drone."

See, the plot is....no, I can't tell you. You'll have to wait until just before the election.
posted by mule98J at 9:37 AM on June 28, 2012

Never double dog dare a hacker.
posted by stormpooper at 9:41 AM on June 28, 2012

Nothing new here. It was in the news at the time that the Iranians jammed the control channel, which caused the drone to automatically return to base, then they spoofed GPS to make it think their base was home. GPS spoofing isn't that hard, particularly if all you need is to offset the perceived position by a fixed amount. Someone claimed that the GPS spoofing tech could be bought off the shelf from China.
posted by w0mbat at 9:41 AM on June 28, 2012

Nothing new here. It was in the news at the time that the Iranians jammed the control channel, which caused the drone to automatically return to base, then they spoofed GPS to make it think their base was home. GPS spoofing isn't that hard, particularly if all you need is to offset the perceived position by a fixed amount. Someone claimed that the GPS spoofing tech could be bought off the shelf from China.

"The Iranians were able to spoof the GPS" story being a definitive fact would definitely be considered as "something new here".
posted by sideshow at 10:30 AM on June 28, 2012 [1 favorite]

Video game plot manifested by UT professor

Hmm, maybe one day it could happen here after all. It might be best to avoid wedding parties from now on.
posted by homunculus at 10:53 AM on June 28, 2012

The University of Texas is not a mere college, dammit.

Hook 'em 'horns! Class of 1985!
posted by TedW at 11:10 AM on June 28, 2012

It might be best to avoid wedding parties from now on.

That's been my policy since before drones existed.
posted by Blue Meanie at 11:46 AM on June 28, 2012

I'm really amazed this was gone through GPS spoofing. The encrypted P-code system which cryptographically protects against that has been in place for military application since the inception of GPS.

Though the article has a picture of a big military UAV, there's no indication that's the UAV they took control of. In fact the article states it was a drone owned by the college - which presumably didn't have access to the P code.

Most of the papers published by the academics involved say they can only spoof the civilian signal at this time on the other hand, replaying a delayed form of the P code signal could be possible; we've had codeless tracking for years, after all. You don't have to decrypt it - you just have to apply delays so the relative arrival times of the signals are offset corresponding to the location you want to spoof.
posted by Mike1024 at 12:47 PM on June 28, 2012 [1 favorite]

I'd like to understand more about GPS spoofing technology, particularly how it interacts with any security mechanisms in GPS transitions. I tried asking about this on Hacker News and got a reply that suggested part of the problem was that if the GPS receiver has no secure time source, it has no way to prevent replay attacks. Surely a secure drone could have a $10 autonomous clock circuit for on-board time to check against the GPS satellite's time?!
posted by Nelson at 2:14 PM on June 28, 2012

Man I wonder what the legal ramifications of this are if someone in Mexico uses directed spoofing of the GPS signals to cause a drone patroling the boarder to land on their neighbour's field. Whom then salvages the engine.

Also: Whee! Free sophisticated drones to run drugs across the border.
posted by Mitheral at 2:36 PM on June 28, 2012

Nelson: All modern GPS receivers do include clock circuits - but they don't help much in this situation. Short of putting an atomic clock on the UAV, most clocks wouldn't be accurate enough.

GPS works out your location based on the difference in arrival times of radio signals from different satellites. These signals propagate at the speed of light. A $10 temperature controlled crystal oscillator will be stable to around 2 parts per million, so over the course of a second, it can skew by two millionths of a second. At the speed of light that's equivalent to speed of light * (2 seconds / 1 million) = 600 metres.

And because of the way the satellites are positioned in the sky, a range error of 600 metres can be equivalent to a position error of several times that.

So you perform a replay attack, but you only delay the replayed signal by two millionths of a second - small enough to be hard to detect, but big enough to give you a great deal of control over the UAV.
posted by Mike1024 at 3:18 PM on June 28, 2012 [1 favorite]