Lockheed Martin drone
Military drones are at risk of being hacked as how-tos are freely available on the internet, leading security experts have told the USLockheed Martin

Israeli security experts have alerted the US military that research on how to hack military drones, is now freely available to download from the internet.

In 2011, a CIA stealth drone - or unmanned aerial vehicle (UAV) - was captured by Iranians, who hijacked its GPS coordinates and safely brought it down so that they could learn to reverse-engineer the technology for themselves.

Coincidentally, this happened just one month after a paper entitled On The Requirements For Successful GPS Spoofing Attacks was published by Nils Ole Tippenhauer and other academics from ETH Zurich and the University of California.

"It's a PDF file... essentially, a blueprint for hackers," Esti Peshin, director of cyber programs for defence contractor Israel Aerospace Industries, told the Defensive Cyberspace Operations and Intelligence conference in Washington DC on 4 May, according to Defense One.

"You can Google, just look up 'Tippenhauer' – it's the first result in Google. Look up 'UAV cyberattacks' – it's the third one. 'UAV GPS spoofing attacks' – the first one."

A how-to on drone hacking

The paper describes the ways that an attacker can bring down a military drone, including where the hacker needs to be located in order to generate fake GPS signals in order to fool the drone's GPS receivers, as well as how to replace legitimate signals with fake ones so that the drone ends up "losing the ability to calculate its position".

Peshin admits that the researchers probably didn't mean any harm, but she stressed that they hadn't given defence technology vendors enough time to patch the exploits: "The fact is that we are slower than the bad guys and the bad guys could take this article and render it into a form of an attack. One of the things that keeps me up at night is cybersecurity for operational networks, military systems, weapons systems."

Of course, that study was almost four years ago, but Peshin says that Nato is also revealing sensitive data for the world to see, in a risk assessment of UAVs from 2013 by Otto-von-Guericke-University in Germany.

"At the end of the article, as if this was not enough, they listed several UAVs and said these are riskier than others by the way," she said, highlighting the fact that Nato was kind enough to list specific drone models that were vulnerable, such as the MQ-9 Reaper and the Lockheed Martin RQ-170 Sentinel (the CIA one hijacked by the Iranians).

Creating a whole new programming language

The US Defense Department is developing a whole new programming language that is supposedly "unhackable", which will be released on the existing Boeing Little Bird H-6U drone at the end of 2017.

"The intent is to conduct an experiment to prove that these new coding techniques can create secure code at full scale," said John Launchbury, who leads the program for the Defense Advanced Research Projects Agency (DARPA).

"Cyberattacks on your PC – they can steal information and they can steal money, but they don't cause physical damage, whereas cyberattacks in a UAV or a car can cause physical damage and we really don't want to open that can of worms," said Kathleen Fisher, the previous program manager of the DARPA project.

Consumer threat

Typically military UAVs are programmed in either C or C++ – both programming languages which are known to have vulnerabilities.

As for the possibility of consumer and commercial drones being hacked in mid-flight, people who own Phantoms and Inspires need not be too concerned as DJI, the largest consumer UAV manufacturer in the world, only supports the Android Studio SDK, which uses Java to programme apps rather than C++.

However, 3D Robotics, a popular US-based drone firm, has an open source development platform which does include C++ as one of the languages.

"We've developed a new programming language that is provably free from those vulnerabilities," said Lee Pike, research lead for cyber-physical systems with security R&D firm Galois.

"The approach is to transition the programming language we've developed, called Ivory, to Boeing so that they can rewrite their systems."

So far 70% of the Boeing Little Bird's software – equivalent to 100,000 lines of code – has been replaced by Boeing, which plans to test the drone out and try to hack it in mid-flight in summer 2015.