Slashdot Mirror
College Students Hijack $80 Million Yacht With GPS Signal Spoofing
colinneagle writes "A team of students at the University of Texas at Austin built and successfully tested a custom GPS spoofing device to remotely redirect an $80 million yacht onto a different route. The project was completed with the permission of the yacht's owners in the Mediterranean Sea this past June. Because the yacht's crew relies entirely on GPS signal for direction, the students were able to lead the yacht onto a different course without the knowledge of anyone on-board. The GPS spoofing device essentially over-powered all other GPS signals using until the spoofed signal was the only one that the yacht followed. The team then used the GPS spoofing device to convince the ship's crew to redirect onto a different route voluntarily. By changing the signal on the spoofing device, the students led the crew to believe that the ship was drifting off-course to the left. In response, the crew steered the ship to the right, thinking that it would get the ship back on course, when it actually brought the ship off the course entirely."
http://tech.slashdot.org/story/13/07/26/2344215/gps-spoofing-with-3000-worth-of-equipment-and-a-laptop
and that was a step up to the military ones.
Of course you can spoof wireless signals, that is why I ran cat6 to my GPS sats. Even if a solar EMP thing destroys the circuitry I can get a pretty good approximation from the slack in the cable.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
kinda like how the Asiana pilots should've learned basic flying skills and not rely on auto-throttle all the time.
Or like how our school districts want to buy an iPad for every student even though they can't read or memorize a basic multiplication table.
Right turn ahead to an dead end.
Now all we need is a stealth boat and we're all set to re-enact a Bond movie.
I saw a documentary about this involving the British Navy and a media tycoon.
I think we're going to be okay because this is illegal. It doesn't matter that it was done far away from Texas, US laws apply everywhere.
Care to cite some of these crimes, or are you just venting?
c++;
sure you can they clearly state the crew was unaware that its course was being altered by them, by that logic no controlled experiment can ever be considered a success
also this is a re-post from last week c'mon /. pay attention
It seems that it is basically the same technology to be used on a 700€ rowboat.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
Dangerous? It is not dangerous to redirect a yacht, provided you don't trick it into dangerous waters. Which they did not. The owner's permission means there were no problems with wasted time/fuel either.
And what crime? They disturbed only one ship - with the owner's permission. The gps frequencies may be protected in many jurisdictions - but not all. And then there are international waters where you can do such things anyway.
I'd imagine there's a difference between the owner and the crew when it's an 80 million dollar yacht...
They have the power to due stuff with out the owner saying so.
also this gps hack may of been braking some maritime laws as well.
We have seen that over reliance on GPS is a problem. I have lead astray following Google maps using GPS. Although I can imagine some applications in hijacking oil tankers and the like, I would hope that such vessels would have secondary systems.
I can see this as a countermeasure against drones.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Illegal? How do you figure? What country has jurisdiction? Dangerous only if they guided the yacht into unsafe waters. Completely relying on GPS is very unsafe.
Difficult to believe they committed so many dangerous crimes and are bragging about it
Care to name a few? Specifically?
Keep in mind they didn't physically disable the ship's controls, they just lied to it about its current location. The crew on board still had every possible means available to them to maneuver the ship away from any threats that may have appeared.
"permission from the owner" (who apparently was not even aboard) does nothing to mitigate this.
Of course it does! He, and only he, gets to decide where his boat should go next. And the very fact of his involvement mitigates most of your mythical "dangerous" argument, since presumably the owner wouldn't have let them redirect it over, say, a giant rock just below the surface. Or into pirate-filled Somalian waters. Or across national boundaries that might get them into a pissing contest with various countries over imaginary lines on the map.
Perhaps more to the point - You can't trust GPS to get you to your destination. Period. This story demonstrates an active attack on that, but the crew of any vehicle always needs to have a backup plan available at a moment's notice. If you really want to point fingers here, try the ship's navigator who somehow failed to notice that reality didn't match his charts.
Oh wait.
And spend the money on it BEFORE you install the jacuzzi.
Not a skipper, but I do fly. If I was on the bridge, at some point I would have noticed that the Magnetic compass heading was not matching the GPS heading.
There are many different GPS-like systems available now. Glonass is the Russian version and has been available for a long time. Also the EU has Galileo coming on line real soon now. Also heard about both China and India developing their own. Units that can rely on multiple sources would definitely be harder to spoof.
If you feared that you were under GPS spoof attack while using the GPS on your phone, you could fairly easily detect this by writing an app that compares the GPS heading with your magnetic heading.
That was the turning point of my life--I went from negative zero to positive zero.
Not only are (some) rooted people spoofing in the Ingress game, now you can do it with overriding the GPS signals.
