Details on how Iran may have used a GPS override spoof to capture US drone

[I'm applying the sysadmin privilage of making an exception to our usual no-military rule here, because the technical issues are sufficiently interesting].

Apply the usual skepticism about the claims, but there's something plausible in the following. As I understand it, the assertion is that Iran basically used radio jamming techniques to force the RQ-170 into RTL mode, then overrode the GPS signal with a fake one that made it think that "home" was an Iranian field. 

An excerpt from the Christian Science Monitor, a good article that discusses what may have caused the capture:

Iran guided the CIA's "lost" stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone's systems inside Iran.

Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian miltiary and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.

Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.

...

"GPS signals are weak and can be easily outpunched [overridden] by poorly controlled signals from television towers, devices such as laptops and MP3 players, or even mobile satellite services," Andrew Dempster, a professor from the University of New South Wales School of Surveying and Spatial Information Systems, told a March conference on GPS vulnerability in Australia.

"This is not only a significant hazard for military, industrial, and civilian transport and communication systems, but criminals have worked out how they can jam GPS," he says.

The US military has sought for years to fortify or find alternatives to the GPS system of satellites, which are used for both military and civilian purposes. In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.

“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” reads the Los Alamos report. “In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.”

Views: 12126


T3
Comment by Rory Paul on December 16, 2011 at 12:04pm

It may be one thing to overwhelm the GPS but cracking the multiple encrypted command links to the UAV and taking control of it is another. What they are basically saying is that the unit with in full auto and nobody back in Kandahar was monitoring it. Sounds slim to me. Very much more likely that it was a failure of some type in the propulsion system and it glided itself into hard landing.                                                 

Comment by Tassos Polichronopoulos on December 16, 2011 at 12:34pm

Makes sense, cut comms, drone goes into RTL mode, fake GPS signal to spoof landing site.

Comment by AKRCGUY on December 16, 2011 at 12:45pm

I keep thinking that's an ugly ass drone for being US made.

Comment by Chris Ball on December 16, 2011 at 12:47pm

There's a bigger question that hasn't been asked: if it's a STEALTH drone, how did Iran know it was there to jam and capture?


Moderator
Comment by Sgt Ric on December 16, 2011 at 12:58pm

@Rory, noone is saying they took control of the command links.  They jammed the link back to Kanahar and forced it into RTL mode failsafe.  Then they spoofed the GPS coordinates.

Also, one article mentions that they were unable to spoof the GPS height to exactly correspond to the one programmed into the UAV, so it was a rough landing that damaged the underbelly and wing.

Comment by Don Brooks on December 16, 2011 at 1:00pm

@Adam AKAV8R:

It's is pretty ugly. That's probably why it was so secret and stealthy, they didn't want anyone to see it! lol


Moderator
Comment by Sgt Ric on December 16, 2011 at 1:03pm

Iran's boasting last week was hard to believe and it did seem more likey a problem with the UAV, but these further details do sound logical.

The american military had published reports saying the low powered GPS signal was a vulnerability as far back as 10 years ago.


Developer
Comment by Jason Short on December 16, 2011 at 1:06pm

How did they crack the military encryption on the GPS?


Moderator
Comment by Sgt Ric on December 16, 2011 at 1:10pm

Did they have to?

Comment by Ellison Chan on December 16, 2011 at 1:28pm

Looks familiar, with duct tape covering the wing gaps, as well.

Comment

You need to be a member of DIY Drones to add comments!

Join DIY Drones

© 2019   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service