Schneier on Security
A blog covering security and security technology.
« FireDogLake Book Salon for Liars and Outliers |
| WEIS 2012 »
June 29, 2012
Friday Squid Blogging: Another Giant Squid Found
A dead 13-foot-long giant squid has been found off the coast of New South Wales.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on June 29, 2012 at 4:14 PM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Silent Circle for iOS and Android encrypts your communications, gives you the keys"
"Silent Circle is a $20 monthly subscription service launching later this year that will decrypt and encrypt email, voice, text, and VOIP transmissions to and from your device."
Id have a hard time trusting their offering because i took the time to watch the vid on their site. Big claims, SEALs for false assurance and the subscription model make me want to look elsewhere. There are already good mobile security & crypto solutions. Id like to see an independent assessment by black hat stylemethods.
The PopSci article (and many other copies of this report) contains a serious error. The drone that UTexas spoofed was not a US Government one. It was a commercial drone that was owned by the researchers who spoofed it.
Very interesting work, but it only demonstrates that the well-known vulnerability of unencrypted GPS signals is exploitable even when the receiver is high above the spoofer. It says nothing about the vulnerability of the encrypted GPS signals used by military drones.
What is not yet clear, is if the drone had any protections against spoofing. For example, it has been proposed that airborne receivers could reduce their vulnerability by using directional antennae that do not receive signals from below. However the legitimate GPS signal is extremely weak, so it is easy for the spoofer to be millions of times more powerful. Against such an advantage, it is not clear if a lightweight airborne directional antenna can be good enough.
It would be interesting to know if that was the case here, but I haven't yet found any description of the GPS receiver that was spoofed.
Interesting excerpt from Kip Hawley's recently published memoir on his time at the TSA: http://www.scientificamerican.com/article.cfm?...
Apart from the "i'm fighting terrorists everyday" tone, I found the politics and behind-the-scenes struggles for an appropriate response quite interesting. It adds an extra dimension to security theatre.
Thanks for clearing that up. I had assumed that it was some sort of military or police drone, since DHS was mentioned.
It's still a concern of mine however.
It's desperately vague, but this is the second time I've seen a claim that the UK govt is going to intercept access to gmail over SSL. So either they've got a fake cert to MITM with (which can be detected), or they're claiming an SSL break ...
When somebody is talking or writing about eavesdropping a mobile phone, there always seem to be either a mention of govermental action or something about terrorists, professional criminals or foreign cyber attacks. Is it really so hard to imagine what private social networks, which consists of experts from various fields of professions among "common citizen", who'd be used "at the street level", could achieve? Exploit markets are already there and well-connected individuals could get their hands on some really cool experimental technology (like see-through-walls -devices). Or maybe their Facebook-friends are currently developing something extraordinary and they decide to test it somehow, before anything is published about it.
Reasons could include "street patrolling", pure fun, psychological research (in stealth mode), etc.
Or maybe some inviduals (lots of them like hundreds of them) just want to promote themselves to a position, where they are able to control choosen individuals (in limited ways) by monitoring, capturing and modifying the data that is transfered in telecommunication networks between devices. That would require participation of more than few people, possibly starting from the office, where some device was designed.
It might be hard to imagine it, but think about how it could be possible that a webstore sends an Android-based device (a tablet) that looks like a real thing, but actually it contains custom hardware/software components that allow it to be remote controlled (when online) by anyone, who knows about the possibility.
Few links related to vulnerabilities in supply chains:
Or maybe a tablet-type device "got rooted" somehow (via memory leak, perhaps)?
Personally I would also be very interested if and how a mobile device's screen could be seen remotely without a permission? Are there any sophisticated techniques that would allow such? Possible related to electromagnetic emissions like in this one: http://www.securityweek.com/...
On my website there is a subdomain that contains finnish texts and links related to information security. There has never been anything unlegal (or even naughty), but if you were to try to reach my website from computers of certain schools here in Finland, you would only see a message saying that "it has been detected that this website is not suitable for blaa blaa, so your request to visit it has been denied, yours some blaa blaa".
