Sunday, December 18, 2011

Was GPS spoofing used to bring down a drone?

In my March 23, 2010 blog entry, Politicians replace Air Traffic Control RADAR with GPS, I asked this question:

"Who will be the first Bad Guy to spoof a plane into the ground?"

That question may have now been answered: Iran hijacked US drone, says Iranian engineer:

"...Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan... 'The GPS navigation is the weakest point', the Iranian engineer told the Monitor, giving the most detailed description..."

The drone in question was a RQ-170 Sentinel.

Published in the Proceedings of the 18th ACM conference on Computer and Communications Security we can find the details of the attack vector that may have been used: On the Requirements for Successful GPS Spoofing Attacks by Nils Ole Tippenhauer, Christina Popper, Kasper B. Rasmussen, and Srdjan Capkun.

I've covered how we are becoming to dependent on GPS, and other problems of GPS in the past, alas I expect there will be more GPS issues in the future. GPS is a useful technology, however we must never lose sight of the vulnerabilities that it opens our Embedded Systems up to when we design it into our widgets: