Indian Army ‘Make in India’ Drones Hacked

0 119 6 minutes read

Introduction

The Indian military has increasingly used drones for reconnaissance, surveillance, and logistics purposes in sensitive borders such as Ladakh and Jammu and Kashmir. The ‘Make in India’ drones were designed to enhance national security, but recent incidents have uncovered unprecedented vulnerabilities, with some of them being reported to be hacked by hostile nations.

This raises serious doubts regarding cyber-attacks in contemporary warfare, and one needs to note how and who hacked these drones, what effect the hacks had, how the Army reacted, and more importantly, what measures can be taken by India to avoid such hacks in the future.

How Were the Indian Army’s Drones Hacked?

It was reported that certain Indian Army drones had technical issues brought about by external hacking. Investigations showed foreign-sourced electronics, including Chinese components, within the drones, which has raised suspicions of backdoors being remotely exploited.

Potential Hacking Methods Used:

GPS Spoofing: The hackers most probably interfered with GPS signals, misleading drones to change their original flight path and possibly into enemy territory.

Figure 2: GPS Spoofing of a UAV- an illustration (via PeerJ)

Radio Frequency (RF) Interference: Jamming attacks could have knocked out communications in drones, and they landed within enemy lines or crashed.
Malicious Backdoors: Chinese electronics might have contained pre-installed backdoors or firmware weaknesses that allowed remote takeovers.
Network Intrusions: Poor cybersecurity safeguards could have allowed hackers to sniff and modify communications between drones and ground stations.

Why Were These ‘Make in India’ Drones Hacked?

Even though these UAVs were addressed as ‘Make in India’ drones, they were still vulnerable to hacking due to some of the most very significant reasons:

1. Chinese & Other Foreign Parts

Though the drones were manufactured in India, almost all the critical parts, such as GPS modules, processors, communications chips, and radio frequency transmitters, were still made in China or other foreign countries.
Chinese parts have been found to have pre-installed backdoors or bugs that may be attacked remotely.

Figure 3: Maj. Gen. C.S. Mann, from Army Design Bureau, on the use of Chinese components (via IndiaToday)

2. Insufficient Cybersecurity Measures

Certain drones did not have military-grade encryption and safe communication protocols, which made them more susceptible to signal jamming, spoofing, or hacking.
Without secure firmware and dynamic threat detection, it is more convenient for hackers to exploit system vulnerabilities.

3. Insufficient Rigorous Testing & Certification

Compared to fighter planes or missile defence systems, drones were not cybersecurity-tested as intensively before they went into combat.
There was no penetration testing, red teaming, and stress testing against cyber-attacks, which made them vulnerable to such attacks.

4. Gaining Cyber Defence Capabilities of Adversaries

China and Pakistan have been sprinting ahead at breakneck velocities to upgrade their cyber warfare, and are investing in AI-powered hacking tools, electronic warfare, and satellite jamming systems.
India’s drone defence was not improving at the same rate, so there was opportunity for weaknesses to be taken advantage of.

5. Over-Reliance on Commercial Off-The-Shelf (COTS) Technologies

Most drones were utilizing commercially used technologies instead of military-grade, custom-built hardware, so they were more likely to be hacked.
India’s drones used open-source or common components like the drones produced by the U.S. and Israel, with their proprietary closed-loop systems; they could analyze and exploit for hacking purposes.

Who were the Drone Hackers?

While ultimate responsibility is made difficult, experts suggest two potential targets behind these assaults:

Chinese involvement: With Chinese parts being used in these drones, Chinese intelligence agencies are suspected to have used these loopholes. China has persistently employed cyberwarfare tactics against India, especially on the Ladakh border (LAC).
Pakistani Involvement: On another occasion, a drone that had been hacked by unknown actors seemed to deviate from course into Pakistani airspace along the Line of Control (LoC), according to potential evidence of Pakistani electronic warfare tactics.

Consequences of the Drone Hacks

The Indian army’s hacking of drones has grave operational and strategic consequences.

Surveillance Gaps: An infiltrated unmanned drone generates surveillance gaps on the border, which the adversary can utilize for intrusion or surprise attacks.
Intelligence Leaks: If the enemy can capture a compromised drone, they have access to sensitive military data like patrol patterns and image systems, which can be used to plan countermeasures.
Technological Exposure: Captured drones will be reverse-engineered by enemy forces in order to create countermeasures, making Indian UAV technology useless.
Disruptions in Operations: If such drone hacking continues, the Indian Army will have to suspend temporary drone operations, leaving gaps in border security and surveillance.

