Drones are easy targets with dangerous vulnerabilities. (symbol image)
Source: dpa
“Drones are easy to manipulate”: This is how computer scientist Hartmut Pohl sums up the problem. This not only affects military drone applications, but also civilian ones. For example, overhead lines are monitored using drones.
If attackers hack into the drone’s control system and cause it to crash onto the power line, they cause a short circuit. A long-term power outage in a larger prayer can be the result.
Explanatory video about the models, tasks and weaknesses.07.12.2023 | 2:01 minutes
Eavesdropping on control commands
In the military sector, attackers redirect enemy drones with their bomb load so that they drop their explosives on the opposing side’s positions. It is often enough to intercept the communication data exchanged between the control center and the drone.
This means attackers can easily identify the control commands for the drone. These control commands are usually manufacturer-specific. Analyst Wilfried Kirsch from the security consultancy Softscheck in Sankt Augustin reports:
In one case, we simply recorded the entire communication between the control center and the drone and then played the recorded data back.
Wilfried Kirsch, analyst at security consultancy Softscheck
This meant that manufacturer-specific control commands could also be read out. “This was easy to see on a spectrogram: What causes the drone to fly to the left?” Kirsch describes the experimental setup and explains:
Then you just take that frequency and play it back, and then the drone flies to the left again.
Wilfried Kirsch, analyst at security consultancy Softscheck
Especially with very inexpensive drones, it is more common that communication is not encrypted at all. But even encrypted communication does not always provide effective protection against a digital attack.
“Encryption is often completely inadequate,” the computer science professor Pohl has discovered. Even with drones whose manufacturers advertise supposedly excellent encryption, his team only needed a few minutes to crack the encryption.
Shoot down drones with data
In another attack method, hackers penetrate directly into the drone’s control computer. Older and well-documented attacks are used for this purpose. The drone’s control computer is literally bombarded with a ridiculous amount of data.
At some point the RAM capitulates, overflows and reveals weak points that attackers can use to break into the control computer. If you have previously identified the manufacturer’s own control sequences, you can now take total control of the drone.
You can land or crash the drone. You can fly them to another location. But you can also simply drop your payload.
Ukraine has attacked another Russian ship with a maritime drone. Since Russia’s withdrawal from the grain agreement, attacks on both sides have increased.05.08.2023 | 1:42 minutes
Camera failure and manipulation by attackers possible
With control drones, attackers can switch off the camera and blind the drone or simply repeat previously saved recordings and provide the control center with a manipulated image of the monitored area.
“It works in a very similar way with satellites,” says Hartmut Pohl. In fact, satellite networks have often been disrupted during the Ukraine war. It has become known from intelligence circles that the Russian military intelligence service GRU has ready-made operational plans in its drawer to specifically switch off communication satellites if they are used to control Ukrainian attack or reconnaissance drones, for example. Because the Starlink satellite network does not yet adequately cover the Crimean area , no such shutdowns have occurred yet. However, individual communications satellites from other providers were switched off by GRU technicians for a few hours right at the beginning of the war in Ukraine in order to interrupt the Ukrainian army’s military communications channels.
“Hardening” the systems, as the experts say, is technically feasible. But it costs money. This is precisely why secure control systems for drones and satellites have repeatedly failed in the past.
You can find current reports on Russia’s attack on Ukraine at any time in our live blog:
Russia attacks Ukraine
:Current news about the war in Ukraine
Since February 2022, Russia has been waging a war of aggression against Ukraine. Kiev has launched a counteroffensive and fighting continues. News and background information in the ticker.
Live blog