Report: Iran Claims To Have Hacked, Then Hijacked Stealth Drone

A report on the Web site of the Christian Science Monitor claims that Iran exploited a long-known vulnerability in the GPS navigation system of the U.S.’s RQ-170 Sentinel drone to force it into landing safely within Iran. 

A report on the Web site of the Christian Science Monitor claims that Iran exploited a long-known vulnerability in the GPS navigation system of the U.S.’s RQ-170 Sentinel drone to force it into landing safely within Iran. 

The report, Thursday, cites an Iranian engineer that is part of a team that is analyzing the drone, which was captured last week. It claims that the Iranians first blinded the aircraft by jamming its communications. They then exploited a known vulnerability in the GPS system used by the drones to fool it into thinking it was landing at its home base in Afghanistan. Instead, the drone landed, intact, within Iran.

The report, if true, is a serious blow to U.S. military and intelligence operations within the country. Recent reports cite circumstantial evidence a mounting cold war between the U.S. and its allies, including Israel, and Iran. That war has included high level defections, mysterious deaths and apparent assasinations and covert cyber operations, such as the Stuxnet worm, which is widely believed to have been developed to retard Iran’s nuclear program.

Unmanned drones have played an important role in the covert operations, flying along the border regions with Afghanistan (according to the U.S.) and over Iran itself (according to the Iranian government) to monitor the country’s nuclear program. 

The capture, intact, of one of the military’s most sophisticated drones is an intelligence coup for the Iranians, allowing the country’s technicians to reverse engineer the hardware and software used to control the ship. It could also be a boon to Iran’s allies and would-be allies, including China and Russia, either of which would be anxious to get their hands on one of the U.S. military’s most advanced drones. 

The GPS vulnerability exploited by the Iranians was discovered using research on other downed drones, according to the Monitor report. 

Problems with the wireless navigation and communications systems used by stealth aircraft aren’t new. The Wall Street Journal reported in 2009 that insurgents in Afghanistan were able to capture video footage from hovering drones using Skygrabber, a widely available piece of commercial software that can intercept satelllite data. The military says that it has since beefed up the security of communications to and from drones. However, they still rely heavily on military grade GPS for navigation. More recent reports documented a malware infection at Creech Air Force Base, the command and control center for the military’s drone aircraft. Finally, a recently leaked report by the U.S. Air Force Scientific Advisory Board found that “limited communications systems” in remotely piloted aircraft “restul in communications latency, link vulnerabilities and lost link events.” 

Suggested articles

Discussion

  • Keith on

    I believe this as much as I believe that there are no gay people in Iran. In other words it is complete nonsense, for more reasons than I care to elaborate.

  • Jan on

    Did someone really forget ... if (gps_power_level > MAX_GPS_POWER_LEVEL || gps_power_level > gps_power_level_moving_average * 1.5) { suspend_gps(); }
  • Anonymous on

    They run w1nders on that thing!

     

  • Anonymous on

    Hacked by a real 1337 way..

  • puppy on

    People forget that things are only as good as the designers.

    If you design a system that controls a remote drone, there HAS TO BE a way to put it in mainantance mode. And one would think that a million dollar drone, (or more) would have software that said if no communication and in flight, land softly or return home. Now if there is a way to confuse the GPS... hmm, lets think... maybe have a spoofed signal that is stronger then the satilites...Hmmm....

    So, all I need is a jammer that is stonger then the control signal and do a man in the middle attack even if it encrypted to confuse the drone, then have a signal that can superimpose a GPS signal and re-write world coodinates.

    Now I have a plane that I am not controlling, but I can tell it to 'go home' and change where home is be making pretend that the world is offset therefore the 'home' moved.

    If that is how the drone was captured, that is a very simple hack. No rocket science there...

     

  • Anonymous on

    I agree with puppy on this. There's no reason to think that this hack / operation would be far more sophisticated than what the drone itself can do with mobile communications. Jamming the control signal would probably set the drone to a "return to base" mode and using a man in the middle attack powerful enough to feed the desired coordinates of landing.

  • Anonymous on

    If the drone was jammed so it could no longer receive instructions, wouldn't it be able to recognize the condition and switch to some default return route home?  No need for communications to get directions or even to recognize the landscape, just turn around and reverse direction.  Of course, there are certain variables like wind speed that need to be handled but overall this approach seems better than just landing in a hostile location.  Everything seems just too neatly wrapped.  

  • Anonymous on

    If the drone was jammed so it could no longer receive instructions, wouldn't it be able to recognize the condition and switch to some default return route home?  No need for communications to get directions or even to recognize the landscape, just turn around and reverse direction.  Of course, there are certain variables like wind speed that need to be handled but overall this approach seems better than just landing in a hostile location.  Everything seems just too neatly wrapped.

  • Anonymous on

    And how exactly is an UAV supposed to know where it is or where it's going without external data input? Is it supposed to count to a thousand and veer left then count another five thousand and drop altitude?

  • Anonymous on

    And how exactly is an UAV supposed to know where it is or where it's going without external data input? Is it supposed to count to a thousand and veer left then count another five thousand and drop altitude?

  • Anonymous on

    I believe that the drones would have preloaded terrain recognition mapping software that is similiar to the tomahalk missiles which would make the hack job a little more sophisticated.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.