They jammed communication signals and faked GPS data when automatic "go back to home base" landing procedure kicked in.
http://www.informationweek.com/security/attacks/iran-hacked-...
The military doesn't actually use it, though, for the most part - the keys are sensitive state secrets, and distributing them apparently requires the proverbial man chained to a suitcase level of paperwork.
The encrypted channels are sufficiently underused that drones whose very design is secret that we fly down the Iran-Afghanistan border aren't equipped with them, and so are vulnerable to Iran spoofing a landing-capture course.
"By putting noise [jamming] on the communications, you force the bird into autopilot... Notably, it's also much easier than trying to crack the encrypted remote-control communications channel. With the drone relying solely on GPS to determine its latitude, longitude, altitude, and velocity, the Iranians then broadcast carefully spoofed GPS coordinates..."
Finally, it could have just been BS that GPS was what went wrong. That's not a bad guess.
http://www.wired.com/dangerroom/2011/12/iran-drone-hack-gps/
GPS encryption was designed 20+ years ago. It is almost guaranteed it has (known and unknown) flaws.
edit: Assuming that navigation was relying only on GPS
That is a very bold claim which I believe requires far more citation than you have provided.
https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incid...
For more information regarding what happens if someone alters the altitude of a plane, see [2].
Yes, I'm sure that pilots routinely ignore the altimeter, air speed indicator, climb rate indicator, compass ....
GPS is useful, but no competent pilot ignores all of the other sensors and uses GPS alone.
The story here is that we thought we had designed a system which can do this without human interaction, and now/whenever it was discovered we're realizing we're not done yet. That this can be done by a person with a compass and a map is not a comment worth the text it's written with.
People who don't know much about GPS think the satellites are eternally autonomous but that is not the case. There are precisely two uplink control points on the planet which control them. Both in the USA as I recall.
Another interesting problem is lifetime mismatch. It would be foolish to create a system which depends on and could outlive the current GPS constellation.
Also being in the USA we tend to assume the fedgov is on our side and our side is everyone's side, but the rest of the world has found out the hard way many times over to never assume that is or will always be the case. So absolute best case is you should never deploy a worldwide system with a SPOF controlled by a foreign power.
"The story here is that we thought we had designed a system which can do this without human interaction"
No it was designed for humans (mostly US soldiers) to geolocate themselves, so they could help orient themselves on paper maps. This whole idea of pasting a navigation system, or even worse, an autonomous navigation system, on top is a good example of feature creep resulting in systemic failure.
You probably could design a redundant, tough, reliable, world wide (or at least, wide range) autonomous navigation system. It would not look anything like GPS. It would probably look a heck of a lot like a weird cross between the VOR system and authenticated LORAN. It would take a lot longer than a HN post to nail it down exactly, but I'm sure that whatever it optimized down to, it wouldn't resemble GPS very closely. In the grand tradition of all copier machines being called Xerox machines, I'm sure that whatever this successor system is called, the general unwashed masses will continue to call it a "GPS" to the immense confusion of people who actually know what they're talking about.
A planetary scale authenticated mostly decentralized web of trust mesh network of millions of stationary beacons and mobile inertial navigation systems with computational countermeasures to fight intentional bad actors? Probably providing global internet access via the mesh while you're at it, because it's there?
To the actual issue, i wonder how practical this is? In that i mean what level of power output is required to override the correct signal and at what distance? Is this something that could be a real issue, impractical? What?
When gauging the newsworthy-ness of a problem, the scope of its impact is always one of the first factors that journalists consider.
Let's say a captain enters a course to stay 500nm offshore of a pirate-infested coast (btw, after Somalia, West Africa is now a pirate hotspot[1]). By interfering with the GPS, the ship could be turned imperceptibly towards shore, and after a day be within range of pirate boats. The GPS display on the electronic charts would still show the intended course, because the GPS thinks it's on the right track. And without any land for reference, the captain or crew might not notice. If GPS is the sole position-finder, the fake coordinates would also endanger the reliability of ship-to-ship collision detection such as AIS[2].
With a cell phone or any consumer device, the user has to constantly read the GPS output and then react to it based on the roads or other physical landmarks. You couldn't just "steer" a person to the wrong place by making the GPS believe it's in a different location. And then I can't think of any other "exploit" that you could do with the GPS on a phone.
As mentioned elsewhere in this thread, the solution to the boat navigation problem is to have alternate sources of position info (Loran, GLONASS, etc.). Alternatively, the error introduced by the fake GPS could also be detected by weather info. Any deviation from the dead-reckoning course (heading and speed) can only be accounted for by wind and current. I believe wind and current forecasts are fairly common for all areas of the globe now, so the calculated values could be compared to the expected values and raise an alarm if they are far off.
[1] http://gcaptain.com/tag/piracy/ [2] http://en.wikipedia.org/wiki/Automatic_Identification_System
First, the fact that expensive machines can be brought down by cheap components is still interesting. Nobody will really care if your $80 cell phone can be spoofed.
Second, GPS receivers are not all the same. There are many different techniques you can use to make your receiver more resilient against spoofing, from cheap and easy things like adding Galileo and GLONASS support to crazy expensive things like adding backup star tracking and inertial navigation systems to cross-check the GPS results.
At the least, one would expect such an expensive ship to cross-check GPS results with internal dead reckoning to reject obviously bad GPS coordinates. That it didn't do this suggests that shipbuilders (or, at least, buyers) aren't aware of the spoofability of GPS. Articles like this make people aware of the problem and its solutions, solutions which simply don't apply to an $80 cell phone.
I guess it has more to do with the fact that unless you have a great Kalmann filter design, your IMU will likely drift off course rather rapidly, whereas GPS spoofing wasn't as easy or as popular as it is today (and I would say it really isn't that popular outside of major areas today, as it stands). Either way, you're right, the GPS coordinates should definitely be checked against the internal dead-reckoning. However, then you have to ask yourself how you know the internal dead-reckoning is still on course. It's a tricky problem, and hopefully the solution doesn't just tend towards "add more sensors."
EDIT: changed an "isn't" to "wasn't"
Now you could buy amazing laser gyroscopes, for planes the Inertial navigation system error could be great, but for ships(that move more than 20X slower) is not.
[1] https://en.wikipedia.org/wiki/Attitude_control#Star_tracker
It doesn't matter where they are, because where they're not is in management. During development, if attacks like this are even considered at all, its a very low probability incident, isolated to a very small number of targeted units and requires people doing things that can be dismissed by rhetorically asking "why would anyone ever do X?"
Computer security in general is abysmal. It's not for a lack of security guys trying. Good security costs time and money, but the return is practically invisible. The only reason the little bit we have exists at all is either that people have lost money, regulation, or an easy to spot practice has become trendy enough that people will chide others for not following them.
However this is based on what I can remember from 12 years ago, before I'd had any formal electronics/signals education so I might have some massive miss-conceptions.
These ran into all sorts of problems, largely to do with the proximity of the pseudolites to the receivers such as synchronisation and signal strength issues. Locatanets (http://locata.com/) are the in thing nowadays.
* I'm sure the anti-tamper technology is pretty great.
Perhaps interference happens a lot more often that we think.
