Doubts that Iran managed to bring down an advanced American UAS last month using an advanced GPS spoofing attack have been raised by experts, who say that attacks of this type would be extremely tough to pull off.
RQ-170 Sentinel stealth capabilities should have prevented the Iranians from spotting it on radar. However they might have intensified GPS jamming around uranium enrichment sites to ward off drones, so it is plausible that the downed RQ-170 Sentinel came under a GPS nobbling attack.
But such GPS spoofing attacks are really tough to pull off and analysts are wary of swallowing Iran’s hacking claims. The Iranian authorities would need to know the location of the aircraft within a matter of meters and hit it with a GPS signal stronger than the satellites’ transmissions. Neither of these signals are encrypted so the stronger signal would win out, but the hijacker must gradually introduce errors to guide the craft down towards the chosen landing point, all the time maintaining a signal lock, a non-trivial effort established by US academics during experimentation:
According to our experiments, the attacker must ensure that his time offset to the system time is less than 75ns. Any greater offset will cause the GPS receiver to lose lock when the spoofing signal is turned on. A value of 75ns roughly corresponds to a distance of 22.5m, meaning that the attacker must know his distance from the victim with an accuracy of 22.5m (or better) — a higher offset will cause the victim to lose lock due to the signal (chip phase) misalignment.
We confirmed that the initial location offset will cause a noticeable jump of the victim’s reported position during the attack. Large offsets could therefore be detected by the victim by monitoring its position. Any imperfections in the arrival time of the signal from different antennas will directly impact the position calculated by the victim. If the relative time offset gets above 80ns, the signals will even cause the receiver to lose lock. This means that, if an attacker has multiple antennas, he must precisely know the distance from each antenna to the attacker in order to be able to spoof a desired location. We could also observe a general localization error as predicted in our theoretical analysis, even for smaller mismatches in the arrival times.
The paper, On the Requirements for Successful GPS Spoofing Attacks, compiled by ETH Zurich, in Switzerland, and UCI, in Irvine in the US, suggests various countermeasures. Either Iran got very lucky or the the aircraft was simply lost, possibly a result of a command-and-control failure, or jamming over an nuclear facility that disrupted communications with its base, before fail-safe mechanisms failed. In this scenario, the drone unluckily landed in the desert somewhere (rather than mountains where it would have been destroyed or severely damaged).
One would expect the aircraft to have sustained more damage, even in this scenario. Although it operates at high altitude, it could have fallen into a flat spin that meant it went into the ground belly first and survived relatively unscathed.
Source: The Register