Ever since I heard the report about the captured US spy-drone earlier this week, I wondered how it could possibly have happened. Well, my curiosity was satisfied today: it was reputedly caught by sending it false GPS signals — a vulnerability that military officials have apparently been aware of since at least 2003, and one that’s ridiculously obvious in hindsight, not to mention ridiculously easy to exploit.
That brings up a fact well-known in security circles: an attacker only needs to find a single vulnerability, while the defender must block all the possible attacked vectors. Miss even one, and you might as well not have wasted your time protecting any of them.
I hope there weren’t any really important secrets in that drone.
UPDATE: It seems that smart guys are saying this is implausible because it would be hard to do. Hate to break it to you, guys, but “hard to do” just means that nobody on your side has put in the effort to figure out how to do it yet. As such, it may still be how it was done.