@ Rae Leggett,
It's still a concern of mine however
So it should be, because most drones will be of the "micro format" (to reduce liability) and probably won't have the payload capacity to mittigate GPS spoofing.
Texas University have their own "puff piece" on the experiment at White Sands (following a test at the Uni's stadium). Sadly it's lacking any kind of technical details (other than drone was hovering 1Km away).
I've a fairly good idea of how it can be done the trick is getting the timing just right when you synthesis the signals and send them to your TX antenna.
I've demonstrated how to do spoofing of GPS before (quite some time ago) using bits of old equipment I basically relayed a signal from another GPS antenna some significant distance away and made the target GPS system think it was at the relay point not it's own actual antenna point.
The advantage of the way I did it was it would also have spoofed a military GPS as well as a civilian GPS.
Now there are 100lb (155mm) Howitzer shells with GPS guidence built in, there might well be an interested market in GPS relays such that you could transmit a GPS signal at the site you wish too protect that is the equivalent of a bit of scrubland etc from half a KM etc away. As the shell aproaches the GPS system might well cause the shell to flip out.
However the solution to any form of GPS spoofing/jamming is to "sanity check" it. You can do this to a certain extent with a reasonable inertial navigation system and a high quality very low drift clock. However more refined and carefully implemented spoofing might well defeat long range long duration flight drones with "sanity checking" as there will always be a "window of opportunity" all be it very small.
I found this slashdot story about a update to move the configuration of cisco consumer-grade routers to the cloud interesting. I would have expected more discussion about it.
@ clive robinson
in re spoofing gps, a drone with a camera need not depend upon gps eh? think about what you could do with an 8oz payload guided from a block or so away.
So, the Texan students hijacked a drone that they own that wasn't using encrypted GPS.
And SOMEHOW, PopSci thinks that government drones don't use encrypted GPS!
Typical half-informed reporting.
... a drone with a camera need not depend upon gps eh?
Then it would not realy be an Unmaned Aerial Vehicle (UAV aka drone) any more but a Remotly Cotroled/Piloted Aircraft.
One of the major ideas behind these UAVs/drones is to take the human out of the equation for a couple of reasons,
1, Pilots are extreamly expensive to train as are observers.
2, Having Pilots or Observers falling into enemy hands is hugely expensive in bad publicity.
Having a drone that can take off by it's self fly a pre-planned observation mission and land by it's self whilst avoiding the enemy is thus highly desirable. So in effect removes the Pilot liability.
Then one of the problems with Observers is that they are excess weight for most of the mission and thus very expensive to accommodate. In most cases their use is to identify objects of interest for further attention. Well think how much more useful an observer could be if they were able to be in the plane only for the part they are needed and could thus fly the equivalent of four or five drone missions for each conventional aircraft mission.
So the ideal drone would be virtually fully autonomous in flight and would take "observer direction" when on target where the observer is safely away from the stress of battle and thus able to press home a mission long after most humans would have retreated to safety. But importantly by taking the humans out of the plane it becomes smaller lighter cheaper and thus you can have ten times the number at a quater of the price...
Have a look at,
To see where "Top Gun" is heading...
It's desperately vague, but this is the second time I've seen a claim that the UK govt is going to intercept access to gmail over SSL
Go and read RIPA, the UK can force the keys out. of Google in the wink of an eye and the way various other bits of UK legislation are written the only reason for not storing the content is to avoid having to institute a process with judicial oversight.
However there is a problem that makes a nonsense of the whole faux behaviour of seperating "message content" from "communications data". How do you decide what is what without seeing it all?
That is what if I use Gmail to send a message to another service that acts as a re-mailer?
That is the "communication data" for the purpose of remailing is in fact part of the "message content" to the remailer....
And what if I sent you the following Email,
We've a meeting on Friday please find attached the agender and other related information.
