– Most U.S. Drones Openly Broadcast Secret Video Feeds (Wired, Oct 29, 2012):
Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn’t secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams “in the clear” — without encryption. With a minimal amount of equipment and know-how, militants can see what America’s drones see.
Unmanned aerial vehicles, or UAVs, have become the single most important weapon in America’s far-flung pursuit of violent extremists. Hundreds of American Predators and Reapers fly above Libya, Yemen, Somalia, Pakistan, and Afghanistan — watching suspected enemies, and striking them when necessary. Nearly 3,000 people have been killed in the decade-long drone campaign.
“If somebody could obtain reliable access to real-time Predator or Reaper video — without attribution or alerting U.S. military — that would a tremendous intel coup,” says Micah Zenko, a fellow at the Council on Foreign Relations. “There is an insatiable demand from Predator and Reaper imagery in Afghanistan and elsewhere. Any reluctance to use those for spying or missile strikes places operations in Afghanistan, Pakistan, Yemen, and Somalia at some risk.”
Military officials have known about — and mostly shrugged off — the vulnerability since the development of the Predator in the 1990s. But the problem drew increased attention in 2008, when drone video footage was found on the laptops of Shi’ite militants in Iraq, who were able to intercept the feed using a piece of $26 software. The Pentagon and the defense industry assured the public that they’d close the hole by retrofitting the robotic aircraft with new communications protocols and encrypted transceivers that would keep the video from being intercepted again.
Four years into the effort, however, only “30 to 50 percent” of America’s Predators and Reapers are using fully encrypted transmissions, a source familiar with the retrofitting effort tells Danger Room. The total fleet won’t see its communications secured until 2014. This source and others who work closely with drone operations say that drones flying overseas are among the first to get the newly secured equipment. They also noted that they are unaware of any incidents of militants using America’s unmanned eyes in the sky to their advantage. “But I’m surprised I haven’t,” the source adds. “And that doesn’t mean it’s not happening.”
This isn’t the only vulnerability in the drone fleet. In March of 2011, an unknown software glitch caused a Predator stationed at a U.S. base in Africa to start its engine without human direction. Last October, as Danger Room first reported, Air Force technicians discovered a virus infecting the drones’ remote cockpits in Las Vegas. It took weeks of sustained effort to clean up the machines. The aircraft, which rely on GPS to guide them through the air, can run into problems if GPS signals are jammed in a particular area — something that can be done with cheap, commercially available hardware. Iranian officials claimed they hacked the GPS control signal of an advanced drone, though it’s impossible to verify that lofty claim.
No one who works with UAVs is questioning the fundamental integrity of the drone fleet at the moment; it would take an incredibly sophisticated hacker to commandeer a Predator, for example. Nor is anyone pretending that this premiere tool of the U.S.global counterterror campaign is flawless.
Predators and the larger, better-armed Reapers transmit video and accept instructions in one of two ways. The first is via satellite, to remote pilots and sensor operators who are often on the other side of the planet; these satellite communications are encrypted, and are generally considered secure.
The second is through a radio frequency signal called the Common Data Link, which is used to share the drone’s video feed with troops on the ground. The CDL’s carrier signal — its specific pattern of frequencies, in a given order and for a given length of time — tells both transmitter and receiver on how to function. The problem is that the Predators’ version of the CDL carrier signal (also known as a “waveform”) didn’t include an order to encrypt the signal. So neither the transmitter on the drone nor the receivers that troops used on the ground employed encryption, either.
There were reasons for this. The original Predator, just 27 feet long, was little more than a scaled-up model plane with an 85-horsepower engine. It had a payload of just half a ton for all its fuel, cameras and radios. And encryption systems can be heavy. (Big crypto boxes are a major reason the Army’s futuristic universal radio ended up being too bulky for combat, for example.) With the early Predator models, the Air Force made the conscious decision to leave off the crypto.
The flying branch was well aware of the risk. “Depending on the theater of operation and hostile electronic combat systems present, the threat to the UAVs could range from negligible with only a potential of signal intercept for detection purpose, to an active jamming effort made against an operating, unencrypted UAV,” the Air Force reported in 1996. ”The link characteristics of the baseline Predator system could be vulnerable to corruption of down links data or hostile data insertions.”
The Predator models steadily grew in power and payload, and took a big leap in dimensions and capability with the 36-foot-long Reaper version introduced in 2007. The Reaper has a 950-horsepower engine and a nearly 4,000-pound payload — more than enough capacity for crypto-enabled systems which, like all electronics, had shrunk in size and weight.
The problem was that, by then, the military had rushed to the battlefield hundreds of Remotely Operated Video Enhanced Receivers, or Rovers – rugged, laptop-sized receivers with screens for watching drone footage. And those early version of the Rovers were developed and distributed so fast, the military once again left the crypto off. “It could be both intercepted (e.g., hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program.
Which mean the Pentagon was stuck, for a time. The military couldn’t replace the old CDL waveform with something encryptable until the Rovers — and the radio transmitters aboard the Predators — could handle such a signal.
Eventually, the Rovers began to be swapped out for newer models. The latest version, the “Tactical Rover,” (.pdf) is about the size of an old-school mobile phone. It can use both the Advanced Encryption Standard an the triple-Data Encryption Standard to secure video feeds. There are now about a thousand of the units in the military’s hands.
And now, the Predators and Reapers are starting to get enhanced radios, too. “The fleet-wide upgrade begins later this year and carries on for several years,” says Maj. Mary Danner-Jones, an Air Force spokesperson. The service is spending $12 million on crypto-enabled Vortex transceivers (.pdf).
That’s allowing a new, hardened waveform to be introduced throughout the Predator and Reaper fleet. The Air Force recently gave Predator-maker General Atomics Aeronautical Systems a $26 million contract to retrofit its drone cockpits to accept the carrier signal, among other enhancements.
The question is why hasn’t this happened sooner. After all, the Navy installed multiple layers of encryption in their ’bots some time ago. Navy spokesman Jamie Cosgrove tells Danger Room that “the vast majority” of naval drones are encrypted – “and have been since development.”
One source who works on developing Navy UAVs, but is not authorized the speak on the record, explains why: ”Standard unencrypted video is basically a broadcast to whoever can figure out the right carrier frequency, so essentially, we are simulcasting to battlefield commanders and the opposing force. If that opposing force knows we can see them and from where, they can take better evasive maneuvers.”
It’s possible that none of the militants America is trying today are as sophisticated as the ones who intercepted that drone video in 2008. It’s possible that the value of such footage-from-above is so fleeting that extremists have never again bothered to grab it. But it’s worth noting that Predator and Reaper video is considered by the U.S. military to be classified information. And when U.S. commanders on the ground get into a firefight, the first call they usually make is for a drone, so they can take a look at the battlefield through the eyes of a drone.