Nearly 70 years ago, the first artificial satellite was launched, and by 2012 there were 1,000 satellites orbiting the earth. Today, Global Navigation Satellite System (GNSS) technology and the Global Positioning Systems (GPS) receivers with which they communicate are commonplace. â©
The technologyâs precision and universal availability makes it ideal for a variety of uses, from fleet management to asset protection. But it is also a prime target for cyber attackers using RF interference, jamming and the deliberate counterfeiting of signals known as spoofing. But there are a number of ways in which to mitigate the risks, using routine assessments and tests, leveraging commercial laboratory test beds, and establishing international, industry-wide standards.â©
According to a market study by Navipedia1 (an initiative of the European Space Agency that serves as a source of general knowledge on GNSS topics), the global installed base of GNSS devices is estimated at 3.6 billion units ⦠a figure that is expected to climb to seven billion by 2019. GNSS is already used by critical infrastructure organisations such as utility providers, as well as by the financial and transport sectors to provide timing or positional data, and growth in emerging markets such as the Intelligent Transport sector will see GNSS data exploited for safety-critical applications. â©
The Navipedia study indicates that smartphones continue to be the predominate types of devices using GNSS technology, (3.08 billion in 2014), followed by devices for road applications (0.26 billion). Other GNSS-enabled devices include those employed by aviation, rail, maritime, agriculture, surveying, timing and synching.â©
Growing concernsâ©
There are growing concerns that jamming, and spoofing signals that can interfere with, or even take over GPS systems pose serious threats. In an InfoSec Institute report2 that detail the various security threats to satellite systems, jamming and GPS spoofing are listed as two of the top 10 threats.â©
Jamming is performed by transmitters emitting electromagnetic interference that blocks the reception of GPS broadcast signals. According to an October 2014 notice from the U.S. Federal Bureau of Investigationâs cyber division3, auto thieves sending stolen vehicles to China used GPS jammers to thwart tracking of the shipping containers. Cargo thieves in North Florida used GPS jammers to prevent tracking of a stolen refrigerated trailer. Or consider the trucker who decided to conceal his whereabouts and drive beyond his legal maximum number of hours by using a GPS jammer. Itâs a true story; fortunately the trucker was caught because his GPS jammer inadvertently jammed a nearby cell tower.â©
There are also inexpensive apps for tablets and smartphones that can be downloaded (after jailbreaking the operating system) that allow users to spoof a deviceâs location. While such apps canât fake GPS signals, they can manipulating the data supplied to applications on phones or tablets that require GPS position data.â©
Insidious threatâ©
To fake a GPS signal, a spoofing device interferes with a GPS receiver and tricks it into tracking counterfeit GPS signals. The InfoSec Institute report says GPS spoofing is one of the most insidious threats to GPS systems. The false GPS signals can fool receivers into thinking they are at a different location and could be used in the hijacking of drone or a vessel. However, effective spoofing devices are neither cheap nor easy to deploy, requiring more than a simple app to generate signals that are not immediately recognised as spurious. â©
For example, in 2013 a radio navigation research team from the University of Texas was able to coerce a 213-foot yacht off course using a custom-made GPS device (that reportedly cost $3,000 to make). The team had to board the yacht, by the way, and had the cooperation of the captain and crew. The researchers were this year invited by the U.S. Department of Homeland Security to perform a follow-up test by faking navigational signals to a GPS-guided vehicle.4 â©
Spoofing signals that guide ships or drones is of concern, but equally alarming is the growing reliance of everything - from power grids to financial trading systems - on precise timing data from navigation satellites. For example, every cell tower has its own GPS receiver to provide a super-accurate time signal for its own transmission purposes. And some financial high-speed trading systems are so time critical that they rely on GPS time data to determine precisely when trades were made. My view is that we are likely to see GPS spoofing emerging as a new form of critical infrastructure hacking. Imagine the potential impact of hacking a power network using GPS time spoofing, whether the effect is to alter or disrupt the flow of electricity, or even to mask abnormal activity on the grid.â©
Outsmarting the jammers and spoofersâ©
There are, of course, some obvious ways to detect if a ship is being spoofed onto an unwanted track. Apart from visually detecting an unplanned change of direction, GPS can be augmented with alternative positioning systems such as those that employ dead-reckoning or by an alternative position-fixing system such as eLORAN. Also of help would be the availability of a secondary multi-constellation, multi-frequency GNSS receiver.â©
Organisations should also routinely assess and test their GPS equipment so they understand how an attack affects their systems and how they might respond. Understanding the equipment and its ability to withstand or mitigate an attack is vital. Are their GPS receivers sufficiently robust to resist drive-by jammers? Will they output misleading data? One of the most dangerous effects of GPS jamming is that, as a jammer gets closer, some receivers will start outputting hazardously misleading information, such as incorrect positions or times that could lead to costly mistakes. If a receiver is jammed or spoofed, will it detect the attack and generate an alert?â©
Risk assessment should also be a priority. How likely is it that jamming would be encountered at a specific site or on a specific fleet? What is the likely frequency of jamming or spoofing events? What would be the impact of such events on the business in terms of lost hours of productivity?â©
There are also commercial, laboratory test beds emerging that incorporate simulators, monitors and computers with software designed expressly for GNSS testing and which include testing against possible spoofing attacks. These test beds could allow a large GNSS user or receiver manufacturer to establish how well their equipment performs and how vulnerable it is to attack. Similarly, such test beds enable device manufacturers to develop standardised tests against set criteria to improve the performance and reduce the vulnerability of their products. â©
There may eventually be industry-accepted criteria that will help users select the best GNSS equipment for their chosen applications based on its level of protection against jamming and spoofing. But one thingâs for sure: It isnât likely weâll see openly-published industry standards for GNSS test beds any time soon. That would be a gift to hackers! â©
Referencesâ©
1. http://www.navipedia.net/index.php/GNSS_Market_Report#Report_Overview â©
2. http://resources.infosecinstitute.com/hacking-satellite-look-up-to-the-sky/â©
3. https://info.publicintelligence.net/FBI-CargoThievesGPS.pdf â©
4. http://www.ae.utexas.edu/news/features/todd-humphreys-research-team-demonstrates-first-successful-gps-spoofing-of-uav â©
Guy Buesnel is Product Manager for the Positioning & Navigation Business Unit at Spirent Communications plc (www.spirent.com)