In an unexpected development in the contest between insurgents and drone-wielding western armies, it seems that cheap software is capable of intercepting video feeds from UAVs, and that this is being put to use in Afghanistan, Iraq, and Pakistan. This is done using software like SkyGrabber, which is available online for about $25.
Insurgents with radio gear and the software cannot control the drones, but they can see what the Americans consider to be worth watching, work out where convoys are located, etc. The US is apparently working on improving the encryption used by the drones, in order to make it harder to intercept and interpret their communication. You wouldn’t think it would be so difficult to put chips on the drones that are capable of applying strong symmetric or public key encryption algorithms to outgoing communications. And as for bandwidth on the network, few contemporary encryption algorithms produce ciphertext that is substantially larger than plaintext; as such, the burden of transmission should be about the same with or without strong encryption.
Partly, all this is an illustration of how the security of a whole chain of operations can be compromised by the weakest components – especially when other components in the system will reduce their security level for the sake of compatibility. Just as it is problematic to have card readers for chip and PIN cards that will fall back to using the magnetic strip when the chip doesn’t work, it is problematic to have a drone communications network in which a few non-upgraded components degrade the quality of encryption across the entire link.
Making the transmissions more directional, and employing other techniques like frequency hopping, could also reduce the vulnerability of UAVs to both cryptanalysis and simple traffic analysis. Drones operating off satelite uplinks could be set up to broadcast overwhelmingly upward, where signals are unlikely to be intercepted. More autonomous drones that can operate independently and transmit information in short bursts might also be more resistant to interception. While the Taliban can’t be too advanced in their cryptographic capabilities, you can be sure that competing navies will be tryingt to get into the drone-based Broad Area Maritime Surveillance (BAMS) system the US Navy is building.
$26 of Software Defeats American Military
“A computer program that can be easily purchased for $25.95 off the Internet can read and store the data transmitted on an unsecured channel by an unmanned drone. Drones are crucial to American military operations, for these aerial vehicles enable Washington to conduct war with a reduced number of soldiers. ‘… the intercepts could give America’s enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under US surveillance.'”
SINCGARS (Single Channel Ground and Airborne Radio System) is a Combat Net Radio (CNR) currently used by U.S. and allied military forces. The radios, which handle voice and data communications, are designed to be reliable, secure and easily maintained. Vehicle-mount, backpack, airborne, and handheld form factors are available.
SINCGARS uses 25 kHz channels in the VHF FM band, from 30 to approximately 88 MHz. It has single-frequency and frequency hopping modes. The frequency-hopping mode has a slow hop rate.
The SINCGARS family has mostly replaced the Vietnam-war-era synthesized single frequency radios (AN/PRC-77 and AN/VRC-12), although it can work with them. An aircraft radio SINCGARS is phasing out the older tactical air-to-ground radios (AN/ARC-114 and AN/ARC-131).
Over 250,000 SINCGARS radios have been purchased. There have been several system improvement programs, including the ICOM version, which has integrated voice encryption, and the ASIP version, which is less than half the size and weight of the ICOM-SIP version. In 1992, the U.S. Air Force awarded a contract to replace the AN/ARC-188 for communications between Air Force aircraft and Army units. SINCGARS is expected to be replaced starting in 2008 with the Joint Tactical Radio System (JTRS), a software-defined radio that will work with SINCGARS, HAVE QUICK and other existing radios.
“Apparently the Predator transmits video over an unencrypted link, so there’s no major hacking or security breach going on here, but it’s obviously a huge issue — and we’d say the bigger problem is that Pentagon officials have known about this flaw since the 1990s, but they didn’t think insurgents would figure out how to exploit it. Way to underestimate, guys. The WSJ says the military is working to encrypt all Predator feeds from Iraq, Afghanistan, and Pakistan, but it’s slow going because the Predator network is more than a decade old and based on proprietary tech — too bad it’s not proprietary enough to keep prying eyes out of it.”
Technical explanation of Predator drone hack published
By Xeni Jardin on Technology
Wikileaks has published what is identified as detail and a demonstration of “how to read out video and mission control data from US Predator drones, which are in operation around the world, especially in Afghanistan and Pakistan.”
Are America’s ground-based war robots leaking video to the enemy, too?
By Xeni Jardin on war
America’s battlefield robots may be leaking military secrets. The same security hole that allowed Iraqi insurgents to capture video from unmanned aerial surveillance drones may also have let them spy on ground ‘bots.
PDF p.104 of this document (discussed here) talks about operational security issues surrounding unmanned reconnaissance drones used during the Vietnam War.
This suggests to me that both drone and counter-drone tactics have been part of warfare (including campaigns against guerrilla forces) for quite a bit longer than many people might guess.
Afghanistan war logs: Out-of-control drone shot down by US jet plane before it flew into Tajikistan
http://www.guardian.co.uk/world/afghanistan/warlogs/97AF499B-848B-4FCC-9C0F-8D520A860F13
“An F15 was ordered to shoot down a REAPER UAV that had lost its control link in the south of Afghanistan. All efforts were made to re-establish the link before a decision was made to shoot the UAV down prior it crossing into TAJIKISTAN. The CAOC selected an unpopulated area over which to down the aircraft. An F15 fired on the REAPER and it destroyed its engine, however the link was re-established and the controller was able to guide it into a mountain in RAGH District. The GRID of the downed REAPER is Lat 3738.64N Long 07025.345E // Keypad: 97cs9. There were no sensitive items on board the REAPER but it did go down with its ordnance (Hellfire and GBU-12). NFTR.”