Droning to Win: How the UAV Wars Began

In Pablo Picasso’s timeless work, Guernica, the “Eye of God” is said to be watching over the small Basque town, which the painter selects to immortalize the calamity engulfing his homeland in 1937. Looking at the picture, one might lose sight of the wider narrative that was to define the coming war and all major airpower engagements of the modern era, including the current battle against ISIS. Today, strategic bombing has risen to become the dominant form of technological combat. Since the beginning of the 20^th century, each year has witnessed larger and more deadly payloads. Although unarticulated at the time of the “Eye of God,” fly-fight-win applies today just as it did in 1937. That said, by the end of Obama’s presidency, more death from above will have been attributed to Unmanned Aerial Vehicles (UAVs), or drones, than even the Bush administration could muster, a radical change from manned combat.

Matthew Peacock and Michael Johnstone of Edith Cowan University’s Security Research Institute have demonstrated with their experimental findings that long-distance power projection through drones might not be solely the prerogative of sovereigns. In their paper, they explain that hacking drones might be as simple as buying a laptop and connecting to a local Wi-Fi network. The implications of the study do not bode well for the US, the largest disclosed drone operator in the world, which is also planning for fully autonomous drones by 2036, as outlined in a Department Of Defense directive.

The authors stress that concerns around drone use are not limited to the defense community. With drones already being used in agriculture, commercial photography, biological studies, and weather reporting, there are numerous everyday applications for drones in which the domestic populace is already invested. Eric Holder’s official comments on drone use for terminating Americans, in March of last year, touched off a political firestorm, but more mundane applications may yet generate significant controversy. The fact that the public can purchase UAVs on Amazon for as little as 350 USD—and, Amazon hopes, be delivered by UAV as well—means that domestic drone use has quickly made the jump from news reporting to the neighborhood.

Peacock and Johnstone begin by posing several hypotheses, each geared towards proving that drones are becoming increasingly accessible to the general population. If true, drones with potentially dangerous payloads pose an elevated threat to the public. More importantly, the possibility of stealing drones in midair while they are, for example, loaded with fertilizers in a routine crop dusting run, heightens the magnitude of this threat.

With this in mind, the researchers set out with a Red-Blue team scenario familiar to many defense specialists. They hypothesize that if they took an off-the-shelf commercial drone and set it aloft, hijackers would be able to successfully take it over wirelessly. Peacock and Johnstone decompose their experiment into several parts that test whether or not 1) the drone’s network signature can be determined; 2) it is vulnerable to direct connections; 3) the master/slave connection procedure between the real operator and the UAV can be determined; and 4) the drone can be de-authenticated, rather than just temporarily cut-off from the real operator.

Results reveal that the UAV is vulnerable in a number of ways. Peacock and Johnstone use open source software (nmap, wireshark, and aircrack-ng) and a Lenovo equipped with a standard USB wireless card to establish control over the UAV, which itself was being operated by a retail handheld device. While encryption standards have radically changed as of late, this implies that pedestrian users of UAVs operating from widely available mobile devices face risks as drone technology becomes more popular.

It would be misleading to suggest that any one with a smart phone can hijack a UAV, however. Peacock and Johnstone are sufficiently educated in computer science techniques that allow them to target and upload a special control code, a unique signature, to the MAC address of the drone while the UAV was operating. In other words, they are able to gain entry into the drone’s intelligence system, all the way down to a basic level where only administrators are typically allowed, in theory meaning that they assume editing power over fundamental lines of code. The intruder was even able to take control over the video camera attached to the drone. This would be like letting someone you don’t know into the basement to inspect your support pillars and giving them a direct cable feed for the visual security system in the building.

This paper’s findings expose a weakness in the drone manufacturing industry, which will top out at 98 billion USD over the next decade. With terrorists making highly effective uses of technology in recent conflicts—ISIS has already released videos filmed with its own drones—it is not difficult to imagine someone with perfidious intent contemplating a large-scale attack using drones.

Article Source: Peacock, Matthew and Johnstone, Michael. “Towards Detection and Control of Civilian Unmanned Aerial Vehicles.” Proceedings of the 14th Australian Information Warfare and Security Conference, Edith Cowan University, Perth, Western Australia , December 2-4, 2013.

Featured Photo: cc/(Gabriel Garcia Marengo)