Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought.
The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq.
But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.”
So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane.
The military is working to plug the hole — introducing new ROVER models that communicate without spilling its secrets. “Recognizing the potential for future exploitation the Air Force has been working aggressively to encrypt these ROVER downlink signals. It is my understanding that we have already developed the technical encryption solutions and are fielding them,” the Air Force officer notes.
But it won’t be easy. An unnamed Pentagon official tells reporters that “this is an old issue that’s been addressed.” Air Force officers contacted by Danger Room disagree, strongly.
“This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”
Which presents all sorts of problems. Let’s say a drone or an A-10 is sent to cover soldiers under fire. If the aircraft has an encrypted transmitter and the troops have an unencrypted ROVER receiver, that surveillance footage can’t be passed down to the soldiers who need it most.
“Can these feeds be encrypted with 99.5 percent chance of no compromise? Absolutely! Can you guarantee that all the encryption keys make it down to the lowest levels in the Army or USMC [United States Marine Corps]? No way,” adds a second Air Force officer, familiar with the ROVER issue. “Do they trust their soldiers/Marines with these encryption keys? Don’t know that.”
Since the top commander in Afghanistan, General Stanley McChrystal, issued strict new guidelines on the use of airstrikes, the United States has turned nearly every plane in its inventory into an eye in the sky. Sending video down to those ROVER terminals has become job No. 1 for most American air crews flying today.
And U.S. troops fighting in Iraq and Afghanistan have come to depend on the feeds. “For sure,” Lt. Col. Greg Harbin told the Los Angeles Times, “I would be dead without this technology.”
Still, some Air Force officers downplayed the significance of the ROVER’s security hole. “If you’re an insurgent, you need to know when and where [aircraft] are flying and then be within the line-of-sight footprint of the feed for any chance of successfully using the information real-time,” one officer writes. “This is much to do about nothing. You have bigger fish to fry.”
“The ranges on these signals is not very great, they are low-power and intended for line-of sight communications. A risk has been identified, [but] it poses limited immediate operational or tactical risk, and certainly does not outweigh the value of thee capabilities,” a second notes.
I have immense respect for both of these officers. But I’m not sure I buy their arguments. If real-time video feeds are valuable to U.S. troops, then it stands to reason that the footage is valuable to insurgent forces, as well. Either this is important data — and worth protecting — or it isn’t.
UPDATE: Some military drones are “particularly susceptible” to having their video tapped, a senior military officer tells Danger Room. That’s because these smaller unmanned aircraft — like the Shadow, Hunter, and Raven — broadcast their surveillance footage constantly and in every direction. All you have to do, basically, is stand within “line of sight” of the drone, and you can tap in. “It’s like criminals using radio scanners to pick up police communications,” the senior officer says.
Larger aircraft — both manned and unmanned — are a little less vulnerable. They can shut off their video feeds if no friendly forces are watching at the time. And they can “neck down” those omnidirectional signals a bit. So it’s more difficult to intercept the transmission. The officer contends that there have “not been any significant — not any impact — on operations as a result of this.”
Still, systems like the ROVER (and the Predator, for that matter) were “built to be cheap. They used commercial off-the-shelf hardware. We wanted to get stuff out there. So it’s not gonna be perfect,” the officer adds. “So yeah, if we’re broadcasting in the electromagnetic spectrum and you’re underneath the footprint, you can receive it. Duh-uhhhh.”