Wednesday, December 30, 2009

countermeasures for command & control

~irl blue skies sec post~

been sittin on this for a bit, and the recent predator security issue is a great place to start.

[recap]
a year ago militant gear was discovered with predator video feeds. aquire satellite dish, point up, download software, and *poof* record yourself some killcam videos... kinda like snoopin on webcams... ;)

turns out the vuln was known for about a decade. (incidentally, in bosnia in 1998 seals reportedly used a remote controlled plane with recon gear to hunt their quarry. this is the earliest squad level military uav activity afaik, and the dates lines up pretty nice... can you imagine what toys those guys use today?)

oh, and the vuln exists in tons of military devices, including many items which have been mass produced and widely deployed... whoops...


[erm, wot?]

well, lots of "similar" civilian devices have similar utter failure in the network security realm (voip phones or printers anyone?)... some people feel that fixing vulns like this is paranoid, and they aren't likely to be exploited. well i guess someone trying to blow you up is pretty damn motivating...


[lesson learned?]

rapid prototyping software without a clean upgrade path for fixing these potentials issues is a recipe for failure. also, desperation drives innovation (evolution in action in this case). and fix it in the field can bite you in the ass...


[back to the point]

there are lots more remote controlled and automated devices nowadays... some are pretty wicked in kinetic situations, and others are more passive... some are pretty small, or tiny, some are big, and some have guns. some can jump... some are being used in civilian areas as well (some people protest in humorous ways). some just keep on going.

oh, and militants use them too...

yea, researchers are growing remote controlled bugs... and they mimic bugs and nature too...

so clearly there's a lot of activity and nifty/scary tech in the space...


[attack surface update]

pulling the operator physically out of the loop means that network comms are somewhat more critical and vulnerable than before.


.:location:.
jamming a gps bomb doesn't make tons of sense because the military and spooks have plenty of options in that space. but do smaller and widely deployed surveillance devices and attack platforms using gps utilize anti-jam gps technology?


.:communication:.
how many smaller drones are vulnerable to standard RF interference and jamming? small powerful jamming devices might be able to create a small null zone where remote operated devices are unable to maintain comms with their operators.


.:sight:.
drones generally rely on digital cameras, which begs the question if they can be dazzled and disabled by lasers or strong infrared light sources, a la michael westen

also, thermal cameras seem very common, so i wonder if there are any effective thermal countermeasures? that seems difficult, but who knows...


.:detection:.
can the c&c comm traffic be detected in general? is it possible to cheaply monitor likely radio bands for encrypted (or not) network traffic to alert on a suspected drone presence? or is background RF too much here? if you can detect the c&c traffic, can you get directional information similar to passive radar?

and can the cameras used by visual surveillance platforms be detected (trivially?) like sniper rifle lenses?


.:destruction:.
at least one drone killed itself when a transmission triggered an auto-shutdown procedure, which sounds like there was no authentication on that particularly vital command option... (different than the reported russian take on self-destruct mechanisms...)

and can effective small (and safe) EMP generators be used to knock out nearby drone and surveillance devices? no idea on ranging, or directional vs bubble... no idea if a pulsing emp could be used to maintain a safety zone (and would it be practical considering you'd be frying any nearby electronics of your own, right?)


[anywho]

ultimately, it seems likely that smaller drones will have cost and power-utilization pressures which increase their vulnerability to attacks on their comms...

kinda rambled a bit, but hope you enjoyed it...