The United States spends twice as much money on its air force alone as China does on its entire military. As expected for such an investment, it wields an unmatched fleet of bombers, transports, stealth fighters and many other types of aircraft, superior in both quality and quantity to any nation on Earth.

Within this context, the Wall Street Journal’s discovery that Iraqi Insurgents had managed to hack into U.S. drones comes as a particular shock. The U.S. air force employs remote controlled drones known as Unmanned Aerial Vehicles (UAVs) capable of sending video intelligence back to military command centres and destroying enemy targets with missiles.

Using nothing more than a portable satellite dish, modem and a $26 satellite internet program known as Skygrabber easily available over the internet, the insurgents were able to capture and view the drone’s visual transmissions; they could spy on what the drone, and hence the U.S. military, was seeing. This was possible because the transmissions sent out by these flying drones are unencrypted.

Encryption is essentially a form of digital encoding that prevents unauthorised access and is already used in many military and public service communication tools, such as police radios. Without this, a single enterprising insurgent with some cheap, easily available equipment and the right location would find it no harder to access the military drone’s video feed than the internet at your local Starbucks.

While the general public might only be starting to know about this now, the issue itself is not new. The system was designed in the 1990s and encryption was consciously not used as it was in its infant stages at the time. According to Declan McCullagh of CBS News, the video feed was hacked into on at least 2 documented occasions: in 2002 when a British engineer accidentally accessed footage of the Kosovo war and at an unknown time when Iraqi officials under Saddam’s regime were shown real-time footage of U.S. bases in Kuwait, Qatar and Turkey.

The U.S. military chose not to do anything about the problem because upgrading the system to allow for encryption would have been expensive. It should be noted however that this is coming from the same military that bought a fleet of B-2 stealth bombers worth $2 billion each and developed the costly F-22 air superiority fighter at a time when its existing jets made it easily unmatched in that role.

Military officials said that only the video aspect of the UAV was hacked into during this incident. Control of the drone was never disrupted nor were its weapons systems compromised.

Personal Comments:

This is one of those things I think people assumed was taken care of. Issues can sometimes seem so blatantly obvious that the thought is quickly put to rest under the assumption that surely nobody could be stupid enough to not have taken care of it with some tech that you already know of. Surely if you’re going to build a remote controlled military vehicle you would want to prevent the link between the vehicle and the controller from being hacked into right? Apparently not.

The reason for the lack of an upgrade till now seems to me to not be just about cost, but also politics. Encryption is hardly a flashy thing to invest in. Spending hundreds of millions of dollars to make an upgrade that would likely remain unheralded would hardly seem appealing when compared to all the other demands for funds in the American military. Of course, such political decisions can often backfire later on, this incident being just one of a long history of such cases.

However, the likelihood of this hacking vulnerability encompassing more than the video transmissions is very slim. While the video function requires the broadcast of a continuous stream of data from the drone, actually affecting its actions would require hackers to somehow disrupt or override the UAV’s existing link with the control centre. Very specific commands would need to be transmitted to the UAV to control it. Such equipment would be very expensive, almost impossible to procure and difficult for untrained users.

Advertisement