Malware compromises USAF Predator drone computer systems

Graham Cluley
Graham Cluley
@[email protected]

Predator droneAccording to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging keypresses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.

The malware intrusion is said to have been detected by the Department of Defense’s own Host Based Security System (HBSS), but attempts to permanently remove the infection from one of America’s most important weapons systems have proven unsuccessful.

Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.

Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone’s whereabouts or intended target.

Sign up to our free newsletter.
Security news, advice, and tips.

Wired quotes an unnamed source familiar with the infection as saying:

"We keep wiping it off, and it keeps coming back... We think it’s benign. But we just don't know."

Hmm.. If I “just didn’t know” I would assume the worst. In computer security, it’s always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn’t, rather than assume everything is ticketyboo.

US Air ForceChances are that the malware is a common-or-garden keylogging Trojan horse designed to steal banking information rather than targeting the USAF. But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.

Predator and Reaper crews fly their drones remotely from an airforce base in Creech, Nevada. The computer systems used to control the weapons are supposedly not connected to the public internet – to reduce the chances of malware infection.

However, any IT administrator will know that simply disconnecting a computer from the internet does not make it 100% safe. Malware can be introduced via other means, such as a USB memory stick, as astronauts on the International Space Station discovered in 2008.

And that seems to me to the most likely vector (USB memory stick I mean, not outer space..) by which malware could have infected the drone computers, as it’s known that drone pilots use memory sticks to upload terrain maps and mission videos.

Here’s a photograph of an airman remotely piloting a done at the Predator control HQ in Creech Air Force base, Nevada:

Predator drone control at Creech Air Force base in Nevada

Take a closer look at the photograph.

Closeup of Windows computer at Predator drone control

It certainly looks like they’re running Windows, doesn’t it? I hope they’re up-to-date with their operating system patches and anti-virus updates.

It might be an idea to check that Autorun is disabled too.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.