P.S. can you forward the files to Fred
Arguably the PS is "communications data" as well as being "message content".
Now ask yourself what the state of play is if I said "find attached the draft files" and in the PS put "when you've amended the files can you forward to Fred?"...
Arguably I've changed what might be a forwarding instruction to a question thus it ceases to be "communications data" and is most definatly "message content".
Now what if I sent you an email where I said in the PS, "Can you forward to those listed in last months minutes file?"
At what point can you stop looking at the "message content" to finaly decide it's not "communications data"?
The simple answer is only when you've looked at the entire message in retrospect to other events or those yet to happen.
So basicaly you need the entire message in perpetuity, thus the argument about "only keeping communications data" is compleatly and uterly false that black box is going to keep it all and only "spit back" enough info to the ISP to act as a Database style "Primary key" for evidentiary reasons.
@ clive robinson
not really a UAV...ok, technically I concede, but the question remains: think about what you could do with an 8oz payload. quite a bit for the quite small investment it would take.
I understand the benefits of not having a human pilot in the cockpit and so forth, but the fancier you make it the more expensive it becomes. the AI guys have been talking big for 40 years or so, but thankfully real artificial intelligence hasn't happened; that could be a singularity and one that some very smart people don't think would be very pleasant (e.g. bill joy).
the questions raised by software-based (e.g. autonomous robots of any kind) and pure software (e.g. stuxnet) weapons are difficult even without the AI angle. if we don't pursue them someone else will, but if we do there is the risk that, like stuxnet, the thing will escape into the wild, maybe with much worse consequences next time.
Anonymous Publishing Is Dead
"I know it is dead, because I have tried to do it, and I can assure you it is dead.
Text is easy of course I can still blast a simple email out to a mailing list, I can lay my claims out in 7bit ASCII and let the world judge the merits solely on this simple medium. But media publishing a story with supporting images, scans, video or audio, it is dead, left only to the elites. And perhaps worst of all is the promise made by all of you that if you just ... try a little harder, if you just use this service over here, if you just think about it another way that it is still possible. It is not."
@ clive robinson
discussing scrypt last friday you said "Firstly The idea of sending passwords over the wire from the client and storing them in some verifiable form on the server is outdated." granted, but a tremendous lot of e-commerce uses exactly that as part of the transaction. how good a method is does not really control whether it is used...as long as the vendors aren't held liable for breaches (or even required to reveal them) I doubt they have incentive to try very hard.
and what about a case of mass password database theft? it seems to me in that case how difficult it is to derive the plaintext password from the data would matter a lot. being limited to testing one hash every 5 seconds is very, very different from being able to test millions of hashes per second; that would limit you to around 6 million trials per thread per year and you are stuck with that if the algorithm doesn't parallelize. with a large salt you really would not be able to do meaningful precomputing since changing 1 bit of the salt would render the computation useless. of course if you are talking about a specific account that's different, a gun to the head can be very persuasive (but even at that you can't give up what you can't remember; I don't carry mine when traveling, and "$E@G308222Ze2&9/hYA5Zm,q" is pretty hard to recall).
Cisco Pushing 'Cloud Connect' Router Firmware, Allows Web History Tracking
"Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."
"Linksys just pushed and installed (without my permission) a cloud service to my Linksys router. Goodbye internet security"
"the fine print even has them harvesting your internet history. I think I'm in the clear with my 3200 not being supported, but Cisco can forget about me ever buying another one of their products."
"When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ("Other Information"). We use this Other Information to help us quickly and efficiently respond to inquiries and requests, and to enhance or administer our overall Service for our customers. We may also use this Other Information for traffic analysis (for example, determining when the most customers are using the Service) and to determine which features within the Service are most or least effective or useful to you. In addition, we may periodically transmit system information to our servers in order to optimize your overall experience with the Service. We may share aggregated and anonymous user experience information with service providers, contractors or other third parties to assist us with improving the Service and user experience, but any shared information will be consistent with Cisco's overall Privacy Statement and will not identify you personally in any way."
