Moderator

(Getting Past) Coming Down with Something

3689427342?profile=originalIn what we can only hope are unrelated news stories, Wired Magazine is reporting a virus infestation of Reaper and Predator ground control systems, and sUAS News is reporting the crash of a Reaper UAV in a training accident on friday.

 

3689427289?profile=originalWhat This is Not About

As an information security professional, dealing with Malware is a topic I can speak about with some authority. Well-meaning techies will, no doubt, raise all the same talking points, "why are we running critical ground control systems on Windows?" "How did this virus get onto classified systems?" "If they were running OSX/Linux/OpenBSD, they would not have this problem!"

 

Let's address these general statements once so that we can talk about what is important here for commercial and hobbyist UAV operators. Yes, malware creators tend to target Windows more than other platforms, for a number of reasons, and yes, not running Windows for critical (if not all) computer tasks is a common strategy used by many information security professionals and amateurs alike to limit the impact of malware on their daily lives. However, malware is a fact of life in computing systems, and the stuff you know about, or detect on your computer with antivirus software, is childsplay compared the current generation of commercial and military grade goods.

 

Some Useless Talk

 

Typical malware discussions deal with personal identifying information theft, credential harvesting, and stealthed online banking wire transfer. They involve that other form of high-tech "drone", the millions of zombie PCs, controlled with a different form of CnC server than we use to cut our quadcopter plates. These are used to knock Websites and networks off line as part of political statements or as part of a poorly-reported, fifteen year history of extortion schemes committed by individuals and highly organized criminal enterprises alike.

 

I do not want to talk about any of that today. Keeping your financial data and health records private is not of any direct interest to the UAV community. Furthermore, this community is organized around a principle of sharing, with open source code and hardware, so there isn't really any value in deploying malware to "steal" our UAV technologies. Some of you develop and sell commercial products, but you can look out for your business interests like everyone else, by hiring someone like me to take care of it. 

 

What I would like to reflect upon here is the one area of the traditional security "CIA" model - that is "Confidentiality, Integrity, and Availability" - that most concerns the hobbyist UAV builder/operator, availability. 

 

Is this Cyber Stuff Really a Problem?

 

There is no information to suggest that the viruses and key loggers mentioned by Wired Magazine caused a crash of the UAVs in question. The crash on Friday of a Reaper in a training accident did not need to be helped by malware. UAVs crash just fine on their own, or with operator assistance. However, there is ample reason to be concerned. Consider the Telegraph report of the grounding of French Fighter Jets, the ultra-high tech Navy vessel crippled during early sea trials by a virus in the early part of the last decade, and, far more tragic, the 2008 crash of Spanair flight 5022, in which malware played a significant role, that killed 154 people. Make no mistake, this is not a Hollywood script, it is increasingly a very really, very serious business. Even if certain companies (I'm looking at you, Adobe) do not get it.

 

With thousands of dollars and thousands of hours invested in our UAVs, even if they are not putting lives on the line, we each have a vested interest in keeping our ground control systems fully functional.

 

No Malicious Intent 

 

In fact, malware need not even be involved. A month ago, I was using Mission Planner to assist with a backyard flight test when, without warning, Windows "discovered" a new device, and installed a mouse driver ... in place of my FTDI driver. Two hours and twelve attempts to reload the FTDI driver failed before I pulled out my secret weapon, a move I should have used from the start. But I am getting ahead of myself.

 

The Every Man

 

So what can an operator do? If patching, removing Adobe products from our computers, using an alternative browser, and running current antivirus is not enough (and it is not, but it is a good start) and if we use Windows because the excellent Mission Planner was written for Windows, how can anyone expect to be certain of a clean, functional ground control system without a professional hacker helping out? 

3689427143?profile=original

A Simple Answer

 

Virtualize. Using technologies like VMWare, Paralleles, and Virtual PC, you can keep a minimal operating system of your choice, Linux, Mac OSX, even Windows, to control the hardware on your laptop. If possible, avoid using it to surf the Web, manage your finances, or watch online videos in flash about Chinese UAV competitions. Maybe you prefer a Mac, but cannot live without Michael Obornes wonderful Mission Planner. Install Parallels and run Windows in a window. Load all the software you need, patch up, fight with the FTDI drives once, and then make a "snapshot". If your virtualized ground control system experiences a failure for any reason, a virus, spyware, or a driver conflict, you can "roll back" in 20-30 seconds to a known-good configuration. 

3689427404?profile=originalHere is a tip for advanced users: remap your Mission Planner "logs" directory to a shared directory with your host operating system; keep a copy of the latest MP, FTDI drivers, and perhaps your Arduino code directory in another shared directory.

 

From time to time, burn a DVD of the latest snapshot of your virtual ground station and keep it with your Parallels (VMware, Virtual PC, etc) install software. When you decide to upgrade your PC hardware, when your five year old son uses his milk to "wash" your keyboard, when that Adobe PDF file demonstrates the classic Odysseus stratagem, when your OS decides FTDI means "Forget This Driver Immediately," or when your beautiful Macbook Air fails to live up to its name after it is propelled off your table at 4 meters a second by a 170lb human dodging the angry blades of an unintentionally attacking quadcopter .. well, you'll be glad you did. 

 

Even if your computer is completely destroyed while you are visiting your uncle's family in North Dakota, 300 miles from the nearest Best Buy and 2 hours drive from the nearest Internet connection, you can keep on flying ... just borrow cousin Jimmy's MacBook, install Parallels (if he isn't already using it) and you'll be flying again in about ten minutes.

E-mail me when people leave their comments –

You need to be a member of diydrones to add comments!

Join diydrones

Comments

  • Moderator

    I'm using vmware on a macbook pro.  The current version 4 runs APM with no apparent speed difference than running natively on my windows laptop.  It's great!  I have a virtual machine pretty much dedicated to APM; I make a snapshot every upgrade, so if there's ever something that goes wrong I can back out the change with just a few mouse clicks.

     

    I also hit the problem where the xbee became a mouse.  Just opening the devices menu seemed to clear things up in this instance.

  • This is good advice, and works until a virus infects your hypervisor.

    In other words, just emphasizing that this discipline implies that you NEVER use the base OS for anything, and you never allow a USB device to mount a volume, etc.

  • Moderator

    Reports are trickling in that the Creech AFB key loggers detected by the Host Security System may actually be authorized security software employed by another group in DoD. I leave it for (each of) you to decide if the intent of the "malware" operator in any way reduces the validity of the risks posed in other cases or lessens the man-hour impact expended in this case before they realized, as of yet unconfirmed, that this "malware" might be authorized. 

  • I had a issue once using the Xbee windows com driver. The driver decided it was a trackball mouse causing the mouse cursor to jump like some viruses can do. Disabling the the trackball driver fixed it. Windows can hook a driver incorrectly.

  • well written mike

    i don't use Parallels i have never tried it but it sound interesting i will have to look it over. my solution is simper then that i have two computers one i am writing this on now and one that only is used for my hobby/ programming, it rarely gets to visit the interwebs.

  • Great post!

    I am a  GNU/Linux enthusiast and I use VirtualBox to run the APM Mission Planer. I currently use 1.0.54 because newer versions are too slow, they consume 99% of the CPU. It's a pity that  the APM Mission Planner uses closed source Windows libraries and it can't be ported to other OS.

  • VERY nice post :)

This reply was deleted.