Using only $1000 worth of equipment, a group of researchers hijacked a small drone, highlighting the vulnerabilities of unencrypted GPS signals. Unmanned aerial vehicles have become a fact of modern warfare, and their presence is even making its way into everyday American life: Amateurs already have turned drones into a popular hobby, and law enforcement agencies want permission to deploy them as well. But while the powerful military drones used overseas use encrypted GPS signals, the ones in the United States rely on signals from open civilian GPS, which makes them vulnerable to GPS “spoofing.”
Todd Humphreys, head of the drone-hacking lab, has warned the government of the danger of spoofing, but most official efforts to reduce GPS interference have remained focused on jamming instead. So to emphasize their worries, Humphreys and his team put on a demonstration for representatives of the Federal Aviation Administration and the Department of Homeland Security.
His team bought a drone and $1000 worth of equipment to assemble a spoofer that easily hijacked the craft. To take control of the drone, the research group generated a fake GPS signal to match the real one (“spoofing”), and then used the fake signal to overwhelmed the real one, placing the drone under their control. The video above shows a similar experiment that took place on the UT-Austin campus. Before the government approves the presence of more drones—Humphreys predicts that there could be as many as 30,000 patrolling the skies by 2020—they might want to invest some resources in the authentication of civilian GPS signals, before hackers are tempted to turn civilian drones into weapons.