Even Predator UAVs face Information Security problems

Dec 18 2009 - Leave a Comment

A series of interesting articles, dealing with the interception of live video feeds broadcasted by the Predator UAVs (Unmanned Air Vehicles) operating in Iraq and Afghanistan by the local insurgents, was published today on worldwide newspapers.

Evidence of the hack was found in the insurgent’s laptops that contained video files intercepted by the aircraft’s unencrypted downlink to the ground stations. Obviously, being a live video feed from the aircraft’s on-board camera, the insurgents could only “eavesdrop” the communication between the Predator and the ground station and could not take control of the drones or interfere in some way with their flight.

Nevertheless, being able to intercept the images gave the insurgents the advantage of determining which building, roads, tents etc were under surveillance before either the aircraft or the ground troops could intervene. One might think the hack was done using sophisticated tools but according to the information released so far, the insurgents used a commercial software, SkyGrabber, from Russian company SkySoftware, that can be purchased for as little as $25.95 on the Internet. The stolen video files show once again how the most advanced military technologies can lose their effectiveness because of very well known vulnerabilities, exploited with cheap off-the-shelf code.

Lt. Gen. David Deptula, who oversees the Air Force’s unmanned aviation program, told the Wall Street Journal that some of the drones would employ a sophisticated new camera system called “Gorgon Stare,” which allows a single aerial vehicle to transmit back at least 10 separate video feeds simultaneously. But since the UAVs need to send their feeds over great distances they are subject to listening and exploitation: in other words, as we have already explained many times on this blog, Confidentiality (the attribute of Information representing the assurance that information is shared only among authorised persons) was compromised.

Since the U.S. government has known about the vulnerability since the U.S. campaign in Bosnia in the 1990s, it is clear that the Pentagon assumed the risk of data being intercepted by local insurgents or enemies, unimportant. An effective countermeasure that could prevent anybody from intercepting the video feeds is obviously encryption. Someone wondered why there are plenty of systems to encrypt radio transmissions while there’s almost nothing to encrypt video feeds. Simple: because encrypting a hi-definition video streaming is much more demanding (in terms of computational needs, hence hardware equipments) than encrypting audio.

Therefore, fixing the security hole would have caused additional costs and delays (because of the time needed for procurement, testing, implementation etc). Even the MQ-9 Reaper (whose version order by the Italian Air Force is known as Predator B), whose cost is around 10 million USD each, despite being faster, better armed and more capable than the Predator, will be subject to the same problem…an issue that will have to be fixed as soon as possible since the aircraft is already operating in Afghanistan, Iraq and it is also involved in anti-piracy combat patrols in the Indian Ocean.