The US RQ-170 Sentinel spy drone that was recently captured and displayed by Iranian authorities may have been tricked into landing in Iran by electronic warfare experts using GPS spoofing techniques.
An unconfirmed report in the Christian Science Monitor yesterday quoted an unnamed Iranian engineer as saying that experts in the country were able to electronically ambush the drone, cuting off its communications links and reconfigure its GPS coordinates to trick it into landing in Iran.
The engineer was described as someone working for an Iranian team that is engaged in trying to glean information from the drone.
The techniques used to attack the drone were developed by reverse-engineering older US drones that were either captured or shot down in recent years, the engineer is quoted as saying in the Monitor report. The attack also took advantage of weaknesses in the drone's navigation system to spoof its landing coordinates and bring it down on Iranian territory.
"The GPS navigation is the weakest point," the Iranian engineer is quoted as telling the Monitor. "By putting noise jamming on the communications, you force the bird into autopilot. This is where the bird loses its brain."
According to the Monitor, the GPS spoofing techniques fooled the drone into thinking it was landing at a US military base in Kandahar, Afghanistan, while it was actually landing in Iran. The drone apparently landed precisely where the Iranians wanted it to without their having to crack remote-control signals and communications from the drone's control centre.
The Jane's website describes the RQ-170 Sentinel as an unmanned aerial vehicle manufactured by Lockheed Martin for the US Air Force.
The Air Force acknowledged the existence of the drone in December 2009. However, it appears to have been around since at least 2007 based on unofficial photographs of the vehicle taken in Kandahar, according to Jane's.
Ira Winkler, president of the Internet Security Advisors Group, said that the attack as described sounds plausible. "I saw other reports saying that there was a known vulnerability," that was exploited, Winkler said. "However there are a couple of things to consider that might not involve direct hacking of the drones.
"For example, if you know where a drone is, and you can beam a stronger GPS signal at the drone than it would get from a satellite, it would pick up the fake signal and think it is somewhere else. If signals aren't encrypted, the people with the strongest transmitter win," he said.
If the drone was captured as described, it wouldn't be the first time that a US drone has been attacked in a similar fashion.
Two years ago, militants in Iraq and Afghanistan intercepted live video feeds from unmanned US Predator drones using $26 off-the-shelf software called SkyGrabber made by a Russian company.
While there was little evidence that militants were able to gain control of the drones, the interception could have given them vital information on targets under US surveillance. In that case, US officials apparently knew about the possibility of such interception for years but did little to encrypt the data streams.