UPDATED 7/20/12, 11.30AM
On June 19, when University of Texas researchers successfully hijacked a drone by "spoofing" it – giving it bad GPS coordinates – they showed the Department of Homeland Security how civilian drones could fall into the wrong hands, exposing a potentially serious security flaw. It was exactly what Todd Humphreys, the lead researcher, anticipated in a TEDx talk in February: "You can scarcely imagine the kind of havoc you could cause if you knew what you were doing with a GPS spoofer."
On Thursday, a month after the experiment, the investigations panel of the House Homeland Security Committee held a hearing on how civilian drones could affect the security of the American airspace. "These findings are alarming and have revealed a gaping hole in the security of using unmanned aerial systems domestically," said Rep. Michael McCall, the panel's chairman. "Now is the time to ensure these vulnerabilities are mitigated to protect our aviation system as the use of unmanned aerial systems continues to grow."
Problem is, the FAA and the Department of Homeland security have yet to come up with specific requirements or a certified system to protect drones from GPS attacks. And what's worse, neither of them takes responsibility for it. "The Department of Homeland Security mission is to protect the homeland. Unfortunately, DHS seems either disinterested or unprepared to step up to the plate," said McCall, noting that representatives from the DHS declined to testify at the hearing. The FAA declined to comment on GPS security after the spoofing test.
Some of the drone manufacturers have their own systems to counter spoofing attacks, but others either think this is not their job, are not worried at all, or were completely taken by surprise.
"We've always been aware of [GPS threats like] jamming and lost satellites," said Dennis D'Annunzio, Chief Technical Officer of drone maker Rotomotion, which produces drones used by local police like the North Little Rock Police Department in Arkansas. "But spoofing and taking control was something that we weren't anticipating."
D'Annunzio said they have systems to deal with jamming and the loss of signal from satellites, but if somebody sends a spoofing signal and fools the drone's GPS receiver, then they have no answer because they can't detect it – to the GPS receiver, that signal looks just the same as the one coming from the satellite. "If they work fine, everything looks good, none of the GPS numbers have changed, the GPS signal strength hasn't changed … how would I know?" said D'Annunzio.
Kevin Lauscher, a representative from commercial drone manufacturer DraganFly thinks this is not an issue at all. "It's not really a big concern because our systems are designed to be flown in very close proximity and quite low level," he told Danger Room. Indeed, DraganFly drones (which have been sold to the Seattle Police Department) are built to be always under the scrutiny of an operator, so if something goes wrong, "we simply land," he said.
At the congressional hearing Thursday morning, the University of Texas' Humphreys noted that the risks with small drones are limited. "Currently I'm not terribly worried about this," he said, even though he told Fox News that when you have 30,000 drones in the airspace in the next few years, like the FAA estimates, "each one of these could be a potential missile used against us."
Humphreys added that vulnerable drones could become a bigger problem when larger unmanned planes are allowed to fly in the national airspace. FedEx CEO Fred Smith, for instance, has long mused about using drones to deliver packages.
AdaptiveFlight, which built the unmanned helicopter used in Humphreys' test, is supposedly working on a system to counter spoofing attacks. Company CEO Wayne Pickell declined to provide details, but he told Danger Room that basically the firm is working on a system that would detect when a spoofing attack is being carried on, which would allow them to turn off GPS navigation and take manual control of the drone. When asked how long they've been working on it, he simply answered: "for a while."
Honeywell executive Prabha Gopinath told Danger Room that the firm's unmanned vehicles are already safe and are potentially able to withstand spoofing attacks. Good thing, too: Honeywell's so called "beer-keg" drone has been used both by the military as well as the Miami-Dade Police Department. The machine relies on multiple sensors – not only GPS – to determine its coordinates, which allows the drone to determine if it's receiving a spoofing signal.
Another potential solution could be to adopt some kind of encryption or authentication system so that the drones' GPS receivers would only use trusted signals. That's basically the system the military uses for its drones, the so-called "Selective Availability Anti-Spoofing Module" (SAASM). Could that be used for civilian drones too? Potentially yes, says Steen Mogensen, senior engineer at AdaptiveFlight, "the problem with that is that there are only a few supplies of the military-style GPS receivers in the world" so the cost of producing a civilian drone equipped with a military-grade receiver would go up considerably.
The future might hold a civilian equivalent of the military SAASM, but "that requires upgrades on the entire GPS technology, and changes on the satellites and so forth," said Mogensen, who thinks that process would take a long time. "It would take some years, probably three to five years, just to get government support, the funding, and then the actual implementation of the technology."
Humphreys himself reminded that it took them four years to develop the necessary software and that you need very skilled people to do it. "It is not within the capability of the average person on the street, or even the average Anonymous hacker," he wrote in the statement (.pdf) he submitted to the subcommittee.
But spoofing isn't exactly impossible, either. Humphreys told Danger Room last week that he doesn't want to see drones "coming into the national airspace before we patch this problem."
Michael Toscano, President and CEO of the Association for Unmanned Vehicle Systems International (AUVSI), in a statement (.pdf) to the subcommittee, noted that spoofing is not as easy as some might think. "One must know the location of the target vehicle and be able to track it. If the target vehicle is not in close proximity to the spoofing device, this requires a detection system such as radar. Meanwhile, custom software is needed to make adjustments to the target vehicle’s course."
According to Toscano, the industry is aware of the problem and is working on it. "AUVSI member companies have been hard at work developing new technologies that would add extra layers of safety and security to unmanned aircraft." Since some of those companies didn't even see this coming, there's still a lot of work to do.
