Category Archives: Captured Stealth Drone

Captured U.S. stealthy drone was hijacked exploiting GPS vulnerability. But hack description does not solve the mystery

Eventually there is an explanation for the mysterious capture of the U.S. stealth drone by Iran. In an exclusive interview to the Christian Science Monitor, an  Iranian engineer (on condition of anonymity) working to reverse engineer the RQ-170 Sentinel hacked while it was flying over the northeastern Iranian city of Kashmar, some 225 kilometers (140 miles) away from the Afghan border, says they were able to exploit a known vulnerability of the GPS.

In simple words, in a scenario that I had more or less described in my last post which described also the known threats to the drone’s Position, Navigation and Guidance system, the Iranain electronic warfare specialist disrupted the satellite link of the American robot and then reconfigured the drone’s GPS setting the coordinates to make it land in Iran at what the Sentinel thought it was its home base in Afghanistan.

They jammed the SATCOM link and then forced the drone into autopilot reconfiguring the waypoint of the lost-link procedure to make it land where they wanted.

Such techniques were tuned by studying previously downed smaller drone, like the 4 U.S. and 3 Israeli that could be exhibited in Iran in the next future.

Furthermore, in explaining why the “Beast of Kandahar” had signs of belly landing the engineer said to CSMonitor:

“If you look at the location where we made it land and the bird’s home base, they both have [almost] the same altitude,” says the Iranian engineer. “There was a problem [of a few meters] with the exact altitude so the bird’s underbelly was damaged in landing; that’s why it was covered in the broadcast footage.”

Ok, this seems to explain almost everything.

However, to be honest, it is the last sentence that raises some questions. Landing a drone, as well as an airplane, with the autopilot on a runway it’s not only a matter of altitude. There are many other things to consider, like the runway heading, the procedure to be followed on approach to avoid specific areas, known obstacles etc.

Maybe the Iranians had identified an airport with the same runway heading, with the same elevation, with no planes interesting runways and taxiways and so on. Still, it’s hard to believe that the Sentinel did not encounter any obstacle and suffered only some (minor) damages on landing.

So I’m still not certain that, although tricked by GPS spoofing, a drone can be landed safely without taking over control even if the Iranian engineer said to CSMonitor that they made the robot

“land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.

Without considering that the lost-link procedure does not foresse the RQ-170 landing autonomously at his actual homebase (because of the many variables, such as wind and traffic) but orbiting until link is re-established or fuel finishes.

Anyway, maybe it’s time for the U.S. to reconsider their drones’ equipment, countermeasures and combat operation procedures as well as Iran’s electronic and cyberwarfare capabilities.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link (click and scroll down): https://theaviationist.com/category/captured-stealth-drone/

"Three U.S. and four Israeli drones captured in Iran to be put on display soon": Tehran Times says. "Downed" RQ-170 saga continues

Tehran Times reported that Iran is about to put on display “foreign spy drones in Iran’s possession” within an exhibition that will also showcase the “latest domestically manufacture electronic warfare equipment”, and national reporters and foreign ambassadors will be allowed to visit them.

According to a source close to the Iranian newspaper, the foreign robots in the hands of the  ayatollahs’ regime are three U.S. and four Israeli drones.

“the four Israeli drones that are now in Iran’s possession had violated the country’s airspace along the eastern borders, and the three U.S. unmanned aircraft had penetrated into the country’s airspace along either the eastern or southern border.”

The news arrives in the aftermath of the capture of a stealth RQ-170 Sentinel, so far considered the most advanced (known) U.S. drone, the first to be displayed after several claims of American ‘bots downed while spying uranium enrichment sites as part of the covert war against Iran’s nuclear program.

Interestingly, the same article discloses for the first time what everyone already knew: a number of countries have reportedly asked for permission to inspect the “Beast of Kandahar”.

While waiting for new images to analyze, there are still many questions to be answered about the capture of the stealthy Sentinel.

An interesting document titled “Report on Operating Next-Generation Remotely Piloted Aircraft for Irregular Warfare”  published by the U.S. Air Force Scientific Advisory Board in April 2011 and made available by Public Intelligence a couple of days ago, provides some interesting (and official) assesement about the reliability of the communication link between the drone and the ground control station.

