US Department of Interior Grounding All Drones

The Department of Interior is grounding all non-emergency drones due to security concerns:

The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "highly vulnerable" drone systems.

One memo drafted by the Navy & Marine Corps Small Tactical Unmanned Aircraft Systems Program Manager has warned "images, video and flight records could be uploaded to unsecured servers in other countries via live streaming." The Navy has also warned adversaries may view video and metadata from drone systems even though the air vehicle is encrypted. The Department of Homeland Security previously warned the private sector their data may be pilfered off if they use commercial drone systems made in China.

I'm actually not that worried about this risk. Data moving across the Internet is obvious -- it's too easy for a country that tries this to get caught. I am much more worried about remote kill switches in the equipment.

Posted on January 31, 2020 at 6:46 AM • 17 Comments

Comments

Victor WagnerJanuary 31, 2020 7:21 AM

There is no need for remote kill switch. One should just leak information about possible espionage function and customer would kill drone himself.

Insecurity BlanketJanuary 31, 2020 7:51 AM

"remote kill switches"

Insufficient information. IOW, WTF do they kill? The whole damn drone, permanently? One of its capabilities (but not the ability to fly)?

You're concerned, but how concerned should others be, and who are those others?

JohnJanuary 31, 2020 8:54 AM

It's good we're getting these wake-up calls now re: how untrustworthy China is. We've been in a honeymoon with them for far too long. Thank goodness it's coming to an end. They are what they are - fighting for their side. Until humans advance out of our fears and suspicions of 'other', this is the way it will be. We are doing the same.

DanielCooperJanuary 31, 2020 9:45 AM

Isn't this just because the drone's software implementation is so incredibly bad and insecure? And that they have helpful 'cloud' services that save your video and stills that are garbage?

Clive RobinsonJanuary 31, 2020 12:15 PM

@ Bruce, DanielCooper,

I'm actually not that worried about this risk.

No, seeing what a military drone sees is not exactly new.

Do people remember why the uplinks in the drones in Afghanistan finally became encrypted?

It was because they saw a "goat herder" watching the drone feed on a laptop (or so the story goes).

The thing is for various reasons drones are not exactly EM silent, because they were designed to be remotely piloted so that "a human is always in the weapons control loop"... If you think about thst for a few minutes you will realise that is a serious defect in "mission security" and one the military almost certainly want to get rid of...

Thus keep an eye open for "AI in the Air" or similar. This grounding story may well be more than the idiotic Trump-v-Teddybear, it might be a first stage FUD campaign to get AI in weapons control...

@ Bruce, All,

I am much more worried about remote kill switches in the equipment.

Kill switches are not realy any more than an anoyance depending on how they work.

What worries me more is "remote control".

Drones are used to take out specific targets like diplomats on peace missions. This requires carefull guidence of weapons etc in built up areas where the risk of major collateral damage is very high.

Imagine if you will a US drone coming in on another diplomat for a kill and the hellfire or or other weapon of choice ends up blowing up an international hotel full of "green zone" types such as friendly nation diplomats and journalists, or the likes of Humanitarian aid workers or even US civilians or senior administrators, politicians or military advisors etc...

It's not something the US Executive are going to want to watch on international news.

Thus the nation that "takes control" of a US drone need not even be involved in the war, to gain a massive victory against US or it's allies...

It's considerations like this that many European Nations consider to big a risk to get into a US led war any longer. Seeing your own come home in body bags due to enemy and friendly fire is one thing. Being associated with the apparent murders of innocents is entirely another thing.

And yes we have Wikileaks and Chelsea Manning to say thank you to for that, when the video of journalists and humanitarian aid workers getting shot to pieces by US armed forces got published it opened a lot of eyes and made orhers look for the fastest way out of the room that could be done diplomatically.

People need to understand that Neil Armstrong walking on the moon kind of closed the feel good chapter on US relations with other nations. The Vietnam war showed that the US news could easily become a very powerfull weapon against the US military. It's why the US military went to such great lengths to "stage manage" the reporting in the two gulf wars, but even that failed.

If people remember back that far, George Bush senior was apparently dragged from bed by aids over the words of an overly emotional Marine being interviewd by the BBC reporter Kate Aide,

    the U.S. Marine Lieutenant, who appeared distressed, said the convoy had "no air cover, nothing", and he added "it was not very professional at all."

Kate Aide also pointed out that those killed were mainly not loyal Iraqi troops but Turks and Kurds from the north and many many civilians escaping from what they believed awaited them on the Kuwaiti return. Even though they did not live to see it, the Kuwaitis delivered more or less as they had expected, but that did not make international news, neither for some time did the fake story presented by a Kuwaiti Ambassador's daughter that was widely cited by the US administration which was used to sway UN votes,

https://en.m.wikipedia.org/wiki/Nayirah_(testimony)

But then there was a different journalist reporting on what another pumped up member of the US armed forces said when talking about the Iraqi retreat along the Basra road as a "turkey shoot", these went global and forced the breaks of the US war effort to be slamed full on.

For those that do not know shooting soldiers who are not armed or taking part in combat is considered a war crime under international law. Which is rather more than "not very professional at all".

As some of those who were in the armed forces at the time will remember the end of next month will be the 29th aniversary of the incident which got called "The highway of death",

https://en.m.wikipedia.org/wiki/Highway_of_Death

Even now those images convey a very powerfull message, and you can be sure it's not one the US would want repeated.

