By Rob Russell
What you say? Spoofed? Sounds like something out of a Disney movie!
Well, it ain't! And for you GPS users, be it an aircraft, a boat, or a personal GPS, read on and beware. As you all know, we have come to rely on GPS for just about everything. From getting from your house to the neighbour’s house, to another street, another city, wherever, we make use of Google Maps. We all use it for navigation, and we would be lost without it.
GPS, or any GNSS (Global Navigation Satellite Systems) system, is a great system and it has revolutionised the world we move in, but the GPS’s main aim is to assist the US Military, in its everyday movements. (Remember the US allows you and me to make use of it and they can turn it off whenever they want to, but have assured us they will give us a warning when they going to do that.) Luckily there are several other GNSS systems available as well. So GPS, primarily, and all other GNSS systems, are a target for the “enemy” and hackers and these attacks affect either specific targets or a whole area, depending on the type of hack, or attack.
So what is spoofing and what happens?
A global navigation satellite system (GNSS) spoofing attack attempts to deceive a GNSS receiver by broadcasting fake GNSS signals, structured to resemble a set of normal GNSS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time. These spoofed signals may be modified in such a way as to cause the receiver to estimate its position to be somewhere other than where it is, or to be located where it is but at a different time, as determined by the attacker. One common form of spoofing attack, commonly termed a carry-off attack, begins by broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is first received, by your device, as a weak and intermittent signal, but then gradually increases and overrides the genuine signals. All GNSS systems, such as the US GPS, Russia's GLONASS, China's BeiDou, and Europe's Galileo constellation, are vulnerable to this technique.
Spoofing is not new and has been around for many years, but it has always been hard to trace and track and determine the source, or sources. It was suggested that the December 2011 capture of a Lockheed RQ-170 drone aircraft in northeast Iran was the result of such an attack. GNSS spoofing attacks had been predicted and discussed in the GNSS community as early as 2003.
A "proof-of-concept" attack was successfully performed in June 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht. Of course, this experiment was carefully monitored by all involved, including the US Military, so it was only this yacht that was affected, but it was enough to make other users sit up and take note.
Russian GPS spoofing
In June 2017, approximately twenty ships in the Black Sea complained of GPS anomalies, showing vessels to be transpositions miles from their actual location, in what Professor Todd Humphreys believed was most likely a spoofing attack. GPS anomalies around Putin's Palace and the Moscow Kremlin, demonstrated in 2017 by a Norwegian journalist on air, have led researchers to believe that Russian authorities use GPS spoofing wherever Vladimir Putin is located. The mobile systems named Borisoglebsk-2, Krasukha and Zhitel are reported to be able to spoof GPS.
There are two other well-known incidents, which were suspected to have happened as a result of Russian interference with GNSS signals. These were during a November 2018 NATO exercise in Finland that led to a ship collision (unconfirmed by authorities) and a 2019 incident of spoofing from Syria by the Russian military that affected the civil airport in Tel Aviv.
In December of 2022, significant GPS interference in several Russian cities was reported by the GPSJam service; the interference was attributed to defensive measures taken by Russian authorities in the wake of the invasion of Ukraine.
So how do you prevent GNSS spoofing from occurring?:
The US Department of Homeland Security, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC) and the National Coordinating Center for Communications (NCC), released a paper which lists methods to prevent this type of spoofing. Some of the most important and most recommended to use are:
Obscure antennas. Install antennas that are not visible from publicly accessible locations or obscure their exact locations by introducing impediments to hide the antennas.
Add a sensor/blocker. Sensors can detect characteristics of interference, jamming, and spoofing signals, provide local indication of an attack or anomalous condition, communicate alerts to a remote monitoring site, and collect and report data to be analyzed for forensic purposes.
Extend data spoofing whitelists to sensors. Existing data spoofing whitelists have been and are being implemented in government reference software, and should also be implemented in sensors. (Whitelisting is an approach where only pre-approved entities are allowed access to a specific service or environment, while all others are automatically denied by default.)
Use more GNSS signal types. Modernized civil GPS signals are more robust than the L1 signal and should be leveraged for increased resistance to interference, jamming, and spoofing, ie ensure you have the latest software and hardware available when you use a GNSS system and use signals from more than one source, ie GPS and/or the European Galileo systems for example
Reduce latency in recognition and reporting of interference, jamming, and spoofing. If a receiver is misled by an attack before the attack is recognized and reported, then backup devices may be corrupted by the receiver before hand-over.
These installation and operation strategies and development opportunities can significantly enhance the ability of GPS receivers and associated equipment to defend against a range of interference, jamming, and spoofing attacks. A system and receiver agnostic detection software offers applicability as a cross-industry solution. Software implementation can be performed in different places within the system, depending on where the GNSS data is being used, for example as part of the device's firmware, operating system, or on the application level.
So do not become complacent and stay alert – it can happen anywhere and at any time. If you are in remote areas, be it land, sea or air, have another independent backup nav system available – and yes a good old paper map is a great backup - and continually cross reference the systems. GNSS systems are amazing but they are fallible.
Latest spoofing attacks and update:
Over the last few weeks, several airlines and other such operators, have been reporting spoofing of signals, in the Middle East. These signals have put aircraft off course, or even put them in a fixed position at a fixed speed, all designed to create confusion and cause panic among crews. Crews have come under great stress and the need to be aware of these possible attacks happening at any time is real. Whilst many operators have accused the attacks of coming from Turkey, there has been no hard evidence of this. Others are accusing Iranians of doing it.
Since late September, the website Ops Group has been collecting reports from pilots flying in the Middle East reporting satellite-based navigation equipment giving them false position reports. In some cases, their panels have told them they’re as much as 120 miles from their actual location, prompting the FMS to react. Some crews have had to ask ATC for vectors to keep them on course. Humphreys said the alarming development is the spoofing affects both the GPS-dependent equipment and the Inertial Reference System (IRS). The two systems are supposed to operate independently and the IRS was thought to be immune to that kind of tampering. It affects the main system and its backups simultaneously. “The GPS and IRS, and their redundant backups, are the principal components of modern aircraft navigation systems,” Humphreys said. “When their readings are corrupted, the Flight Management System assumes an incorrect aircraft position, Synthetic Vision systems show the wrong context, etc.” He said crews eventually figure out something is wrong and use old-fashioned tools like VOR and DME, but those are not always available and they have to call up ATC for help.
A University of Texas student has very recently traced the source of alarming GPS spoofing signals in the Middle East to the eastern outskirts of Tehran, but it would seem there is little anyone can do to stop the navigation interference. Todd Humphreys, who heads up the Radionavigation Laboratory at the University, said the grad student, Zach Clements, was able to use gear on the International Space Station to scan for the bogus signals and approximate their source. He said analysis of the signals themselves suggests it’s a more sophisticated form of jamming, the cruder form of which is ubiquitous in the region. “They seemed to be aimed at denial of service rather than actual deception,” Humphreys went on to say that students and himself came to realize that spoofing is the new jamming. In other words, it is being used for denial of service because it’s more effective for that purpose than blunt jamming.” Ops Group is a subscription service website providing important information about navigation and safety issues to the aviation world (and anyone who wants to pay for it) and it is well respected for the vital service it provides