According to the document, U.S. drone are subject to the following threats (excerpt):

  • Jamming of commercial satellite communications (SATCOM) links is a widely available technology.  It can provide an effective tool for adversaries against data links or as a way for comma nd and control (C2) denial.
  • Operational needs may require the use of  unencrypted data links to provide broadcast services to ground troops without security  clearances.  Eavesdropping on these links is a known exploit that is  available to adversaries for extremely low cost.
  • Spoofing or hijacking links that can lead to damaging missions, or even to platform loss.

Dealing with the threat to Position, Navigation and Guidance the documents undelines that:

“There is a wide range of methods that a determined adversary can use for  attacking RPA guidance and navigation systems.  The report mentions here only three  categories of threats without going into the details:

  • Small, simple GPS noise jammers can be  easily constructed and employed by an unsophisticated adversary and would be  effective over a limited RPA operating area.
  • GPS repeaters are also available for corrupting navigation capabilities of RPAs.
  • Cyber threats represent a major challenge for future RPA operations.  Cyber attacks can affect both on-board and ground systems, and exploits may range from asymmetric CNO attacks to highly sophisticated electronic systems and software attacks.”

So, what may have happened to the Sentinel?

We can only speculate. The drone may have suffered a lost-link event because of a technical failure (link losses occurs every now and then) or an attack from Iran. Following the loss of satellite link, the procedure foresees that the drone switches to automatic flying and heads towards a preplanned set of waypoints to fly a loop until link is re-established or fuel finishes (with consequent crash).

As I think (and hope) that the preplanned waypoint for lost-link procedure for a mission inside the enemy airspace is set inside the friendly airspace (in order to prevent it from crashing “behind the enemy lines”) I can’t explain why the drone crashed in Iran and not in Afghanistan.

Unless, Iran was really able to corrupt the stealthy robot’s navigational system using jammers and rogue GPS repeaters guiding it in the wrong direction.

04:00PM GMT Dec 15 update

Something that came to my mind while discussing this post with Guido Olimpio, Corriere della Sera correspondent from the U.S.: Tehran is going to show the remains of 7 drones (4 American and 3 Israeli robots) “downed” in Iran. But, if they were flying inside the Iranian airspace they had to be stealth ones.  Shall we expect something never seen before?

BTW: the exhibition could something like the Tishreen War Panorama museum in Damascus, Syria, that I visited few years ago, where wreckage of Israeli planes and parts of them, were showcased.

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: https://theaviationist.com/category/captured-stealth-drone/

How many U.S. stealthy drones were actually lost in Iran? New theories about the "downed" RQ-170 surface

Iran will clone and maybe improve the U.S. RQ-170 drone captured on Dec. 4, during a surveillance mission inside the Iranian airspace. One of the few certain facts is that Iran will reverse-engineer the “Beast of Kandahar” and “launch production of their own drone.”

That’s what Vice-Chairman of the parliament’s National Security and Foreign Policy Commission Hossein Ebrahimi told Fars News Agency on Sunday. A statement that made the news but that did not come unexpected, since every single piece of a stealthy weapon system can be used to study and copy advanced technologies, as happened for the Stealth Black Hawk which crash landed at Abbottabad during the Osama Bin Laden raid.

If few metal chunks can give some information about the way a stealth plane was designed, an almost intact drone can give a lot more information. Although the internal memories were (probably) automatically erased as a consequence of the loss of control procedure and data will never been recovered, the circuitry, lenses, memories and sensors are still there and can be evaluated, tested and copied. And, maybe, improved, with the help of some interested third parties (Russia and China).

Anyway, many new theories are trying to explain what really happened to the Sentinel captured in Iran. Some visitors pointed me to a youtube video that was also included in an interesting post by Aviationintel.com, showing a Global Hawk drone crashing at China Lake range. The footage shows the Unmanned Aerial Systems spinning after departing controlled flight until crashing into the ground.

Drones as the Global Hawk or the RQ-170 are made of composite materials and land quite gently on the ground because their surfaces produce a huge amout of lift that tends to drag it in the descent. Even if I can’t be sure, I think that a falling Sentinel, spinning like the China Lake RQ-4, would be extensively damaged. Much more than the slightly damaged Sentinel we have seen in a gymnasium few days ago.

