[Scan-DC] Hacking drone video

David I. Emery die at dieconsulting.com
Fri Dec 18 00:00:18 EST 2009 

On Thu, Dec 17, 2009 at 11:32:33PM -0500, Charley Armstrong wrote:

> Not in this case, however.  The intercepted video was downlinked from
> the UAV to a ground terminal.  The technology is similar to what law
> enforcement helicopters can send to command posts, or what news
> helicopters send to their stations.  Except LE and some news
> organizations tend to encrypt there stuff.

	This is unclear from the published stories I have seen so
far.    

	Obviously the downlink from the drone to the ground station is a
very logical target - in the past these links used by news organizations
tended to be regular FM modulated video (like old analog satellite
video), but more and more news folks are switching (because of 2 GHz
spectrum reallocation and HD format newscasts) to an OFDM modulation
related to DVB-T... usually carrying a standard MPEG-2 transport stream
from a vanilla mux/encoder box.   A few stations may encrypt their
streams (probably to keep the competition from watching them) but the
great majority are open.

	Many drones probably used (and some may still use) vanilla FM
video, pretty much the standard format for RF linked NTSC video except
broadcast.

	Awfully easy to intercept that, however, and I imagine the
military has moved toward digital MPEG downlinks from drones that can be
readily encrypted with either military grade or just open commercial
ciphers like AES or triple DES.  Encryption chips (or encryption logic
inside other chips) is widely available now and AES is considered by
the open crypto community to be essentially unbreakable at the moment
unless there is a protocol or side channel attack possible.  Brute force
doesn't work as it now can with single DES, so if the key used is random
and secure there isn't much chance anyone unauthorized is watching.

	But the news accounts I have seen suggest that the bad guys were
intercepting US military satellite backhauls on commercial satellites in
IP TV format using a Russian program called Skygrabber to find the IP video
stream in a mux carrying the video.   Equipment to do this is widely available
for watching satellite TV and recording programs... and very cheap.

	Seems really surprising that THAT backhaul wasn't encrypted since
it is very easy to do so... 
	


> 
> CA
> Annapolis
> 
> On Dec 17, 2009, at 11:24 PM, David I. Emery wrote:
> 
> > On Thu, Dec 17, 2009 at 10:00:46PM -0500, Andrew Clegg wrote:
> >> I wonder if this involves a scanner, a discriminator tap, and some software?
> >> 
> >> http://www.cnn.com/2009/US/12/17/drone.video.hacked/index.html
> > 
> > 	Close, but no cigar.   
> > 
> > 	Signals are on satellites... not scanners.
> > 
> > 
> > 
> > -- 
> >  Dave Emery N1PRE/AE, die at dieconsulting.com  DIE Consulting, Weston, Mass 02493
> > "An empty zombie mind with a forlorn barely readable weatherbeaten
> > 'For Rent' sign still vainly flapping outside on the weed encrusted pole - in 
> > celebration of what could have been, but wasn't and is not to be now either."
> > 
> > ______________________________________________________________
> > Scan-DC mailing list
> > Home: http://mailman.qth.net/mailman/listinfo/scan-dc
> > Help: http://mailman.qth.net/mmfaq.htm
> > Post: mailto:Scan-DC at mailman.qth.net
> > 
> > This list hosted by: http://www.qsl.net
> > Please help support this email list: http://www.qsl.net/donate.html

-- 
  Dave Emery N1PRE/AE, die at dieconsulting.com  DIE Consulting, Weston, Mass 02493
"An empty zombie mind with a forlorn barely readable weatherbeaten
'For Rent' sign still vainly flapping outside on the weed encrusted pole - in 
celebration of what could have been, but wasn't and is not to be now either."

More information about the Scan-DC mailing list