"Note that in the picture, the 192.168.1.1 unroutable (internal) network address used for accessing the admin panel for my router won't let me log in without signing up for a Cisco Connect Cloud account. I just finished talking to tech support, who confirmed there is no way around this.
The terms of service for a Connect Cloud account grant Cisco full rights to all of your network traffic, and the rights to pass that traffic to anyone.
The new EA3500 and EA4500 models are known to be affected by this, and will automatically install this update as soon as they go online.
Service Desk chat snippet:
from ProjectKS to All Participants:Is there seriously no way I can log in manually like I did two hours ago?
from ProjectKS to All Participants:I mean without having to have a freaking technician do it?
from Ma. Liza R. (29794) to All Participants:No, any technician will not be able to revert back the old firmware, that's why we are processing a call back, and someone from case management will do it for you.
from ProjectKS to All Participants:How can they even do it for me? It's a private network. Cisco shouldn't even be able to access my device
from Ma. Liza R. (29794) to All Participants: I don't know how they will do it, but they will do it from their end.
from Ma. Liza R. (29794) to All Participants:Any questions for now?"
"It took me about 5 seconds to get around this. Unplug it from the internet, then it lets you in without having to create an account. I'm not happy about this, but it is possible to get around it."
"Linksys has been garbage for a while now. But if this is pushed to all Cisco products then the hell with them I'll go to custom firmware or some other brand."
"If you unplug the router from the internet you can access it the old way. But once its plugged into the internet again you don't have a choice. If you have a source that tells you how to disable it I would like it because then i could disable this crap."
"Run a separate hardware firewall. You can build a near perfect one using an old PC and using OpenBSD and PF. Just google PF and OpenBSD and you'll get 1000's of how to pages. Only then can you be sure that only what you want let in will be let in, and only what you want to be let out will be let out.
Also see if there is any way to prevent the router from accepting updates from the outside. If Linksys/Cisco can update your router, so can a hacker."
"How do I know if I was affected by this update?"
"Try to log in to your router. If it redirects you to Cisco Cloud Connection, you're affected."
"Cisco is the Oracle of routers. Their company motto should be: DO ALL TEH EVIL YOU CAN, TAKE ALL THE MONEY, AND RUN AWAY.
I wish the rest of the world would get it through its head that Cisco is not an industry leading company anymore."
"Why in the name of god would cisco create a backdoor that allows updating of the router firmware remotely with no confirmation? I give it literally a month before there's an exploit available for "pushing" custom updates to these routers remotely. I see a historic blunder in the making here. "
"How is this even legal?"
"Lack of security and privacy as a feature. Interesting. So Cisco is likely giving the Government access to all these private networks. Not that anyone would say so or admit... How long until DD-WRT users are labelled Terror suspects?"
@ Marko Seppänen,
Few links related to vulnerabilities in supply chains
Welcome to the party, you will find quite a few previous posts on this blog with regards to "Supply Chain" insecurity / vulnerability issues with regards shipped hardware. Also you might find the comments section of this page of interest (please remember it was well over four years ago and a lot has changed since then, in that many of my "dire" predictions have happened),
One of the first realy public examples of supply chain issues was when Apple shipped media players with a Windows PC virus on them and various USB "Memory devices" have likewise been infected fairly frequently since then. Further even EPOS credit/debit card readers have been found to have additional evesdroping hardware added including a mobile phone network interface.
Have a search for comments by Nick P, RobertT and myself to see some of the ones we have discussed including "rooting chips" in one way or another.
Personally I would also be very interested if and how a mobile device's screen could be seen remotely without a permission?
It realy depends on what you mean?
If you mean directly then have a look at "Optical TEMPEST" and the related "Soft Fonts" over at the Cambridge Computer labs lightbluetouchpaper blog.
