Drone hijacked by hackers from Texas college with $1,000 spoofer

Researchers at the University of Texas at Austin hacked and hijacked a drone in front of the dismayed Department of Homeland Security officials who had dared them $1,000 to do it.

According to exclusive coverage of the event from Fox News, the researchers flew the small surveillance drone over the Austin stadium last Monday.

The drone followed a series of GPS waypoints programmed into its flight computer in what initially looked like a routine flight.

At one point, the drone veered off course from its intended flight path.

It banked hard to the right, “streaking” toward the south, before it turned to hurtle at the ground in what looked like imminent drone suicide, according to Fox’s description.

A safety pilot radioed the drone – which was owned by the university, according to Reuters – and forced it to pull up just a few feet before it would have crashed into the field.

The demonstration of the near-disaster, led by Professor Todd Humphreys and his team at the UTA’s Radionavigation Laboratory, points to a “gaping hole” in the US’s plan to open US airspace to thousands of drones, Fox noted: namely, drones can be turned into weapons, given the right equipment.

The researchers managed to hack the drone with a spoofer they put together with about $1,000 worth of parts.

The Department of Homeland Security traditionally has been concerned with GPS jammers – the method of interference that some believe Iran used to bring down a US spy drone in December.

But others, including an anonymous Iranian engineer quoted by the Christian Science Monitor, say that Iran actually used the same spoofing technique that the Texas researchers demonstrated.

Spoofing allows a hacker to take control of a GPS-guided drone and force it to do whatever the attacker commands.

According to the Christian Science Monitor, this is how the engineer described the Iranians’ use of spoofing:

The 'spoofing' technique that the Iranians used - which took into account precise landing altitudes, as well as latitudinal and longitudinal data - made the drone 'land on its own where we wanted it to, without having to crack the remote-control signals and communications' from the US control center, says the engineer.

Spoofing involves mimicking the signals of the drone’s global positioning device and eventually taking it over completely by sending stronger signals than the unmanned aerial vehicle’s (UAV’s) legitimate commands.

Humphreys claims that the $1,000 spoofer he and his team rigged up to hack the university’s drone last Monday is the most advanced one ever built.

He also says that the implications of a UAV’s vulnerability to this type of spoofing are serious. Here’s how he described the potential scenario to Fox News:

In 5 or 10 years you have 30,000 drones in the airspace... Each one of these could be a potential missile used against us.

Meanwhile, the Pentagon and drone manufacturers in February pressured Congress to order the Federal Aviation Administration (FAA) to cook up rules that allow government and commercial use of drones in the US by 2015 – an idea that raises serious privacy concerns, with the prospect of police drones keeping watch on citizens already a reality.

Should we trust the US government to darken the skies above us with surveillance UAVs?

On privacy grounds it seems an obvious “No”, and apparently not on “make sure those things aren’t aimed at our heads” grounds either. From Fox News:

DHS is attempting to identify and mitigate GPS interference through its new 'Patriot Watch' and 'Patriot Shield' programs, but the effort is poorly funded, still in its infancy, and is mostly geared toward finding people using jammers, not spoofers.

The potential consequences of GPS spoofing are nothing short of chilling. Humphreys warns that a terrorist group could match his technology, and in crowded U.S. airspace, cause havoc.

"I'm worried about them crashing into other planes," he told Fox News. "I'm worried about them crashing into buildings. We could get collisions in the air and there could be loss of life, so we want to prevent this and get out in front of the problem."

We’re being protected from these chilling scenarios by “poorly funded” programs that are “still in their infancy”?

I don’t have much faith in Congress standing up to the Pentagon and drone manufacturers, so Mr. Humphreys and your team, thanks for getting in front of the problem.

Let’s hope the DHS joins you, preferably before we’ve got hackable juggernauts flying over us.

Drone and UAV images, courtesy of Shutterstock.