So if I was an enemy of the US and had a backdoor into their drones, I realy don't think a "kill Switch" would be on the top of my list of things todo, the propaganda value of collateral damage is just way way to high.

RealFakeNewsJanuary 31, 2020 12:24 PM

It seems more anti-China than any real vulnerability.

So the software has flaws and can be hacked? Big deal.

How about putting Cisco et. al., under the same scrutiny and secure our stuff?

DaveJanuary 31, 2020 12:55 PM

Any IoT device that has automatic update capabilities has exactly the same risks, regardless of the vendor. Data ex-filtration is a serious issue for all of them, whatever data they might have available. Look at Ubiquiti, Nest, Ring cameras, Sonos devices, tablets, smartphones, video players, GPS devices, anything with internet and easy updates.

If we can think of it, it is just a matter of time for someone to actually do it. Waiting until it actually happens seems foolish for people with security concerns.

I need to polish my tinfoil hat now. :)

lurkerJanuary 31, 2020 12:58 PM

Isn't this just a symptom of another wider problem? The USA needs to be able make its own drones/webcams/IoT doorknobs/&c. more secure and cheaper than China can. Until this happens you've just gotta put up with Chinese crapware...

Clive RobinsonJanuary 31, 2020 2:00 PM

@ Lurker,

The USA needs to be able make its own drones/webcams/IoT doorknobs/&c. more secure and cheaper than China can.

Err can you remember "the how and the why" of the US killing off it's own manufacturing industry and handing it of to the Japanese, the South Koreans and more recently the BRIC's?

Do you think any of those reasons have changed?

Nope, As for,

Until this happens you've just gotta put up with Chinese crapware...

As the old saying has it "You get what you pay for". The same reason US manufacturing got "off-shored" in the first place will mean that "crapware" will get made irregardless of where it is developed.

That's just the way things work with "Short term free market" thinking.

Oh and also remember why almost the entire US armed forces and Federal and State governments run on "crapware" from the likes of Adobe, Microsoft, Apple, et al. It is because the representatives who the US citizens voted for decided that they should force all government funded research into secure systems to stop in favour of the use of bug ridden Corporate offerings known as COTS.

In all honesty I can not see the US changing any of this unless their is an event atleast as national confidence shaking as 9/11 was...

I'm sorry to sound so negative, but I've watched this in both the UK and US since the 1960's thats half a century or three generations of UK and US politicians behaving this way, in effect it's not just the industry that's gone, the skill base has as well, and as there is not that much demand the education has gone as well.

Seriously what do you think will make it change?

lurkerJanuary 31, 2020 9:07 PM

@Clive

I'm sorry to sound so negative, but I've watched this in both the UK and US since the 1960's

I confess I was poking the problem with a stick. Having serviced brownware in the 1950s & '60s I saw a fair bit of American kit, the milspec stuff was impressive compared to our local gear that I was doing my apprenticeship on; but the American domestic stuff was mainly crapware, some of it wouldn't have got past our electrical safety inspection, never mind quality of components and workmanship.
Seriously what do you think will make it change?
I think the answer to that is social and political, and beyond the scope of this blog.

Jesse ThompsonJanuary 31, 2020 9:08 PM

This is just the US govt reacting to China's equivalent of their mandate to backdoor all consumer equipment.

"backdoor" means absolutely nothing more nor less than "yield control to an unknown/unknowable third party".

If we're very, very lucky those in power will begin to perceive this symmetry and realize that whatever US (and intl) consumers fail to be secure from the US govt will also fail to be secure from the Chinese govt.

Peter S. ShenkinFebruary 1, 2020 3:15 PM

@Clive

"For those that do not know shooting soldiers who are not armed or taking part in combat is considered a war crime under international law."

A retreat is a military maneuver. Armed forces retreating, as in this case, are active participants in a war. They plan to rally to fight again.

To qualify as non-participants, they would have had either to surrender or to have been captured. Neither was the case here.

Clive RobinsonFebruary 1, 2020 4:34 PM

@ Peter S. Shenkin,

Armed forces retreating, as in this case,

Whilst some were in tanks, the majority of those shot on the Basra road were not in uniform, not carying arms, not in military vehicles or any vehicles and as I noted many were civilians escaping befor the Kuaitis came back to take revenge (Which the Kuaitis did indeed do, though it was not widely reported in the press at the time).

On of the reasons the bodies were buried as quickly as they were by US Troops with no attempt to identify them was to "limit the damage" press photographers and journalists would do. Kate Aidie had already done enough damage which was why Bush Senior pulled the plug as fast as he did.

But then there were those who's surrender had been taken who were shot, along with some who had taken their surrender...

Enough of the US military on the ground were sufficiently out of control they just shot anything that moved... As well as disobeying orders.

Random CommentFebruary 3, 2020 6:29 AM

The signing keys and firmware are public for quite a few models and i'm sure the NSA can get the others.

So whats to stop them patching the software vulnerabilities themselves and removing update code or whatever needs doing?

If they can modify firmware for Cisco routers and various hard drives to add back doors, they can also patch other hardware.

I wonder if some supplier sells a drone takeover kit using a few of the known or yet to be discovered vulnerabilities and someone after seeing that realised they also use the drones so are vulnerable so went with the grounding.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.