Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Friday 18 December 2009

Idiots Indeed

Looks like my lack of confidence in the security of robotic warfare systems is fully justified.


Comments

Jeff Walden
This isn't a "hack", just a next-gen police scanner. I agree this shouldn't have happened, but there's really no cause for alarmism here. There are no issues of command/control here at all.
TNO
This eventuality was mentioned in the original articles comments. I think that discussion still stands.
Robert O'Callahan
Jeff, but do you at least agree there are security issues here? I agree it's not a hack, and that's part of the problem: this is a totally unsophisticated, minimal-effort compromise. What could people with a bit more money, a bit more access, and a bit more cleverness do when the people in change think that turning off encryption because it's slow is a fine thing to do?
Colin Coghill
Yeah, it completely undermines their assurances that the rest of the system is secure when they've just shown they can't even do security for something trivial like a video feed.
And letting your enemies know what your drones are looking at and where you're interested in is the kind of thing that can lose a war. (not that I care for their war, but it be nice to think that at least the military could get basic security right)
VanillaMozilla
As far as I can tell, the article is talking about the video image from the robot. There's nothing in the article to suggest that control is unencrypted. If there ever is a problem, I'm sure they can adapt.
VanillaMozilla
I get your point, Robert. --sort of. Not much we can do about it, though. They've been working on this for at least 50 years, and they aren't going to turn back.
The guys who work on this know more about the problems than we do. I'm a whole lot worried about war than about specific weapons. This probably won't mean the end of civilization (or war, alas) as we know it.
Layton
Looks to me like a convergence of 3 factors that do not bode well for the United States.
1) Complacency.We are used to thinking of ourselves as "the" world superpower. This attitude makes us vulnerable regardless of the technology we use or don't use.
2) Historically, the nations with the largest populations tended to become the world superpowers. Exceptions have existed, but according to that rule of thumb, China should probably be the next superpower.
3) Each generation of weaponry has become more potent and less controllable that the previous. Consider the progression from sticks to swords to guns to missiles. Each step has been more deadly than its predecessor, but has also been less specific and controllable.
I vote that we get the UN to pass a resolution that as honorable citizens of this planet, we all dispose of our weaponry and proceed to fight our wars with sticks and boxing gloves. This would, of course, allow the most devious and power hungry to instantly gain full control of the whole world.
Hey wait. Isn't that where we already are?
As I see it, the US is financially bankrupt, complacent and outnumbered. To me it looks like the security glitches are a symptom of these deeper problems, and are not themselves the real problem.
TNO
Excellent post by Bruce Schneier on the subject:
http://www.schneier.com/blog/archives/2009/12/intercepting_pr.html
Jeff Walden
There's a small issue, but I suspect they're well aware that the feed could be MITM'd, as well as that the other side can eavesdrop on it. Of course, I have way more faith in their competence than to expect them to use an unencrypted connection for control; if that were an issue I would be significantly more concerned, but of course it's not. (And, of course, the unencrypted transmission issue has been fixed already, so it's a dying issue going forward.)
It's also worth noting the army might have been on the leading edge adopting this stuff, and if so that would explain why this line couldn't be easily encrypted, due to one-off (or few-off) component use. Anything being designed today, or recently, doubtless doesn't have this issue and, if it had the issue, could be retrofitted significantly more easily than it sounds like here. I'll cut a little slack for the army often being a first mover in these things.