Last week, a team University of Texas researchers, led by professor Todd Humphreys, managed to hack a surveillance drone before the eyes of the Department of Homeland Security, successfully “spoofing” the UAV’s GPS system with just about $1,000 is off-the-shelf hardware.
Last September, the Department of Homeland Security approached Humphreys, asking him to participate in research testing the vulnerabilities of the civilian GPS system. Humphrey used $70,000 in university funds to purchase the drone, constructed by Adaptive Flight. The University of Texas team constructed a “spoofing device,” which sent counterfeit GPS signals to the unmanned aerial vehicle, steering it off-course.
DHS officials were pleased with his results, says Humphreys, as they were a “fulfillment of their prophecies.”
He explains that while the hardware of the “spoofing” device is easily accessible, its “special sauce” is in the software, which was developed over a four-year period by his team “It’s outside the capability of any average American citizen,” said Humphreys.
However, he also notes that he wouldn’t be surprised to see similar results replicated by researchers in other countries.
Humphreys’ success has raised security concerns about the use of drones in U.S. airspace. Back in February, the FAA put regulatory framework for domestic drones into place. Since then, about 20 public entities, including police departments and universities, have been approved to use unmanned aerial vehicles in the United States, a number expected to rise in the coming years. The initial use of these drones will be criminal surveillance and academic research.
Humphreys, head of the University of Texas’s Radionavigation Lab in Austin, believes a hacked drone is “really just one example of things that can go wrong” as we become increasingly more reliant on GPS technology. He explains that while military UAVs run off of secure, tightly encrypted GPS systems, civilian equivalents—which will be used by non-military drones—are “completely open.” This applies to virtually all GPS-reliant technologies currently in use, from commercial aircraft, to your cell phone and even Google’s driveless cars.
However, says Humphreys, we’re years away from widespread problems caused by open GPS. Humphreys hopes his results will draw attention to this issue, opening the door to some potential fixes. “We are engineers at heart. When we see a problem, we want to fix it,” he said. “We’re not wringing our hands in despair that this is going to prevent us from having all the fun with drones we want to have.”
Speaking of fun with drones: Next up, Humphreys plans to use the University of Texas’ UAV to test spoofing at longer distances and GPS-jamming technology.
Correction, July 2, 2012: This blog post originally confused what professor Humphreys said about the hardware and software used to spoof the GPS system. The hardware is easily accessible, while the software is the "secret sauce."