You could also have a browse on the potential effects of CarrierIQ's product on US phone users.
And also consider what effect "shim DLL's" on mobiles would have.
As for the use of EM TEMPEST techniques way back in time there was "van Eck" screen re-construction back in the 1980's and the BBC program "Tommorows World" had something similar back if my mind serves me correctly in the mid 1970's. Whilst best of all back in the 1960's the UK "Post Office Detector Vans" did similar with people's "unlicensed TV receivers".
Of more recent times Camb Labs demonstrated remote screen reconstruction from LCD displays at an exhibition.
As for the Security week article you link to it's weak on technical details, but SPA and DPA were originaly made public with smart cards back in the late 1990's. That said it was old news for me back in the 1980's I independently developed a way to illuminate circuits with an RF field which then got "remodulated" by the activity within the circuit I used this to demonstrate that certain "electronic wallets" (any one remember the likes of Mondex?) were very insecure due to exactly the effects the article talks about.
However as others might confirm "hijack" and "teapot" as some people refer to them were known but very clasified TEMPEST techniques when Maggie Thatcher was UK PM which was why she baned the use of mobile phones in many Gov depts.
Security starts to like stone age when u have no power for more than 24 hrs. We found an oasis with ac and wifi, but most here in nova and dc have no power and it's 109 f today. And I mean NO electricity.
Sorry for typos, it's hot and iPad only here and I'm lucky to have any connectivity at all today.
No power at all since last nite at 9pm when storm hit.
3 million go offline in power outage.
We drove miles to find fuel, and most was dark everywhere between Arlington and fair fax va.
Our fridge food is melting and untrustworthy, our pets are hot, people are hot. This is a pretty serious security issue, but no one is providing communications or ice. I can see how society could devolve if enough time with no com no ac, and no street lights.
I'm damn lucky to be in a rare oasis of ac and electric tonight, most are not so lucky.
How many days until power back is not known now. How many days does it take to devolve a society?
Its so hot!
hink about what you could do with an 8oz payload guided from a block or so
I was trying very hard not to say "micro cruise missiles" in case it caused the usual outburst ;-)
I must admit I'm aware of a "student project" that has got a bit out of hand recently using a well known "smart phone" that has a camera accelerometers etc to control a largish (four foot wing span) model aircraft and the students are hoping to get it good enough for one of NASA's MicroSat Orbit devices (it's an autonomous soccer ball sized object using a mobile phone as a controller for the ISS).
Mind you I wouldn't worry to much about AI as history tells us the moment intelligence becomes nodetermanistic it becomes nondependable...
During WWII a number of "animal brains" as control systems were tried. One was IIRC B.F.Skinner training pigeons to guide bombs they all failed for various reasons some disastrously so when the "pigeons came home to roost" as it were.
Also IIRC it was the German Luftwaffer during WWII that put a TV camera in an anti ship wire guided bomb / missile towards the end of the war...
Good passwords are rarer than finding dimonds embeded in hens teeth ;-)
The problem is thus not breaking a strong password but adversaries finding the first weak password that gets them the rights and privalages they need.
As noted above in the UK the Gov want's access to "communications data" on the excuse that "message content" won't be compromised, and as I've indicated this is a nonsense because the former can be embeded in the later which means it all get's harvested.
So if they are harvesting message content from SSL connections then your password nomater how strong is compromised which means you have to use either One Time Passwords or not send the password over the wire.
My favourd aproach as passwords are the keys to your private fiefdom is not to send them over the wire at all but use various zero knowledge proofs etc. Where you know the security is the equivalent of your PubKey etc.
Weakest link maybe the database repository where all sent and received emails are saved for the account. In other words, why bother with SSL ,data in transit, when data at rest could be accessible. If you want to be secure, use a one time pad with your other party. And don't buy two copies of the same book for that purpose at one time ;)
@ Clive Robinson
"various zero knowledge proofs etc
Be careful! I have seen "security people" in the past that thought SHA1 is a zero-knowledge proof.
