Slashdot Mirror
GPS Spoofing With $3000 Worth of Equipment and a Laptop
First time accepted submitter svartbjorn writes "Todd Humphreys and a team from the University of Texas proved the concept that a terrorist could take over the navigation of a ship or even a plane, making it appear to the crew that the ship was moving along a straight line course when in fact it was changing course under the control of the device. This raises some serious issues for this being used for terrorist purposes."
the feds will require all laptops to be registered and have a remote kill switch installed. Can't let the terrorists win!!
"To stop the terrorists."
terrorists could do this, terrorists could do that, they can KILL YOU in so many ways! Run for your lives! Or better yet, submit to your federal overlords via TSA DHS who will keep you safe!
Actually no, fuck the terrorists, they're third world noobs living in mud huts and the best they could do in 12 years of trying realyl hard is to hijack a few planes with knives. You have more to fear from your own government than any terrorist.
Over and out
This is why ships still have gyros. GPS is too handy not to use, but I'm pretty sure most large oceangoing vessels also have navigation gyros. The question then is, what happens when GPS gets spoofed...does the system/crew assume the GPS is broken or the gyro broken?
A kid with a laser pointer is not a terrorist but seems to not understand the extreme danger man !! Put this same kid in the plane and he still won't !! The king is dead !! And no I do not expect the self-called Mythbusters to get to the bottom of this, or anything, anymore !!
They already did this trick to snag an american drone. Old news.
Are you saying that those other countries that claim to have done this exact same thing might have actually done what they said they did?
Why would the United States Government lie to us about something like that?
Imagine what terrorists could do with a knife!
Hint - 9/11
Meanwhile, the government IS, admittedly, tracking of your phone calls and emails. Have you called your Congressman yet? Posted on their Facebook page?
If Iran's claim is true they took control and captured a US drone by spoofing GPS signals: https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident
What they don't say is whether he is spoofing the CA signal, which is publically known and documented, the P signal, which is encrypted, and best I can recall, is not publically known, or the WAIS signal, which I have no bleeping idea.
Created, managed, controlled, dictated, and fostered by the CIA
All terrorist acts are inside jobs my friends, as was 9/11.
http://www.ae911truth.org/
As for the "serious concerns about terrorism" , you should be asking your congress people who the real terrorists are.
Old news. If you want a less sensationalistic, more technical discussion of how this is done, see this article http://www.gpsworld.com/drone-hack/.
In brief:
1) Yes, it's possible but there are a lot of issues that make it less than practical
2) It's a non-issue for military positioning systems, which use encrypted, time-stamped signals.
3) Experts are already aware of the problem and are working on solutions.
I'm so sick about the high-tech terrorist straw man. Let's be honest, the first to use technology like that, probably against their own population, are our governments.
Terrorist don't use cyberweapons of mass destruction, three letter agencies do.
Had a party, left my black Book of inventions that should never be built out on the coffee table..
And some escaped.. good luck with that, plenty more where that came from.
Say goodbye to your laptop onboard :)
problem fixed \o/
There's a reason the encryption on the P(Y) signal is part of a system called "anti-spoofing". The potential to spoof the C/A code was understood from the beginning, and it getting cheaper is expected as well.
How close were they? Sounds like they were on the ship. Can this attack be performed by technologically unskilled "terrorists" from a distance or might the captain get suspicious of the small ship following at less than 100 meters. Or will the pirates have to board the ship to do this. Just because it can be done by highly educated professional researchers who do nothing but try to find ways to do this does not mean terrorists can do it. Yes the Iranians did it with a drone but do we know exactly how they did it, did they have to fly in close proximity to it? Or build a network of vastly overpowered GPS ground stations to overpower the satellite signals?
I'm too lazy to compose a creative sig.
These clowns have no clue about how real navigation SYSTEMS, like the ones I work on, work. I'm not going to give these idiots what they need, but to put it very simply: we specifically verify, as part of our development testing, that messing with the GPS signals will not cause any problems. When lives depend upon the SYSTEMS you develop, you do not make them vulnerable to the sort of amateur-hour sensationalist "experiments" of twerps like these guys (who, if they REALLY knew how to do this stuff, would be DOING and not TEACHING). What they are doing is good for PR, great for scaring the public into demanding new laws, and probably a good way to get papers published and more research grant money... but they are not keeping anybody I know in the industry from sleeping well at night.... of course WE know exactly how our stuff works and how it will react to various events. NOTE: they are "spoofing" GPS systems (not the complete navigation systems) on a commercial ship and on a model airplane (not an actual "drone") .... ooooooooohhhhhh, SO scary!
This sounds like the plot from https://en.wikipedia.org/wiki/Tomorrow_Never_Dies, but with less sexy spies and less stealth ships.
