Reports that Iranian electronic warfare experts may have succeeded in intercepting and capturing a sophisticated U.S. spy drone was received with some skepticism by security analysts.
While it is certainly possible that the drone was electronically ambushed as reported, more details are needed to know what exactly might have happened to the RQ-170 Sentinel drone, they said.
A story in the Christian Science Monitor this week reported that the recent U.S. spy drone captured by Iran may have been intercepted and tricked into landing in that country by Iranian electronic warfare experts.
The story quoted an unnamed Iranian engineer as saying that Iran was able to cut off the communications links to the Lockheed-Martin-made drone and reconfigure its GPS coordinates to trick it into landing in Iran.
The engineer was quoted as saying that Iranian engineers developed the attack by reverse engineering U.S. drones that had been previously captured or shot down, and by taking advantage of its weak GPS navigation system.
John Pescatore, an analyst with market research firmGartner, and a former analyst with the National Security Agency (NSA), said the supposed attack, while possible, was not plausible.
He noted that the Air Force in October had said that some of its drones had been hit with a virus . "If a virus could get in, then targeted malware surely could," Pescatore said.
However, to pull off the attack, the Iranians would have needed to have detailed knowledge of the drone's software, and it's doubtful they did, he said.
Two more likely scenarios are that the drone was simply lost, as a result of a command and control failure, or it's possible that some kind of jamming disrupted command and control, and that failsafe mechanisms that should have kicked in, did not, he said.
James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington said that it's possible the Iranians got help from the Russians. "They've recently said they're worried about electronic warfare," said Lewis, who led a team that prepared a set of national cybersecurity recommendations for President Obama in 2008.
According to Lewis, Russia has been focused on beating GPS security at least since the Bosnian War in the 1990s. "They monitor our telephone and computer networks and probably radio in the Air Force," he said. "So [they] could have heard DOD blabbing about any problems," related to its drone, he said. "[Russia] helped the Iranian nuke program, so why not electronic warfare?" he asked. Lewis said the U.S. is ahead in the GPS race with Russia.
China also cannot be ruled out as playing a role, although China appears to have fewer capabilities than the Russians in this arena, he said.
Ira Winkler, author of Spies Among Us, and a Computerworld columnist, said the Iranian drone incident is reminiscent of a previous incident in which attackers intercepted live video feeds from U.S. Predator drones operating in Afghanistan and Iraq.
In that case, the attacks were enabled via the use of a $26 off-the-shelf software product called SkyGrabber made by a Russian company.
In the most recent instance, it is likely that the drone's capture was not the result of a direct hacking of the drone.
"For example, if you know where a drone is, and you can beam a stronger GPS signal at the drone than it would get from a satellite, it would pick up the fake signal and think it is somewhere else," he said. "If signals aren't encrypted, the people with the strongest transmitter win."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is [email protected] .
Read more about security in Computerworld's Security Topic Center.