3M Window Film Demonstration on Global TV by jordanritch

3M scientist demonstrating their patented security window film and glass bead technologies.

Drone hack explained: Professor details UAV hijacking by MovieHyphenArchives

Todd Humphreys' tale about hacking a civilian drone in front of the Department of Homeland Security has gone viral since he conducted the experiment last month. Now the assistant professor at the University of Texas explains his work to us. In an interview with us this week, Todd Humphreys of the University of Texas at Austin's Radionavigation Laboratory reveals that it only took a few researchers, around $1,000 in parts and some seriously smart software to send signals to an unmanned aerial vehicle's GPS receiver, hijack the craft in mid-air and then have it do the department's bidding — all right in front of Homeland Security agents. "The navigations systems of these drones have a variety of sensors," explains Humphreys, "...but at the very bottom is a GPS unit — and most of these drones that will be used in the civilian airspace have a civilian GPS unit which is wide open and vulnerable to this kind of attack. So if you can commander the GPS unit, then you can basically spoon feed false navigation information to the navigation center of these drones." By compiling several years' worth of research into custom-made software, Humphreys was able to do exactly that recently — and right before the DHS. By 2020, the Federal Aviation Administration expects to have as many as 30,000 drones flying over the United States. According to Humphreys, though, the FAA might want to make a few changes before they roll out a domestic UAV for local law enforcement agencies to use. "I'm a big proponent of bringing in drones to the national airspace. They are going to come and we might as well expect it. The question is, how can we bring them in reliably?" he asks. "And right now the dangers of bringing them in, before addressing this problem, is that someone on the ground could hack the drones and turn them into their own device, making them go to a different place or along a different path. So it could cause loss of life, it could cause collisions. But I hope that we can address the problem long before that happens." Humphreys explains to us that he went into the experiment expecting a real challenge by hacking the drone's GPS with a homemade spoofer device, but along with some students, he says he "worked hard to demonstrate that it was indeed possible, and perhaps within the capability of other hackers." "I think the vast majority of Americans are fascinated by drones," he adds, "But there is a lack of deep understanding of the inner workings of the technology and perhaps of the safety threats," which his team is now hoping to highlight by experiments such as these. Also up for discussion, he stresses, is the issue of privacy. "I've got some tall fences around the back of my house and I have a reasonable expectation of privacy when I'm having a barbecue in the back of the house, so of course I wouldn't like to have any drone surveying me and my family as were having a barbecue, but I'd like to see these kinds of concerns balanced with the kind of economic benefit that drones can bring," he says. "So whereas we'd like to welcome them in, we have to address problems of privacy. Now we have to address problems of safety before 2015 when the FAA opens these skies up to drones. "

Six Really Cool Reasons Why You Shouldn't Turn Off A Tweeting Hijacker's Phone

Pittsburgh police and SWAT members escort a suspect, center right, from a hostage-taking on the 16th floor at Three Gateway Center to a police van on Friday, Sept. 21, 2012, in Pittsburgh. Klein Michael Thaxton, 22, surrendered just before 2 p.m., and the man he took hostage was unhurt, Police Chief Nathan Harper said. (AP Photo/Keith Srakocic)

Last week, there was a hostage situation in Pittsburgh that garnered the attention of the national news media.  The subject stormed a building and held a business owner hostage with a knife and hammer while sending "status updates" via Facebook.  It had all the makings of a really bad B-rated movie with your favorite 1990's action hero.  What caught everyone's attention was the status updates during the standoff by the perpetrator.  The police allowed him to communicate via the social networking site to allow him to communicate to them (This is the Pittsburgh Police....We have you surrounded....Please accept our friend request) and his family and friends who they assumed may have better luck at deescalating the situation.  They got fed up finally or were finally able to get Facebook to cooperate and shut down his account.

You might be wondering, as was I, if that was such a great idea.  Here's probably why not and why you shouldn't:

1. In some situations, you may not have any "eyes and ears" inside.  For hours, the Pittsburgh PD thought they had a bomb-making veteran with some serious PTSD issues.  You can have all the technology in the world but it's worthless if you can't get inside.  Without any further information disclosed, this appears to be the case here.  His status updates can provide information on his mental health status, number of other hostages, weapons, personal contacts he will listen to, etc.
   

   

   Screenshot of Facebook "status update" of Pittsburgh suspect

2. Depending on the device being used to make the "status updates", you may have an opportunity to gain a unique perspective about what's actually happening.  My hacker friends know exactly where I am going with this.  The wonderful thing about modern laptops, smartphones, and tablets is they almost always come with video and audio capabilities.  This is where it might behoove some departments to recruit people with these skill-sets.  A hacker or a trained cyber operative (I know it's cheesy and way too Hollywood) could easily exploit any existing security vulnerabilities the device could be susceptible to and exploit them to gain access to an internal microphone or camera.  With an active Internet connection, you could then transmit what the audio/video components were capturing in real-time.
3. If a guy's talking, that means he's not dead.  I know - it's bad taste.  Hear me out.  If your perpetrator is still making status updates, that means you have a live bad guy and probably live hostages.  It also means he may not have time to set booby traps if he's overly consumed with clicking "like" on his comments.  
4. Allow him to believe you have no clue about his Facebook statuses.  Seriously.  Play dumb for as long as you can.  Don't get me wrong - this can and will expire soon.  However, at the offset, it may be wise to play dumb.  You don't want the laptop or cell phone off for any reason.  Remember what I said about "eyes and ears".
5. Communication with personal contacts.  When looking at the Pittsburgh perpetrator's "status updates", one can't help but notice how he interacted with those who really knew him.  Suppose you get his mom to get out to talk to him/her and it goes bad, who else do you call?  Mom may be out of tune or clueless about his closest friends or even his current relationship status.  Facebook, as we all know, does this for you.  I have LOADS of friends on Facebook.  If you wanted any idea as to who I'm closest to other than my wife and parents, my Facebook interactions would certainly clue you in to some extent.
6. You have no idea what this situation is about but I bet Facebook will.  People often tell their life stories on Facebook.  They have fights with spouses, girlfriends/boyfriends, parents, assorted family members, friends, and co-workers.  They discover cheating, fraud, and various ethical improprieties.  ALL on Facebook.  What better way than to listen and learn to what's going on in your perpetrator's life and of those in his/her inner circle.  A great example is the screenshot below.  Check out his friend, Markus' post.

As you can see there are many reasons why law enforcement should consider allowing hostage-takers to continue making "status updates".   Remember it is easy in any situation to see only your limitations and pitfalls.  However, a reexamination could prove you have more tools at your disposal than you previously realized.