Wired had a good article that explains the reasons why their claim is probably false
http://www.wired.com/dangerroom/2011/12/iran-drone-hack-gps/
a terrorist could take over the navigation of a ship or even a plane,
Put a few dozen of these between LA and Long Beach and you can create traffic jams that will cripple a fundamental portion of the manufacturing supply chain to the US by sending tourists and GPS addicted drivers to the wrong off ramps, causing them to get back on, thereby blocking access to the main arterials and causing miles of gridlock and congestion preventing vital shipment from getting to and from the Ports in a timely manner. And just how long would it take for the DoT or local authorities to realize that a week long Carmageddon was maliciously manufactured?
Awesome, we can make James Bond movies happen!
They can spoof the GPS position which plots on a navigational map, but if the ship is not moving in a straight line that means the rudder (or steerable propulsion pods) need to move, which have their own indicators. If the steering is locked to a wheel, the ship will not turn unless that wheel turns.
I have a nav pac with an hp-41cv, along with a bunch of handwritten ocean seafaring notes in the manual
I'll take that over your new fangled gps stuff any day.
I wonder who j hazelwood was
Fuck you and your "terrorist" bullshit.
Sincerely,
The Rest Of The World ("that place beyond your country borders")
=================
Seriously, I'm getting tired of this crap. I guess I should expect nothing less from Fox News. It's unbelievable- someone finds an exploit in some existing system, and suddenly the entire thing is tied to terrorism. Why? What does that add to the story? Nothing of value from my point of view. It seems like mindless scaremongering, and frankly the frequency at which stories like this occur is quite alarming. It's almost as if the American public has been conditioned towards the word "terrorism", and they expect to hear it as some sort of indication that the government or some random agency is doing its job or something.
Gimme a break. "I'm not about to claim otherwise, but the evidence is actually pretty thin..." gets modded as "flamebait"???
I just love how there are still people who mod people down for telling the truth, just because it's not politically correct. I thought the "politically correct" fad died out more than 5 years ago.
There is this strange device called a...what was it a gain...oh a compass. The cool device that relies on something pretty hard to spoof, Earth's magnetic field as I remember. Ships and airplanes still carry a compass on board (well I know airplanes do) as backup to all that electronic stuff, because every now and then the power goes out and pilots are trained to fly and navigate by compass. They also cross check (or they should) the modern equipment with the analog to validate the primary instruments.
Just because someone says they can do something does not mean its really viable or will work well. Still waiting on flying cars, long lasting batteries, and fusion power plants so this type of drama news is not even close to registering on the danger meter.
Life is a great ride, the vehicle doesn't matter
Didn't this kind of thing happen in that James Bond film, Tomorrow Never Dies?
and Obama and the DoD didn't do a damn thing about it.
It's called the P/Y code and it's cryptographically secure (sort of).
These jamming/spoofing attacks would generally not work in aircraft situations, because of internal cross checks. A big ship would have similar.
A small boat (50 ft sort of thing) with a consumer GPS hooked up to the autopilot? Yeah, I'd believe you could spoof it, because it relies on a human as the safety measure. Hmm, GPS says heading 90 degrees, but the compass says we're heading 0? Something is wrong.
Only if the captain never looks at the compass or the position of the helm.
If the ship's master is willing to let the ship be guided only by GPS with no cross checks, then he deserves what he or she gets.
This is, in concept, no different than those stories of people driving into parks by blindly following their GPS instructions.
We have gps, gyro's , accelerometers, magnetometers in our Cell phones.
It would seem anyone serious would use GPU in conjuction with Inertial sensors and also include maybe a 180 Sky view to check the sun or stars positions and LORAN, VAR and VOR as well as shortwave, commercial terrestrial TV and Radio broadcast strength, phase, call signs which could also provide decent navigation information.
In addition there are navigation units that combine GPS and GLONASS the Russian version to gain better accuracy and reliability.
http://www.qualcomm.com/media/blog/2011/12/15/gps-and-glonass-dual-core-location-your-phone
There is also IRNSS: India, Galileo: EU and Compass: China.
Lastly if on land, I think Google is also using Wifi MAC addresses which should in theory be unique although some low end vendors reuse them or just make them up.
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
To say that I didn't know this was possible until now would be far from the truth.
As an avid Air Crash Investigation fan, both my wife and myself watch this show on a regular basis. I surmised this was possible a number of years ago. I also thought the concept of spoofing transponders on Cars when we eventually started adapting this technology to Cars was also going to pose similar issues as well and funnily enough it was something that did make the news (don't remember the article now but it did make Slashdot) but was done so to trump autonomous driving, for whatever political agenda.
In all honesty, there is NO WAY to step around this problem unless you get rid of autonomous driving/piloting all together. Because of some simple facts
a) You can't tokenise any form of communication because it then deems the process unreliable
b) You can't encrypt it for the same reason
c) You can't in anyway make it COMPLICATED again for the same reason
d) You can't get rid of it because it makes flying unsafe.
e) It's a security hole that cannot be patched, fixed or resolved. Period.
Also the fact that this is a pretty common and is a widespread issue, which only really just made POC now is an absolute joke.