I am sure the illegality of this would deter Somalian pirates from using it.
Not really, you can get quite far by learning to multiply by 2 and 10, divide by 2, and add and subtract. Learning the squares is quite useful, too. Not quite as quick as rote memorisation, but not everyone's suited to being a conformist drone. I got the highest grade going in my mathematics exams right up until college with such basic techniques.
I don't know about you, but I don't get many people stopping me on the street to demand I perform simple multiplication. Even if I did, I'd tell them to JFGI.
Being a computer scientist was probably half the problem - when you've been programming from age 5, it becomes abundantly clear that the how and why of mathematics are important, and not the mere implementation detail of arithmetic.
Please tell me what crimes were committed in INTERNATIONAL WATERS.
What earth laws? because no country has any jurisdiction at all so what laws you are thinking of are silly ramblings of an uneducated person.
Do not look at laser with remaining good eye.
Luckily, I don't have an $80 million yacht...
"He, and only he, gets to decide where his boat should go next. "
Wrong. 100% wrong. The owner has no say in it at all. the CAPTAIN of the boat does. In international waters the owner of that ship has no say what so ever. The captain has 100% say.
Do not look at laser with remaining good eye.
Perhaps more to the point - You can't trust GPS to get you to your destination. Period. This story demonstrates an active attack on that, but the crew of any vehicle always needs to have a backup plan available at a moment's notice. If you really want to point fingers here, try the ship's navigator who somehow failed to notice that reality didn't match his charts.
The scary bit is whether the navigator even knows how to read charts any more. Or do dead reckoning or celestial navigation.
The transportation industry is relying more and more on technology and less on human knowlege to get from point A to point B. GPS, Airline Autopilots and Instrument Landing Systems, train automation are all making significant in-roads to the point that the humans on board are just blindly trusting it.
I foresee the auto industry going in the same direction. I tease my kids that their kids will not know how to drive a car. Indeed my kids have never looked at a paper map.
Presumably the person doing the spoofing would be piloting blind since their GPS would be effected just as much as the target's GPS?
If so then it seems like GPS spoofing would be of limited usefulness unless you just wanted a ship or plane or whatever to get lost and expend all it's fuel in the process.
I think it's time for a revision to the L2C, L1C and L5 civilian GPS specifications. Right now all signals, if/when present (some are at demo stage only), transmit a default message with no navigational data. It seems to me that messages on those signals should use public cryptography techniques to verify the authenticity and integrity of navigational data. It is feasible to do so, since L2C, L5 and L1C all use a packetized format and to-spec receivers must ignore unknown packets. Thus a cryptographic signature packet can be added in a fully backwards-compatible fashion. Properly done, this prevents spoofing of the navigational data, including preventing replay attacks. It should be sufficient to pretty much end spoofing once and for all.
A successful API design takes a mixture of software design and pedagogy.
http://www.nbcbayarea.com/news/local/FAA-Tells-Foreign-Pilots-to-Use-GPS-When-Landing-at-SFO-217338431.html
Is there any technical details on the yachts gear? Were they using RAIM?
The captain has 100% say.
And what the captain says usually agrees with what the owner wants, if the captain wants to keep his job.
In fact there are limits on what the captain can do with the ship without the owner's authorization.
Lends a whole new meaning to the term computer piracy. Yarr.
Hoist Number One and Number Six.
Just the basic compass. So you may see the "real" heading.
Please tell me what crimes were committed in INTERNATIONAL WATERS.
I don't know exactly how this spoofing was carried out so none of this may be applicable. From what I understand if you were broadcasting a harmful radio signal in international waters then a ship from a nation harmed by your signal does have jurisdiction according to what I remember of the UN law of the seas convention.
If the answer is yes then the students' device may be a useful countermeasure. Other munitions and military airplanes may also be guided by GPS. I would guess there's some kind of encryption in military applications, but not sure. Imagine a shooting war using GPS guided military things and the opposition had one of these countermeasure devices and sent the munitions back to where they came from. So much for high tech guidance of military equipment.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Any helmsman worth his salt would have noticed a change in the direction of the swell, the sun, moon, stars, compass, so I would say the crew was not standing a good watch if they weren't properly observing their environment.
Not a GPS expert, but I do know a little bit about crypto. :-) I assume GPS is broadcast, not a unicast / synchronous protocol.
I am not sure if this is a solution, unless you can be sure that the receiver doesn't receive the original signals. A spoof attack is really just replying the signals with different timing or direction, right? The signal *would* be authentic, just would be delayed or or from a different angle. (Think single time replay.) The problem here is that the element you care about -- the timing data of the signal itself -- wouldn't actually be protected by the key itself, since the data is based on local observation.