Thanks for posting this... This is from their portal:
"This revolutionary new technology delivers a host of free apps for your router, and that's only the beginning"
And that's ONLY the beginning? I can only wonder what's next!
Be careful! I have seen "security people" in the past that thought SHA1 is a zero-knowledge proof
It's funny you should say that I was chatting with someone the otherday about the worst forms of "security fail" by people who should know better.
And I gave as an example something that somebody else posted to this blog as an example, which was,
A security auditor accepting that the use of two passwords was a correct implementation of "two factor" authentication as required by a certain well known standard...
Oh whilst I remember the link posted by Marko Seppänen to the security week article was originaly about a presentation the slides of which are at,
And is about Power Analysis (SPA and DPA) carried on EM carriers which is one of the things I was talking about the other day with regards C-v-P
A word of warning though, Paul Kocher (CRI's CEO) who thinks (incorectly) he invented PA in it's various forms also belives he has invented the solutions and unfortunatly the US Pat Office has apparently granted him a number of pattents on what is "prior art" going back to before he was born let alone became an enginer / researcher. Back in the 90's when he preleased the DPA paper I sent him an Email indicating that it could be done not just with monitoring emmitted EM but also by illuminating the test device with EM and indicating this could also be used for fault injection based on work I'd done back in the 1980's sugesting he might find it interesting to research (I also sent similar to Ross Anderson over at Camb Labs who was working on reducing the issues to do with Smart Card chips with self synchronising logic).
Any way with regards C-v-P issue have a look at,
It has a nice catagorising of some of the hardware attack classes.
... without power for more than 24 hrs. We found an oasi with ac and wifi, but most here in nova and dc have no power and it's 109 f today.
You have my sympathy as I sit in pouring rain in London, I hate sweltering heat as it makes me grumpy at the best of times.
Hopefully some DAss politico won't use this as an excuse to push for smart meters...
Untill normality returns all I can suggest is shade, a breeze and plenty of low cal liquid and an outlook an Auzzie friend has that is best summed up as "no worries" :-)
@ Clive Robinson
"It has a nice catagorising of some of the hardware attack classes."
I have worked with (not for) some of the mentioned companies and am familiar with these attacks and more. Also aware of the countermeasures that we're taken to protect against them. Back to C-v-P...
How do we continue?
@ Clive Robinson
Took a quick glance at the presentation you linked. "Testing must be part of any security design" on slide 31...
It's important to note that three types of testing are needed:
1- Functional testing
2- Stress testing (time, resources, concurrency, etc)
3- Penetration testing - by security savvy testers
The above three tests should be applied to the system, the subsystem, and at the unit test levels.
Your E-Book Is Reading You
"Bruce Schneier, a cyber-security expert and author, worries that readers may steer clear of digital books on sensitive subjects such as health, sexuality and security—including his own works—out of fear that their reading is being tracked. "There are a gazillion things that we read that we want to read in private," Mr. Schneier says."
@Cevin Kostner - ironically Amazon reported that many Kindle users admitted to using them to read trashy novels that they wouldn't want to be seen reading.
LOK-IT Secure Flash Drive
I question the security of this, "Secure" flash drive, as nothing, nothing is secure. But...
"LOK-IT comes in two versions - SDG005M and SDG003FM. From my understanding, these two are practically the same, except for the latter (FM) holding a FIPS 140-2 Level 3 certification. From the storage space perspective, LOK-IT currently comes in three sizes - 4GB, 8GB and 16 GB.
When the device is used for the first time, the PIN code must be set up. Inside the packaging you'll get a small cheat sheet that enumerates and explains the appropriate steps required to do so. A strong PIN policy is enforced - the user must setup a code consisting of at least seven digits (the maximum is 15), with repeating and consecutive numbers not allowed."
