[I'm applying the sysadmin privilage of making an exception to our usual no-military rule here, because the technical issues are sufficiently interesting].
Apply the usual skepticism about the claims, but there's something plausible in the following. As I understand it, the assertion is that Iran basically used radio jamming techniques to force the RQ-170 into RTL mode, then overrode the GPS signal with a fake one that made it think that "home" was an Iranian field.
An excerpt from the Christian Science Monitor, a good article that discusses what may have caused the capture:
Iran guided the CIA's "lost" stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone's systems inside Iran.
Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian miltiary and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.
Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.
...
"GPS signals are weak and can be easily outpunched [overridden] by poorly controlled signals from television towers, devices such as laptops and MP3 players, or even mobile satellite services," Andrew Dempster, a professor from the University of New South Wales School of Surveying and Spatial Information Systems, told a March conference on GPS vulnerability in Australia.
"This is not only a significant hazard for military, industrial, and civilian transport and communication systems, but criminals have worked out how they can jam GPS," he says.
The US military has sought for years to fortify or find alternatives to the GPS system of satellites, which are used for both military and civilian purposes. In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.
“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” reads the Los Alamos report. “In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.”
Comments
does that thing have a propeller or jets ?
This is a older plane. However I'm not sure of the jamming GPS signals. Front end reciever overloads, failsafes, etc.. Maybe they were lucky it glided to a near good landing?
anish: did you study crypto at a university?
the fiat shamir zkt is a common crypto technique - many systems have used it over the years
Oops, wrong video:
Well, if you can haul around secret military aircraft in the middle of Kansas, where else can you go? It's about as secure a place, as any.
They had a more interesting link in that video:
The UAV guys must be getting sloppy.. Something similar also fell in Cowley County, Kansas.
http://news.yahoo.com/blogs/sideshow/did-military-haul-ufo-kansas-1...
Here's a paper (.pdf-there's that Adobe Reader again!) on GPS spoofing:
http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf
Doesn't look like it's that easy to do. We'll probably never find out what really happened (I still suspect it came down on it's own and was found accidently), but if the Iranians did have the means to capture a drone by spoofing or other means why would they advertise it (and let the "enemy" know what they know). I'd just show off the drone and say "look what we've got" and let the US wonder how I got it.
@ellison looks like my crypto is getting all rusty. Your description of key management is way over my head inspite of having spend around 7 years as researcher in the area :(
Most of the cyber attacks that are successful, don't seem to be very ingenious. Seems to be more of social engineering, and people just not taking security very seriously. Some of it, is just bad programming. Most of the programming talent has been sucked up by the entertainment industry. The money and fame is in making games, not writing secure control system, that no one but a few privileged people will ever see.
Chris, now I see why all the software for the toys I get from China, have a bundled Adobe Reader with it. Word to the wise, for what it's worth, don't install the Adobe Reader that comes in those discs. Only download it from the official Adobe site. (As my Flash 11 plugin crashes for the 2nd time today on my computer.)
Anish, when encrypting realtime data streams, using large RSA keys is not an option, too time consuming. They generally use a Zero Knowledge lookup table containing encryption keys on both sides and each side switches keys periodically, by doing a lookup in the table. The lookup is done randomly, and index is communicated over the encrypted stream. So even if you are able to decode the key for one set of packets, the two sides are off into some random location in the ZKT already.