"Shiite fighters in Iraq used off-the-shelf software programs ... available for as little as $25.95 on the Internet — to regularly capture drone video feeds, the Wall Street Journal reported Thursday. The hacking was possible because the remotely flown planes have an unprotected communications link."Even more incredulous is the admission that the system was not originally designed to encrypt transmissions:
"...in December 2008, the military apprehended a Shiite militant in Iraq whose laptop contained files of intercepted drone video feeds, the Journal reported. In July, they found pirated feeds on other militant laptops, leading some officials to conclude that groups trained and funded by Iran were regularly intercepting feeds and sharing them with multiple extremist groups."
"The military has known about the vulnerability for more than a decade, but assumed adversaries would not be able to exploit it."This is a classic, textbook example of inadequate security design and risk assessments - the root causes of most security issues in both the public and private sector.
What should be more alarming is, if this vulnerability has been there for more than a decade, who else (with better resources) had access to the feeds and what other vulnerabilities exist in other systems that are not being addressed?
Pentagon: Insurgents intercepted drone spy videos
No comments:
Post a Comment