Details on how Iran may have used a GPS override spoof to capture US drone

[I'm applying the sysadmin privilage of making an exception to our usual no-military rule here, because the technical issues are sufficiently interesting].

Apply the usual skepticism about the claims, but there's something plausible in the following. As I understand it, the assertion is that Iran basically used radio jamming techniques to force the RQ-170 into RTL mode, then overrode the GPS signal with a fake one that made it think that "home" was an Iranian field. 

An excerpt from the Christian Science Monitor, a good article that discusses what may have caused the capture:

Iran guided the CIA's "lost" stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone's systems inside Iran.

Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian miltiary and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.

Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.

...

"GPS signals are weak and can be easily outpunched [overridden] by poorly controlled signals from television towers, devices such as laptops and MP3 players, or even mobile satellite services," Andrew Dempster, a professor from the University of New South Wales School of Surveying and Spatial Information Systems, told a March conference on GPS vulnerability in Australia.

"This is not only a significant hazard for military, industrial, and civilian transport and communication systems, but criminals have worked out how they can jam GPS," he says.

The US military has sought for years to fortify or find alternatives to the GPS system of satellites, which are used for both military and civilian purposes. In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.

“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” reads the Los Alamos report. “In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.”

Views: 10873

Comment by Ben Carson on December 17, 2011 at 4:40pm

Well, its flying days are over thats for sure - and its not like china doesnt know every dirty little technological secret the US has ever had, and to further illustrate my point - a week ago china declared its intentions (Or rather, lack of inhibitions to enter such an horrific scenario as no problem!) to enter world war 3 with Russia, N. Korea and Iran should Iran be attacked or treated unjustly. And  on top of htat you have america biting at the bit to go ahead and waste those bastards in tehran so yay for the military industrial complex and its necessity for war.

Comment by Ben Carson on December 17, 2011 at 4:45pm

Yeah to add - at sounded to me early on in this debacle that Iran was using Russian jamming tech to bring her down, or that there was russian tech and know how involved in this procedure. But not as worrying as what they found on board - aerosol distribution capabilities, and this two weeks after a lab in the US annonced that in five mutations of the H1N1 virus they have now created the most dangerous virus ever. (I support non military related posts on diy drones FYI)


Developer
Comment by John Arne Birkeland on December 18, 2011 at 8:06am

We all know that the UAV came down because of an malfunction. So the question is, did Iranians cause the malfunction to happen? If they did, electronically it could be as simple as the UAV for some reason not entering RTH mode when getting jammed (military engineering is by no means flawless just like civilian engineering). Or for all we know, they could have shot it down by conventional means.

Comment by andycross1 on December 18, 2011 at 2:46pm

Hi Chris

You make a good point but for most passenger and military aircraft today do not rely on just one GPS feed, they will take typically 3 feeds (a voting sytem) and one of them will be a Inertial Navigation System (aka Ring Laser Gyro RLG), the primary will be GPS but if any reason it fails of more likely there is a large discrepancy, one of the other two sources becomes the primary, so the jamming idea although feasible is unlikely. That's my take.


T3
Comment by William Premerlani on December 18, 2011 at 3:14pm

Hi Andy Cross,

Wow, I was just looking at the specs for a Ring Laser Gyro based Sperry Marine Inertial Navigation System. It has 1 nm accuracy in 8 hours, without GPS.

Best regards,

Bill

Comment by Andre S on December 19, 2011 at 4:28am

Hi all,

Interesting discussion. I just wanted to point out that the same issue has also been discussed on slashdot, although maybe on a slightly less technical level. One point raised there is that the track record for security in military drones has been rather weak (think unencrypted video that was possible to be received with cheapo receivers readily available) so "occam's razor" (that reference has been used here as some sort of magical sword :) points to some software or hardware "bug"/"feature".

Comment by Jack on December 19, 2011 at 5:39am

hi all,

i live in Iran and don't believe this scenario.

i think spoofing gps signals may forced plane to land on other area BUT this maybe works for my 1000$ plane. not for Lockheed Martin Billion Dollars Technologies.

Because i believe that Lockheed Engineers are not idiot .if this aircraft built by Elbit systems Idiot engineers maybe!

in iran is a funny rumour about this aircraft "Trojan's Horse " LOL!

however there is too many lost piece of this puzzle.

Kind regards


Moderator
Comment by Sgt Ric on December 19, 2011 at 7:17am
Hey, ya, a Trojan horse makes sense!

That Would explain why it looks more like a cartoon than any other american stealth platform.
Comment by Ellison Chan on December 19, 2011 at 10:24am

For those who think this is a fake, trojan horse, here's some video of them walking around the downed drone:

The drone may be non-operational due to anti-spoofing measures, but I'm sure China, and other enemies of the US will want to get their hands on some of the hull to analyse the anti-radar coating.  So much for US stealth technology.

Comment by Ellison Chan on December 19, 2011 at 10:54am

Kevin, if the guys mentioned in the article are Iranian spies, trolling the internet for secret gps jamming information, I doubt they would be using their real names.

Comment

You need to be a member of DIY Drones to add comments!

Join DIY Drones

© 2014   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service