Figure 4: An Indian Army soldier accompanied by a drone on LoC patrol in Poonch, J&K (via IndiaToday)

Indian Army’s Reaction to Hacks

After these security violations, the Ministry of Defence and the Indian Army acted with great speed.

1. Revocation of Contracts with Chinese-Component Vendors

A ₹230 crore defence contract was revoked because the Indian drones have been using Chinese-produced components.
Disciplined procurement regulations have been enforced to prohibit foreign electronics, making future drones indigenous and secure components-based.

2. Enhanced Testing and Security Audits:

All drones are being subjected to security tests for vulnerabilities.
The Army has strengthened cybersecurity standards to minimize chances of hacking.

3. Improved Drone Communication Systems:

Encryption standards are being enhanced to forestall outside interference.
Anti-jamming technology is being created to preclude possible GPS attacks.

How Can India Prevent Drone Hacking in the Future?

To ensure future military drones remain secure, India needs to deploy sophisticated cybersecurity and technological countermeasures, including firewalls, artificial intelligence-based intrusion detection systems, and self-reliant technology development.

1. Establishing Secure Firewalls and AI-Based Intrusion Detection

Firewalls can block unauthorized access to drone systems.
- Network Firewalls: These can be installed to scan and filter incoming and outgoing traffic, preventing unauthorized access to drone communication networks.
- Application Layer Firewalls: These block malware and ensure that untrusted programs do not execute commands on the drone.

Artificial Intelligence (AI)-based Intrusion Detection Systems (IDS) are able to detect abnormal activity in real time and prevent cyberattacks. AI and machine learning algorithms can identify abnormal behavior
- , including unauthorized commands or external interference.
- Behavioral Analysis: AI can detect anomalies in typical drone behavior, such as abrupt changes in flight patterns.

2. Enhanced Communication Encryption

End-to-end encryption (E2EE): To avoid hacking, all drone communications must be encrypted using AES-256 or RSA-4096.
Quantum-Resistant Encryption: To counter sophisticated cyberattacks, employ future-proof encryption.
Frequency Hopping Spread Spectrum (FHSS): Can avoid jamming by quickly shifting operational frequencies.

Figure 5: Frequency Hopping with hop time and pattern (via Medium)

3. Indigenous Drone Development and Secure Supply Chain

Producing key drone components in India to minimize foreign backdoor threats.
Blockchain technology could be utilized to authenticate and ensure the security of drone parts.

4. Anti-Jamming and anti-Spoofing Measures

GPS Anti-Spoofing Software: GPS anti-spoofing software confirms that drones do not receive malicious GPS signals.
RF Shielding Technology: Shields the drones from radio-frequency hacking attacks.

5. Military Operating Systems and Software Updates

Having a proprietary military-grade operating system (OS) rather than commercial ones reduces the risk of cyberattacks.
Firmware should be updated regularly to address any vulnerabilities that have been found.

6. Implement Multi-Factor Authentication (MFA) for Drone Access

Use hardware security keys or biometric authentication to lock down drone systems against unauthorized access.

7. Air-gapped command centers

Physical Air-Gapping: The command and control (C2) systems should be air-gapped, meaning they are not connected to the internet to prevent remote access cyberattacks

Figure 6: Air Gap Network provides a critical layer of data protection against all forms of data loss (via Rubrik)

8. Coordination with Cybersecurity Professionals & Allied Nation

India must work with friendly countries such as the U.S., Israel, and France, which possess advanced cybersecurity capabilities in UAV technology. Israel’s Iron dome missile defence system employs the physical air-gapped networks in order to avoid any cyberattacks.
Joint research projects can build advanced drone security systems.

Conclusion

The recent hacking of Indian Army drones in Ladakh and Jammu & Kashmir is indicative of serious cybersecurity concerns in modern warfare. With India continuing to expand its UAV fleet, it must have strict security measures to protect its drones from hacking.
By emphasizing indigenous development, high-grade encryption, AI-based security systems, and anti-jamming technology, India can protect its military drones from future threats of cyber warfare. While the use of drone warfare increases, cybersecurity is no less significant than military power.