Thursday, December 17, 2009

SkyGrabber: the $26 software used by insurgents to hack into US drones

"SkyGrabber is offline satellite internet downloader," the page begins confidently, at once informing the native English speaker that the page wasn't written by one. In fact SkyGrabber is a Russian programme – the site is apparently run by Cherkashyn Vyacheslav in Nab Podeba, Ukraine.

SkyGrabber is a simple enough concept: grab the signals that spill from a satellite broadcast (or even narrowcast), aimed from a satellite towards a specific location, and turn them into TV feeds you can look at. Or as the website puts it: "You don't have to keep an online internet connection. Just customise your satellite dish to selected satellite provider and start grabbing."

The US drones would send their video up to a US military satellite (the "uplink") that cannot be intercepted. The signal would then be beamed by that satellite or a linked one down to the controllers – who might be in Afghanistan or Iraq. Because that signal was unencrypted, anyone who tuned their satellite dish to the correct frequency and location in the sky could pick up the signal, and decode it. And because any satellite downlink signal spreads a little, the area where it can be picked up is potentially huge.

The weakness has been known for a very long time. In February this year Adam Laurie, an "ethical hacker" who has spent a lot of time looking at satellite feed hacking, told the BlackHat conference that "anyone with a [satellite] dish can see data being broadcast" and that "things you would expect to be secure turn out not to be secure. The most worrying thing is you can just see all this data going by." He has been at it since the 1990s – and in 1997 could see French TV reporters beaming back closed circuit coverage of Princess Diana's death to the UK over unsecured feeds. guardian

No comments:

Post a Comment