Don't know about ships or drones, but in airplanes the GPS only provide part of the picture. Navigation in airplanes require at least 2 (different) means of assessing position (radio beacon (NDB), GPS/VOR/Tacan/MLS/ILS/Radar/Compass/map/Etc). As those means are always cross checked against each others, a malfunctioning/corrupted GPS would be found relatively quickly.
All captains exclusively used the new and already obsolete GPS system exclusively for navigation...that'd be even scarier!
Even true things, once said on Fox News, become lies.
What about the children?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
And he has the right to give on the spot death sentences
1. Not Homosexual
2. Never been beat up
3. Insufferable and arrogant? No... but very tired of headline-hungry jerks pushing sensationalized "demonstrations" of the supposed weaknesses of various technologies to gullible journalists (who fail to display the proper fact-checking skills and skepticism that used to be expected of journalists) which can then lead to new laws/regulations getting written by idiot lawyers and their "expert" staff members and lobbyists that make things in technical fields just that much more annoying... all for no actual benefit. Did I take an insulting tone relative to these guys? Sure. They ran to the press screaming the sky was falling and claiming to have unearthed a terrible danger which only they could see (and those of us who have been using GPS in nav systems for years are presumably too stupid to know) ... like the morons who surface every few years to frighten "soccer moms" about arsenic in apple juice (Hint: arsenic occurs naturally in apple seeds, which get squished as apples are juiced and which is at such low levels it has never provably harmed anybody) and such people deserve disdain.
Your obnoxious homophobic reply leads me to suspect you were one of the idiots involved...
"Don't worry, they can figure it out just fine without your vast and impressive knowledge."
Apparently not. Sorry, but this should have been obvious to you....think about it....
And, no, I never claimed to have any "vast and impressive knowledge"... I am ALWAYS learning new things... but apparently I, and many others in the field do indeed have more knowledge and experience in how our systems work than these guys do. Odd that you seem to think people not involved in a technical matter know more than those who are.
"something pretty hard to spoof, Earth's magnetic field" - Obviously you have never been near a compass with an ordinary screwdriver...
Our navy still uses the stars and physical maps to triple check navigation.
Don't worry, 007 is on his way :)
This possibility has been known since a long time.
However the scope is limited by the fact that GPS signals are wea and have a similar power everywhere, which implies that you (sitting on the gorund and beign subject to a 1/r^2 law in the power somebody reseives from you have to be close to the attack target (unless you want to set of everything, including the differential GPS stations) or use a very directed beam (difficult in real life).
It also meant that the vessel you want to control has no other means of navigation (not true for planes).
So, yes, it is a possibility to attack a ship/plane, but not an easy one.
Our company is developing and producing some GPS based hardware (GPS GNSS OBUs). Even so I'm working in a different group, not involved in design/support of these, back in 2007 we had internal courses for R&D employes that was presented by a professor who is considered to be one of the leading authorities in design of GPS (unfortunately I don't remember his name right now). One of the thing that was said on these courses was that GPS spoofing is a problem that isn't possible to prevent by means of cryptography. Here is explanation why: Let say you have two directional antennas:
- the first antenna receives GPS satellite signal
- and second is retransmitting the same signal with higher effect in the direction of GPS receiver you want to spoof.
The only thing is required to spoof positioning of GPS receiver is to put a few microseconds delay in retransmitted signal. Having higher output effect from spoofing antenna can make original satellite signal to be completely invisible for spoofed GPS receiver (satellite signal is rather weak, so it would not be any problem in achieving this). The position is calculated by time difference between timestamped signals received from different satellites visible to GPS receiver. So, the satellite and receiver can encrypt and sign the signal whatever they want. But for as long as adversary is able to receive satellite signal and retransmit exact same signal with few microseconds delay, with higher effect - spoofing of GPS receiver is a done deal.
I looked into this a couple years back. He is correct.
If you like speeding tickets, click here"
Although I guess you could teleport a whole army of spoofers around with this.
My rights don't need management.
I've been sailing for 55 years. In my previous job, a few years back, I spent several years writing software for GPS tracking devices. I don't, and won't rely on GPS for navigation. Which is not to say I don't think it's cool, just that I'm not eager to trust my life to it, and see no need to do that either.
There is a story I read somewhere about a cruising couple. If either of them doubted the position the other had arrived at, they stopped dead and went nowhere until they agreed on what their true location was.
I think it raises some serious issues for being used at all by anyone. Not just terrorists.
The eternal struggle of good vs. evil begins within one's self.
So why did they have it posted online, when it could be used for terrorist purposes. Didn't Osama Bin Laden have a valid internet connection? well so do most others so they have probably look up spoofing now and are learning how to do this. Thank you the IDIOT who posted this.
"This raises some serious issues for this being used for terrorist purposes."
Also, much more importantly, I can see the lightbulbs going off in the scriptwriting room for the Die Hard series from here.