According to a Wired report, malware has infected the control systems used by the United States Air Force to fly Predator and Reaper drones, logging keypresses as the unmanned aircraft are flown remotely in Afghanistan, Libya, Pakistan and other conflict zones.
The malware intrusion is said to have been detected by the Department of Defense’s own Host Based Security System (HBSS), but attempts to permanently remove the infection from one of America’s most important weapons systems have proven unsuccessful.
Inevitably there has been some concern in the media that malware could interfere with the flight of drones that are not just capable of surveillance, but can also carry deadly missiles to remote targets.
Questions are understandably being asked as to whether a remote hacker could interfere with the drones mid-flight, or send information to a third party about the drone’s whereabouts or intended target.
Wired quotes an unnamed source familiar with the infection as saying:
“We keep wiping it off, and it keeps coming back… We think it’s benign. But we just don’t know.”
Hmm.. If I “just didn’t know” I would assume the worst. In computer security, it’s always safest to assume the worst possible scenario has happened and take the necessary steps until you have proven that it hasn’t, rather than assume everything is ticketyboo.
Chances are that the malware is a common-or-garden keylogging Trojan horse designed to steal banking information rather than targeting the USAF. But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.
Predator and Reaper crews fly their drones remotely from an airforce base in Creech, Nevada. The computer systems used to control the weapons are supposedly not connected to the public internet – to reduce the chances of malware infection.
However, any IT administrator will know that simply disconnecting a computer from the internet does not make it 100% safe. Malware can be introduced via other means, such as a USB memory stick, as astronauts on the International Space Station discovered in 2008.
And that seems to me to the most likely vector (USB memory stick I mean, not outer space..) by which malware could have infected the drone computers, as it’s known that drone pilots use memory sticks to upload terrain maps and mission videos.
Here’s a photograph of an airman remotely piloting a done at the Predator control HQ in Creech Air Force base, Nevada:
Take a closer look at the photograph.
It certainly looks like they’re running Windows, doesn’t it? I hope they’re up-to-date with their operating system patches and anti-virus updates.
It might be an idea to check that Autorun is disabled too.
Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.
