[Infowarrior] - Battlefield robot had security hole

Mon Dec 21 13:39:03 UTC 2009

Battlefield robot had security hole
Insurgents could steal video before local firm made fix
By Hiawatha Bray
Globe Staff / December 19, 2009

http://www.boston.com/business/technology/articles/2009/12/19/battlefield_robot_had_security_hole/
The same security weakness that allowed Iraqi insurgents to record  
video from unmanned US surveillance aircraft might also have let them  
spy on American battlefield robots produced by a local firm.

For years, Talon robots, made by Qinetiq North America Operations LLC  
in Waltham, transmitted analog video images without the encryption  
that scrambles signals to prevent them from being intercepted. As a  
result, videos from the robots could have been viewed and recorded by  
anybody with a laptop and a television receiver, including adversaries.

The US military has purchased more than 3,000 Talon robots. Many are  
used for video surveillance patrols in Iraq and Afghanistan.

Qinetiq officials said the security hole was plugged in 2007, when  
Talons received upgraded video equipment.

Last week, the Wall Street Journal reported that laptop computers  
belonging to captured Iraqi insurgents contained video images from US  
surveillance drones. The insurgents had used TV receiving gear and a  
cheap piece of software purchased on the Internet to record  
unencrypted video from the aircraft.

There’s no evidence that enemy forces actually tapped into video feeds  
from the Talon robots. But Eric Rosenbach, executive director of  
research at the Belfer Center for Science and International Affairs at  
Harvard University, expressed surprise that the military would ever  
transmit battlefield data over an insecure channel. “It’s common  
practice and standard operating procedure that any communication from  
the military is encrypted if it’s even remotely sensitive,’’ said  
Rosenbach, who served as an Army intelligence officer in Bosnia.

Bob Quinn, Qinetiq’s vice president of Talon robot operations, said  
that in 2007, the company refitted the robots with new digital video  
systems and added encryption. “Over 2,000 robots, in our case, have  
been upgraded,’’ Quinn said, but he added that the upgrade was not  
prompted in any way by concerns about spying.

Instead, the change was a consequence of the military’s efforts to  
reduce the terrible toll inflicted on US troops by roadside bombs in  
Iraq. Many of the bombs were detonated remotely by radio transmitters  
such as cellphones. The US Army responded by deploying Talon robots  
along key roadways to seek out the bombs and by equipping supply  
convoys with powerful radio jammers. The jammers created a sort of  
electronic bubble around the convoy, so that nearby radio-controlled  
bombs could not be detonated.

“The robots have to be able to work inside that protective electronic  
bubble,’’ said Quinn. But the jamming blocked the robots’ analog video  
signals, making them useless for surveillance. The 2007 digital video  
upgrade solved the problem and also ensured that insurgents couldn’t  
view the videos with conventional equipment.

Quinn said that there was never any risk that an enemy hacker could  
have taken command of a Talon, because the robot’s remote control  
system has always used an encrypted digital radio system. Letting a  
Talon come under enemy control could have deadly consequences, as some  
are equipped with remotely-controlled machine guns.

But just being able to see surveillance video could be very useful to  
an enemy. “It gives them the ability to know where and how the US is  
surveilling targets,’’ said Rosenbach. For instance, an insurgent  
could use intercepted video to warn his comrades that one of their  
“safe houses’’ was actually being watched by the Americans.

The US military has purchased thousands of robots from another  
Massachusetts company, iRobot Corp. of Bedford. Like the Qinetiq  
Talon, iRobot’s PackBot is frequently equipped with video cameras for  
surveillance work. But the company won’t say whether its video feeds  
are encrypted. IRobot spokeswoman Nancy Dussault-Smith said the  
company “does not comment on communications security or other  
operational security topics.’’

Hiawatha Bray can be reached at bray at globe.com. 