Small UAS Vulnerable to Hi-Jacking

A small unmanned surveillance aircraft flies over an Austin stadium, diligently following a series of GPS waypoints that have been programmed into its flight computer. By all appearances, the mission is routine.

Suddenly, it veers dramatically off course, careering eastward from its intended flight path. A few moments later, it is clear something is seriously wrong as it makes a hard right turn, streaking toward the south. Then, as if some phantom has given it a self-destruct order, it hurtles toward the ground. Just a few feet from certain catastrophe, a safety pilot with a radio control saves the aircraft from crashing into the field.

From the sidelines, there are smiles all around over this near-disaster. Professor Todd Humphreys and his team at the University of Texas at Austin’s Radionavigation Laboratory have just completed a successful experiment: illuminating a gaping hole in the government’s plan to open US airspace to thousands of unmanned aircraft.

“Spoofing a GPS receiver on a UAS is just another way of hijacking a plane,” Humphreys told Fox News. In other words, with the right equipment, anyone can take control of a GPS-guided aircraft and make it do anything they want it to.

“Spoofing” is a relatively new concern in the world of GPS navigation. Until now, the main problem has been GPS jammers, readily available over the Internet, which people use to, for example, hide illicit use of a GPS-tracked company van. It’s also believed Iran brought down that U.S. unmanned aircraft last December by jamming its GPS, forcing it into an automatic landing mode after it lost its bearings.

While jammers can cause problems by muddling GPS signals, spoofers are a giant leap forward in technology; they can actually manipulate navigation computers with false information that looks real. With his device — what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) — he infiltrates the GPS system of the aircraft with a signal more powerful than the one coming down from the satellites orbiting high above the earth.

Initially, his signal matches that of the GPS system so the aircraft thinks nothing is amiss. That’s when he attacks — sending his own commands to the onboard computer, putting the aircraft at his beck and call.

Last Tuesday, in the barren desert of the White Sands Missile Range in New Mexico, officials from the FAA and Department of Homeland Security watched as Humphrey’s team repeatedly took control of a drone from a remote hilltop. The results were every bit as dramatic as the test at the UT stadium a few days earlier.

DHS is attempting to identify and mitigate GPS interference through its new “Patriot Watch” and “Patriot Shield” programmes, but the effort is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers.

The potential consequences of GPS spoofing are nothing short of chilling. Humphreys warns that a terrorist group could match his technology, and in crowded U.S. airspace, cause havoc.

“I’m worried about them crashing into other planes,” he told Fox News. “I’m worried about them crashing into buildings. We could get collisions in the air and there could be loss of life, so we want to prevent this and get out in front of the problem.”

Unlike military UAS, which use an encrypted GPS system, most drones that will fly over the U.S. will rely on civilian GPS, which is not encrypted and wide open to infiltration. Humphreys warns it is crucial that the government address this vulnerability before it allows unmanned aerial vehicles broad access to U.S. airspace.

“It just shows that the kind of mentality that we got after 9-11, where we reinforced the cockpit door to prevent people hijacking planes — well, we need to adopt that mentality as far as the navigation systems for these UAS.”

Source: Fox News

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>