Image may be NSFW.
Clik here to view.
A research team at the University of Texas has successfully hijacked an unencrypted drone for the first time by overtaking its GPS signals with $1,000 worth of equipment and custom software.
The feat raises alarm about the new federal mandate that allows for up to 30,000 drones to patrol U.S. skies with little discretion by the end of the decade. Raising alarm is precisely what Texas assistant professor Todd Humphreys wanted his students to accomplish.
"We're raising the flag early on in this process so there is ample opportunity to improve the security of civilian drones from these attacks, as the government is committed to doing," Humphreys said in a press release.
Using a small but sophisticated unmanned aerial vehicle (UAV) along with a system running on more than three years of custom-built software, the research team repeatedly overtook navigational signals going to the GPS-guided vehicle.
The technique — known as "spoofing" — creates false GPS signals that trick the drone's GPS receiver to think that nothing is wrong as an outside hacker induces it to steer a new navigational course.
Iran claimed to spoof the advanced stealth drone that went down in Iran in December while the U.S. insisted that an American error caused the RQ-170 Sentinel to crash with sensitive data onboard while on a CIA fact-finding mission.
Humphreys told BBC that "it wouldn't be too hard for [a very skilled person] to work out how to un-encrypt military drones and spoof them, and that could be extremely dangerous because they could turn them on the wrong people."
The Department of Homeland Security (DHS) invited the team to attempt the feat in New Mexico this month. The demonstration definitively shows that it is possible to commandeer a drone via GPS spoofing.
And since spoofing fools GPS receivers' on both location and time, most GPS-reliant devices, infrastructure and markets are potentially vulnerable to attacks.
"I think this demonstration should certainly raise some eyebrows and serve as a wake-up call of sorts as to how safe our critical infrastructure is from spoofing attacks," said Milton R. Clary, a senior Department of Defense (DoD) Aviation Policy Analyst, in the press release.
Humphreys told Fox News that spoofing a GPS receiver on a drone "is just another way of hijacking a plane.”
During the spoofing demonstration in White Sands, New Mexico, the research team took control of a hovering drone from a little more than a half-mile away. Next year the team plans to perform a similar demonstration on a drone from a little more than 6 miles away.
Here is a video staged exhibition of the spoofing operation held at the Longhorns' football Stadium (via Fox News):
Please follow Military & Defense on Twitter and Facebook.