Several U.S. Drones Openly Broadcast Secret Video Feeds
By Noah Shachtman and David Axe
Four years after discovering that militants were tapping into drone video feeds, the U.S. military still hasn’t secured the transmissions of more than half of its fleet of Predator and Reaper drones, Danger Room has learned. The majority of the aircraft still broadcast their classified video streams “in the clear” — without encryption. With a minimal amount of equipment and know-how, militants can see what America’s drones see.
Unmanned aerial vehicles, or UAVs, have become the single most important weapon in America’s far-flung pursuit of violent extremists. Hundreds of American Predators and Reapers fly above Libya, Yemen, Somalia, Pakistan, and Afghanistan — watching suspected enemies, and striking them when necessary. Nearly 3,000 people have been killed in the decade-long drone campaign.
Military officials have known about — and mostly shrugged off — the vulnerability since the development of the Predator in the 1990s. But the problem drew increased attention in 2008, when drone video footage was found on the laptops of Shi’ite militants in Iraq, who were able to intercept the feed using a piece of $26 software. The Pentagon and the defense industry assured the public that they’d close the hole by retrofitting the robotic aircraft with new communications protocols and encrypted transceivers that would keep the video from being intercepted again.
This isn’t the only vulnerability in the drone fleet. In March of 2011, an unknown software glitch caused a Predator stationed at a U.S. base in Africa to start its engine without human direction. Last October, as Danger Room first reported, Air Force technicians discovered a virus infecting the drones’ remote cockpits in Las Vegas. It took weeks of sustained effort to clean up the machines. The aircraft, which rely on GPS to guide them through the air, can run into problems if GPS signals are jammed in a particular area — something that can be done with cheap, commercially available hardware. Iranian officials claimed they hacked the GPS control signal of an advanced drone, though it’s impossible to verify that lofty claim.
Predators and the larger, better-armed Reapers transmit video and accept instructions in one of two ways. The first is via satellite, to remote pilots and sensor operators who are often on the other side of the planet; these satellite communications are encrypted, and are generally considered secure.
The second is through a radio frequency signal called the Common Data Link, which is used to share the drone’s video feed with troops on the ground. The CDL’s carrier signal — its specific pattern of frequencies, in a given order and for a given length of time — tells both transmitter and receiver on how to function. The problem is that the Predators’ version of the CDL carrier signal (also known as a “waveform”) didn’t include an order to encrypt the signal. So neither the transmitter on the drone nor the receivers that troops used on the ground employed encryption, either.
There were reasons for this. The original Predator, just 27 feet long, was little more than a scaled-up model plane with an 85-horsepower engine. It had a payload of just half a ton for all its fuel, cameras and radios. And encryption systems can be heavy. (Big crypto boxes are a major reason the Army’s futuristic universal radio ended up being too bulky for combat, for example.) With the early Predator models, the Air Force made the conscious decision to leave off the crypto.
The flying branch was well aware of the risk. “Depending on the theater of operation and hostile electronic combat systems present, the threat to the UAVs could range from negligible with only a potential of signal intercept for detection purpose, to an active jamming effort made against an operating, unencrypted UAV,” the Air Force reported in 1996. ”The link characteristics of the baseline Predator system could be vulnerable to corruption of down links data or hostile data insertions.”
The Predator models steadily grew in power and payload, and took a big leap in dimensions and capability with the 36-foot-long Reaper version introduced in 2007. The Reaper has a 950-horsepower engine and a nearly 4,000-pound payload — more than enough capacity for crypto-enabled systems which, like all electronics, had shrunk in size and weight.
It’s possible that none of the militants America is trying today are as sophisticated as the ones who intercepted that drone video in 2008. It’s possible that the value of such footage-from-above is so fleeting that extremists have never again bothered to grab it. But it’s worth noting that Predator and Reaper video is considered by the U.S. military to be classified information. And when U.S. commanders on the ground get into a firefight, the first call they usually make is for a drone, so they can take a look at the battlefield through the eyes of a drone.