Cyberwarfare expert Jeffrey Carr first looks at unencrypted mission control data feeds. Not only are the video feeds unencrypted (as mentioned in my previous post), but the MPEG data stream from satellite to drone is also unencrypted, meaning the control feeds and the meta data of the feeds may also be up for grabs. The Air Force has known about this vulnerability for ten years (!) and expects it to be corrected by 2014 (!).
Second, Carr notes that ground control stations may have public internet access built into their architecture, making them vulnerable to infection. Additionally, because of the connections between ground control stations and the “Global Information Grid,” infection at Creech could spread throughout the system, including printer servers and other shared devices and networks (including those of other countries).
Third, Carr notes that the Air Force went to Kaspersky, perhaps indicating that the virus is a variant of TDL-4, originally detected by Kaspersky, who called it the “most sophisticated threat today.” Yet not even Kaspersky has a fix for it. If TDL-4 is the culprit, the Air Force will have a terribly difficult time removing the virus (short of trashing the entire system) and cybercriminals would be able to steal information undetected by the system.
I will admit that the finer technical points of computer viruses are beyond my abilities, but Carr’s post makes the vulnerabilities sound far worse than I had previously considered. Perhaps in the rush to construct a system that can gather, process, and share tremendous amounts of data quickly, security was not the priority it should have been (this is pure speculation on my part). But I am shocked that the Air Force seems so slow to respond to what appear to be gaping vulnerabilities in some of their most state of the art systems. Those countries that wish to build or improve their drones might consider buying data stolen from the U.S. program. It would probably be easier than traditional espionage. Those countries should also take care to learn from our mistakes.
Although an Air Force official says there is no risk to the drones themselves “going stupid” and the planes were never in risk, I have to wonder what if someone is able to transition from monitoring the data streaming to the drone to corrupting or overriding the data stream? If a hacker can’t take over a drone, what if he could start introducing false data into the system? Or slightly adjusting the drones’ GPS systems so they fly off course?
What do you think of the latest news surrounding the drones’ vulnerabilities? What do you think about the Air Force’s reaction?