Captured U.S. stealthy drone was hijacked exploiting GPS vulnerability. But hack description does not solve the mystery

Eventually there is an explanation for the mysterious capture of the U.S. stealth drone by Iran. In an exclusive interview to the Christian Science Monitor, an  Iranian engineer (on condition of anonymity) working to reverse engineer the RQ-170 Sentinel hacked while it was flying over the northeastern Iranian city of Kashmar, some 225 kilometers (140 miles) away from the Afghan border, says they were able to exploit a known vulnerability of the GPS.

In simple words, in a scenario that I had more or less described in my last post which described also the known threats to the drone’s Position, Navigation and Guidance system, the Iranain electronic warfare specialist disrupted the satellite link of the American robot and then reconfigured the drone’s GPS setting the coordinates to make it land in Iran at what the Sentinel thought it was its home base in Afghanistan.

They jammed the SATCOM link and then forced the drone into autopilot reconfiguring the waypoint of the lost-link procedure to make it land where they wanted.

Such techniques were tuned by studying previously downed smaller drone, like the 4 U.S. and 3 Israeli that could be exhibited in Iran in the next future.

Furthermore, in explaining why the “Beast of Kandahar” had signs of belly landing the engineer said to CSMonitor:

“If you look at the location where we made it land and the bird’s home base, they both have [almost] the same altitude,” says the Iranian engineer. “There was a problem [of a few meters] with the exact altitude so the bird’s underbelly was damaged in landing; that’s why it was covered in the broadcast footage.”

Ok, this seems to explain almost everything.

However, to be honest, it is the last sentence that raises some questions. Landing a drone, as well as an airplane, with the autopilot on a runway it’s not only a matter of altitude. There are many other things to consider, like the runway heading, the procedure to be followed on approach to avoid specific areas, known obstacles etc.

Maybe the Iranians had identified an airport with the same runway heading, with the same elevation, with no planes interesting runways and taxiways and so on. Still, it’s hard to believe that the Sentinel did not encounter any obstacle and suffered only some (minor) damages on landing.

So I’m still not certain that, although tricked by GPS spoofing, a drone can be landed safely without taking over control even if the Iranian engineer said to CSMonitor that they made the robot

“land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.

Without considering that the lost-link procedure does not foresse the RQ-170 landing autonomously at his actual homebase (because of the many variables, such as wind and traffic) but orbiting until link is re-established or fuel finishes.

Anyway, maybe it’s time for the U.S. to reconsider their drones’ equipment, countermeasures and combat operation procedures as well as Iran’s electronic and cyberwarfare capabilities.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/
About David Cenciotti
David Cenciotti is a freelance journalist based in Rome, Italy. He is the Founder and Editor of “The Aviationist”, one of the world’s most famous and read military aviation blogs. Since 1996, he has written for major worldwide magazines, including Air Forces Monthly, Combat Aircraft, and many others, covering aviation, defense, war, industry, intelligence, crime and cyberwar. He has reported from the U.S., Europe, Australia and Syria, and flown several combat planes with different air forces. He is a former 2nd Lt. of the Italian Air Force, a private pilot and a graduate in Computer Engineering. He has written five books and contributed to many more ones.

5 Comments

  1. Lets face it:
    It is a hoax.

    The “drone”is displayed on a gym floor, suitable for basketball:
    Have a look at a basketball floor dimensions:

    It is an immense joke!

  2. I know I’m late on this but I need to make a few points that you all are missing.
    1) Beings that this is a military aircraft it is likely using military grade GPS. Military grade gps is much more difficult to jam. And it can’t really be “faked out” because it is encrypted. The Iranians would have to have had the encryption key, which is extremely unlikely because these keys have the same level of security classification as the project itself (Secret or Top Secret).
    2) Autonomous landing of a UAV is a relatively simple task, and almost all of our modern systems are capable of it. We are currently developing a drone that can land autonomously on a aircraft carrier.
    3) The most likely scenario is that there was some sort of software glitch that put the aircraft into auto-land mode.
    4) Even if the Iranians were able to detect the aircraft, it is extremely unlikely that they were able to hijack it. Everything on that aircraft is encrypted. And if they do have other U.S drones in their possession, they would be of limited value to them. All systems of this type have “anti-tamper” technology on them. This basically means in the event of a failure or crash, all of the electronics are fried to prevent the enemy from obtaining the code and reverse engineering or exploiting vulnerabilities.
    5) Iran just got lucky, they had nothing to do with this aircraft crashing.

1 Trackback / Pingback

  1. December 2011 Cyber Attacks Timeline (Part I) « Il Blog di Paolo Passeri

Comments are closed.