Unless the one showcased by the Iranians (possibly here) is an RQ-170 obtained by melting pieces belonging to various wrecked Sentinels, as suggested by Nico, a reader of this blog. An intriguing theory, coherent with all previous claims (not backed by photographic evidences) that Iran has downed no less than 4 four U.S. drones in the last 12 months but quite worrying since it would imply that the U.S. have already lost a significant amount of spy robots in Iran.

Even if the captured one raised many questions, I tend to believe it is a single Sentinel (version could be slightly different from the example seen at Kandahar in 2009), lost for unknown reasons (maybe a technical failure) and crash landed deep inside the Iranian territory so gently to remain almost intact. Iranian military were able to locate and secure it before the U.S. team could locate and destroy it.

That’s it. All the rest is just an attempt from both sides to hide operational flaws or make propaganda.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: https://theaviationist.com/category/captured-stealth-drone/

Updated: Iranian newspaper ads makes fun of Lockheed Martin after U.S. stealth drone capture but video showing alleged Sentinel is a doctored LM Polecat promo

The mysterious episode that led to the capture of the U.S. stealthy drone has been on the pages of the newspapers all around the world. On Dec. 10, the Iranian daily Hamshahri published an advertisement, put by an unidentified person, making fun of Lockheed Martin the U.S. company which has developed the “Beast of Kandahar”.

According to the Tehran Times, the advertisment reads: “The latest product of Skunk Works ready to be launched.”
Skunk Works is an official alias for Lockheed Martin’s Advanced Development Programs, which is responsible for a number of famous aircraft designs. Among them the U-2, the F-117, the F-22 and the F-35, respectively, the spyplane of the Gary Powers downing, the stealth plane downed by the Serbians during Allied Force in 1999; the fighter plane with stealthy features grounded for several months by oxygen systems problems in 2011; and the world’s most advanced and costly stealth multirole aircraft.

If the authenticity of the alleged captured drone (on display in what looks like a gym of a school) is still under debate, I think that, in spite of the title, everyone will easily agree that the one in the video below is not an RQ-170.

Original version available here: http://irnafilm.ir/NSite/FullStory/News/?Id=2204

What drone is that? Simple, the Iranians doctored a Lockheed Martin Polecat promo video. Same footage!

In the meanwhile, more information about the captured RQ-170 have surfaced. For instance, in the first article I published after seeing the first pictures of the drone in Iran I said that the desert/beige color scheme of the robot, previously seen in what seemed to be a grey camouflage, was unusual therefore interesting. However, Schuyler Denhaman, pointed me to an interesting image already published on Militaryphotos.net showing a nose close up picture (taken in 2010) of a Sentinel whose color is much similar to the one of the drone showcased by the Iran Republican Guard.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: https://theaviationist.com/category/captured-stealth-drone/

"This is the school in Iran where the captured U.S. stealthy drone is hidden" source says. Maybe.

According to “CalebS” a very well informed source of this website who has already provided valuable advice to study the high resolution pictures released yesterday by the Iranian Republic Guard, the one marked with the green arrow in the Google Maps screenshot below is (or at least could be) the location where the captured RQ-170 was (and maybe still is) hidden.

It should be a building next to school, a countermeasure used to avoid an air strike aimed at destroying the (once) secret stealthy robot.

Since I can’t be sure it is the actual place where the “Beast of Kandahar” was photographed (so “speculation on!”), I have to trust what CalebS says. I have asked him to explain how I can be sure the building located at 35.270443,57.971007 is the right place based on a purely qualitative analysis because the only thing I can assess by looking at that building is that it is next to a school and located outside the town where the drone was supposedly lost.

Here’s what CalebS explained:

“It has the same construction characteristics that I would expect from seeing the photos of the inside. Plus take the angle of the sun in the photo and it looks like the building is facing the correct direction. Then look at the shadow of the building and it appears to be tall enough. Then see where the side door entrance is and that could be a path… Next look at the size of the building, seems to be the exact same size when measured using google maps satellite images.”

The description was not intended to prove anything. Since the source could not provide any photo or any other evidence that the school was the right place, he gave me some details that could help me in the verification process.

What’s your opinion?

Stay tuned.

This, along with all the previous articles on the Sentinel drone in Iran, can be found at the following link: https://theaviationist.com/category/captured-stealth-drone/