To address growing evidence that commercial Unmanned Aerial Vehicles (UAV), automobiles and other vehicles are vulnerable to hacking and sophisticated cyber security attacks, Galois today announced it has developed and successfully demonstrated what has been called “the world’s most secure UAV software.”

As experts in protecting information, devices, networks, and vehicles, Galois conducted a successful demonstration for the U.S. Defense Advanced Research Projects Agency’s High-Assurance Cyber Military Systems (HACMS) program. Galois is part of a team that produced provably correct and secure software that runs on commercial UAVs.

For a February 2015 CBS ’60 Minutes’ segment profiling the U.S. Defense Advanced Research Projects Agency (DARPA), Galois demonstrated an exploit that allows an attacker to completely take over a commercial, off-the-shelf UAV in flight. Galois then showed the same UAV running its high-assurance UAV software that is guaranteed to be invulnerable to large classes of attack. The technology addresses the same security vulnerabilities in many systems, including modern automobiles and the Internet of Things (IoT).

“As unmanned drones – particularly those used for civilian and commercial purposes – grow in number and usage, current software vulnerabilities pose a national security risk,” said Kathleen Fisher, former DARPA HACMS program manager. “Galois’ demonstration offers evidence that software built the right way dramatically reduces vulnerabilities, not just for drones, but for cars, information systems and the Internet itself.”

For the DARPA HACMS program, Galois demonstrated its industry-first ability to:

  • Prevent UAV drone hacking – Galois’ secure UAV software provides an alternative to currently available software that’s open to remote takeover and other vulnerabilities. Galois’ software was evaluated by independent, world-class penetration testing teams that are unable to gain remote access to the vehicle.
  • Prevent car hacking – Galois’ technology guarantees protection against the automotive vulnerabilities demonstrated in ’60 Minutes’ that allow attackers to wirelessly take over automobile control systems. In February 2015, Senator Edward J. Markey (D-Mass) released a report, Tracking & Hacking: Security & Privacy Gaps Put American Drivers At Risk, revealing how vehicles may be vulnerable to hackers.

“The message for organizations building connected vehicles, systems and products is that vulnerabilities are not a foregone conclusion if secure and reliable software is designed into their products up front,” said Rob Wiltbank, CEO, Galois. “The same way an automaker would not design a vehicle by trial and error, you can’t develop a secure system on the fly, as the product is being released. Systems can be made correct by design, which presents an opportunity for organizations to dramatically reduce the hacking threat.”

In the HACMS program, Galois is part of a team led by Rockwell Collins, and also includes University of Minnesota, National ICT Australia, and Boeing.