@Clive This isn't really true: "One of the major ideas behind these UAVs/drones is to take the human out of the equation for a couple of reasons." That may be someone's pipe dream, but currently most US military UAVs have more operators than most traditional aircraft have pilots. One of the disadvantages to UAVs is that they are so manpower intensive compared to manned US missions.
This isn't really true
Hmm I'm not sure you and I are talking about the same thing at all.
Due to the Vietnam war and significant adverse publicity the USAF has had a "politicaly driven" policy of protecting the pilot with more and more standoff weapons such that "close quaters combat" where historicaly most aircraft and pilots have been lost is avoided. Thus the loss and or subsiquent "parading of captured" air crew which reflects so badly on the US Citizens is either significantly reduced or eliminated.
As I pointed out in my original points the idea is to reduce bodies in the aircraft for a number of reasons. This because this is not only are they very vulnerable, take up excessive resources to train and support in the air and by and large do nothing for the majority of the flight. There is now the question arising of "human limitations" as "soft squishy pink stuff with a bit of grey matter on top" we are not designed to deal with the stressess of routine combat flight with out other technology such as G-Suits. Further modern air frame design is well beyond the point where the mechanical systems can easily withstand stresses that would make the grey stuff shoot out the nose and ears of a pilot just like sombody jumping on a capless tube of toothpaste.
Currently drone pilots are needed for take off/landing and some tactical activities, the link I provided is part of a series of trials designd to lead to the take off and landing in the more challenging of environments (carrier deck) nolonger being a requirment for pilots.
Pilots are not required to actually fly the drone from take off to target nor back again. So depending on what the drone is deployed to do (observation / attack) the pilot may not be required at all for the actual flight and mission the "auto pilot" takes care of that. And in some cases the intel bodies will actually direct the flight whilst on patrol/observation by effectively changing the auto pilot at a high level (just like a bomb aimer would once have directed a pilot on the bombing run).
Thus whilst in total the number of "flight personnel" involved with an individual drone flight may be increased they are only needed there for a short part of each flight. They can (and in some casses) do time share across several staggered but simultanious flights thus actually significantly increasing their productivity per man beyond that of conventional flights.
The days of human pilots and observers "onboard" are without doubt numbered for many types of military flying. And when the issues to do with collision avoidence in close quaters flying are suitably resolved then the days of the military aircraft will have be irrevocably changed.
And one driver for this is cost, compare the cost of manned and unmanned aircraft to achieve similar roles and the equation looks very favourable. Then throw in the cost of not lossing very expensive to train air crew and the fact they will be able to fly long after they would otherwise have been medicaly disqualified the equation looks even better. Top it off with removing the politics of lost/killed aircrew and it is hardly surprising such staggering amounts of effort are being invested in getting bodies out of airframes.
There is of course a political disadvantage to this, which is what happens when they "drop out of the sky" as all aircraft types eventually do. There will be a vocal contingent who will argue that "if there had been a pilot onboard...". But then there have been these sorts of argument through time from when we first had the wheel...
@Clive I'm really responding to this: "Then it would not realy be an Unmaned Aerial Vehicle (UAV aka drone) any more but a Remotly Cotroled/Piloted Aircraft." Under current practice, virtually all US military UAVs have a human in the loop monitoring the UAV at all times, from takeoff through flight through landing. That human in the loop always has the ability to turn off autopilot and remotely pilot the aircraft. The only time when a UAV would be totally autonomous would be if something went wrong, such as the coms link being jammed.
I don't know if you've heard about the major security incident on the UK's M6 Motorway?
Briefly, a coach belonging to "Megabus" that had around 50 people on it was pulled off the motorway just after the toll boths and surrounded by many seriously armed security personal (police and army amongst others), and the whole motorway was shut down for several hours. Apparently scared young children had guns pointed at their heads as they were forced individualy to walk away from the coach.
The reason apparently a passenger had seen smoke or some such coming from another passengers bag and that passenger was "behaving furtively".
As far as has been said the cause was an "electric anti smoking aid"...
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.