This morning brought a front-page Wall St. Journal article that’s a bit of a jaw-dropper:
Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
The potential drone vulnerability lies in an unencrypted downlink between the unmanned craft and ground control. The U.S. government has known about the flaw since the U.S. campaign in Bosnia in the 1990s, current and former officials said. But the Pentagon assumed local adversaries wouldn’t know how to exploit it, the officials said.
After the Journal article, the Pentagon quickly let it be known that the problem has been fixed. But I’m stunned that it could have happened in the first place.
At one point, I had heard that video from Predator drones was transmitted as unencrypted analog NTSC video, with geo-spatial metadata encoded into the closed-captioning portion of the data stream following this specification — basically an industrial form of those annoyingly advertised X10 wireless cameras. But I had assumed that the Pentagon would have long since upgraded the system to digital video with some reasonable form of encryption. I guess someone needs to do a little reading on the pros and cons of security through obscurity.
Howdy Pierce is a managing partner of Cardinal Peak, with a technical background in multimedia systems, software engineering and operating systems.