Most likely is the key term...I read your source link, and the link the article supplied as their source (which then referenced a comment on FoxNews) and there appears to be only speculation as to how it happened but no concrete evidence (besides the fact that it was mostly in-tact)
The military possesses control over encrypted GPS.
The military doesn't actually use it, though, for the most part - the keys are sensitive state secrets, and distributing them apparently requires the proverbial man chained to a suitcase level of paperwork.
The encrypted channels are sufficiently underused that drones whose very design is secret that we fly down the Iran-Afghanistan border aren't equipped with them, and so are vulnerable to Iran spoofing a landing-capture course.
Is this symmetric or asymmetric? Seems the keys would only be sensitive if it's the former, given that there (AFAIK) isn't much difference in accuracy between the encrypted and civilian signals anymore. Although, given the very old hardware in the GPS sattelites maybe asymmetric would require too much processing power.
I found an interesting slide deck that talks a bit about spoofing and key management. [0] Apparently there are different levels of classification for keys. (pg 23) But they must be derived keys, right? The satellites are only broadcasting one signal, not multiple signals each keyed to one receiver. I think there can only be one possible cipherstream (and thus one key) in the very low bandwidth signal.
"By putting noise [jamming] on the communications, you force the bird into autopilot... Notably, it's also much easier than trying to crack the encrypted remote-control communications channel. With the drone relying solely on GPS to determine its latitude, longitude, altitude, and velocity, the Iranians then broadcast carefully spoofed GPS coordinates..."
What do you suppose a drone does if the command channel and the encrypted GPS signal are both unavailable/jammed but the unencrypted GPS signal is available?
In any case, you don't have to be able to decrypt a GPS signal to be able to replay it - you fly a plane 200m above the drone, record whatever's coming over the air from the satellites and you know precisely what would be at the drone's antenna if it were 200m higher. Rebroadcast that at the drone's antenna et VoilĂ , the drone thinks it's 200m higher than it is.
What your suggesting is going to be tricky to implement. First you can only add delay, not subtract delay, so your specific example will not work: you can not "rebroadcast at the drone's antenna" before the original signal reach the drone.
To overcome this, could record all the gps signals, and rebroadcast them with carefully timed delays. But than gps time as determined by the drone will be different from what a clock in the drone gives, so it could be detected. If you are quick enough it might work, but it's non trivial.
And if the drone uses carrier-phase gps measurements you have a whole bunch of other problems.
There are commercial products for less than $100 that do this for the L1 C/A signal - such as [1].
You can rebroadcast at substantially higher power than the signal coming directly from the satellite, so the direct signal gets drowned out. After all, the satellite has to broadcast to cover half the world, while you only have to cover a few square meters.
Now, I'll grant the receiver may see a change in signal strength, some cycle slips, and an increase in clock skew. But you get those in normal GPS operation anyway. If you're going to detect GPS attacks and self-destruct your drone you'll want a very low false-positive rate, and I'm not sure that's feasible.
That would only work if it had a really silly default similar in a way to "automatically connect to available Wi-Fi network" even when it's unsecured. It's possible the manufacturer may have overlooked something like that, but if it is in a military capacity, I doubt they would have left a gaping hole like that. Electronic countermeasures have been in use for several decades now so jamming/hijacking etc... would have been considerations in the design and they may have introduced hardening against those.
A traditional problem programmers have is thinking the lower "EE" levels are more complicated than they really are. Such as assuming a mid 2010s era level of complication for a two way communication stream in something designed in the 80s for unidirectional listening.
The way GPS works is pretty much like LORAN (well, maybe more like OMEGA) but with embedded metadata. So you've got 40 satellites who know exactly where they are and exactly what time it is and exactly what frequency is the center of their spread spectrum spread, and they're more than glad to tell you all about it. All 40 of them. Maybe you can see a dozen of them at a time?
Anyway you sync up to the SS signal and that gives you a local offset for your clock and your local oscillator and you know the exact orbital position pertaining to that delta-t (aka distance) and delta-f (aka doppler velocity). Now average together a zillion satellites and solve a least squares puzzle for the most likely location for you. Which also feeds out an internal error correction signal for your internal osc and real time clock.
All the .mil signal does is squirt out a slightly more accurate encrypted signal so you need the same key all the satellites use and the key changes rather often.
Traditionally, I believe receivers had to lock onto the civilian GPS signal before even trying to lock the encrypted military GPS.
Besides, encryption doesn't stop you from receiving the existing signal and repeating it with a well-tuned delay, which is all you really need to do to fake GPS...
I would hope the engineers designing the drone would NOT fall back to the unencrypted channels precisely because of spoofing attacks. I would think they would rather have the drone use inertial guidance to get it to a friendly area where its secrets would be safer. It may not be able to land without GPS but it would have prevented it from falling into "enemy" hands. Perhaps even activate a self destruct mechanism(s).
Obviously no one involved is talking, so it's pure conjecture. Iran had previously captured intact drones though, so it's possible they were able to pull out the keys. Or it's possible that the public GPS was used after a period of having the encrypted GPS jammed (that's the kind of behavior that will never be confirmed).
Finally, it could have just been BS that GPS was what went wrong. That's not a bad guess.
Why do you, non-cryptographer people, think that encrypted GPS is perfectly secure? Pretty much all crypto implementations have flaws (numerous SSL/TLS discovered and fixed over the years, Android package signing, Xbox game code signing, etc.)
GPS encryption was designed 20+ years ago. It is almost guaranteed it has (known and unknown) flaws.
It helps if the opposition is dumb enough to use a predictable route each day such that you've got a known plaintext attack. Then it amounts to playing yesterday's path, very loudly, today, and it'll fly in a straight line thinking its right on course.
Technically you need multiple recordings so you can switch between them to trick it to climb, descend, etc on command.
Also it helps if the opposition insists on not only flying the same exact "known plaintext" route over and over, but using a predictable precise number like 3000.000 meters on that route.