(This all assumes the attack relies on replying identical signals with offset timing, not modifying timestamp data in the signals themselves.)
I think if I were designing a system for use by the military, I'd reverse the direction -- i.e. have the groundstation send up an inquiry, and have the response come back *with* the timing data for the requester. Combine this with public key crypto, and its fairly unbreakable. Unfortunately, it would require strong transmitters, and wouldn't scale terribly well, since every such unit would require a satellite uplink. But, if you're designing for the military -- or perhaps even civil aviation, its the way to go.
Btw, for civil uses, the use of ground stations (lots of them -- perhaps at each cell tower) would do a long way to address the scalability considerations for a request/response system.
Man given wrong map goes to wrong place. Full story at 11.
GPS spoofing is interesting, sure. But it ain't new, and the application here isn't exactly a mind-blowing revelation of the technique's potential...
I think it's time for a revision to the L2C, L1C and L5 civilian GPS specifications. ...
It seems to me that messages on those signals should use public cryptography techniques to verify the authenticity and integrity of navigational data.
It should be sufficient to pretty much end spoofing once and for all.
You don't need to be able to generate false signals to defeat GPS. Fixes are based on time of flight of signals. Simply altering propogation delay is sufficient.
FTA:
There is no portion of the Mediterranean Sea that is consider "high seas" or outside of a national jurisdiction. Pollution policy is dictated by the Barcelona Convention. The GPS spoof may violate the laws covering wireless communications of the nation that claims the region in which the vessel was operating.
The fact that the owner of the vessel gave permission is immaterial since the master of the vessel is legally responsible for the operations of the vessel.
So that's how they get all those pilgrims to Mecca... they have a network of massively powered GPS transmitters around the world that try to redirect everyone to Saudi Arabia.
Explains why you hear those stories about people getting directed to drive into bodies of water.
What earth laws? because no country has any jurisdiction at all so what laws you are thinking of are silly ramblings of an uneducated person.
Pot, meet kettle. The waters are international, the ships are the territory of the flag they're sailing under and the flag state laws apply. This is for example true for all crimes committed on board, but also the usual rules of "What if you stand on the Canadian/Mexican border and shoot someone in the US?", short answer they'll need to extradite you but you'll be trialed under US law. Same thing if you shoot at a vessel under US flag in international waters and kill someone, you just committed a crime under US jurisdiction. If disrupting the GPS signal is illegal in the US mainland it's probably illegal to do the same to a vessel under US flag, unless the regulations specifically limit themselves to US territorial waters or restricts itself to regulating broadcasters in US territory, not signals received - a small but crucial distinction in such "border" disputes.
Live today, because you never know what tomorrow brings
Why is that? If the crew were under orders to stay on a course, and this test was able to cause the crew to change course while attempting to stay on their intended course, and even to believe they were following that course.... then I would say they were redirected. Consensually redirected but, its clear, they were not in control.
"I opened my eyes, and everything went dark again"
And then there are international waters where you can do such things anyway.
Um, if the ship was flagged in the US, I believe that the FCC still has a say about what goes on even in international waters. At the very least the ITU might think it has some jurisdiction over the jamming/changing of GPS frequencies. Nobody may care, but they could legally do something if they did.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I'd call it something else. Reliance on GPS alone is more than just unsafe, it's foolish and stupid.
I thought that ships "captains" where licensed, and as part of that was a demonstration of basic navigation techniques using maps, a watch, sextant and some charts. Consider even your EYES as a navigation tool if you are following a series of markers out of port.
Hooking up the auto pilot to the GPS and hitting "go" while you head off to the aft deck for a party is just plain dumb.... Trusting your GPS to get you someplace and not having any other way to figure out where you are is going to get you shipwrecked eventually.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Ground breaking..
I tease my kids that their kids will not know how to drive a car. .
Yep, bet they have never seen a manual transmission too.
You know the best theft protection these days is a clutch..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Nor were they intended to be in control. If I'm driving a car and no one told you, and let you believe you were driving the car, that isn't me misdirecting the vehicle, It's you being ignorant of who is in control. The yacht was going on its intended course controled by the people who were given control. The crew were just patsies pressing
buttons and turning wheels.
If you have control of the vehicle, you can't misdirect it is my point. Just because their control was obfuscated doesn't mean misdirection.
Probably would have been clearer if I decided to make my stand on the word 'hijack' instead.
"Cowardice in a race, as in an individual, is the unpardonable sin." --Teddy Roosevelt
Wrong. 100% wrong. The owner has no say in it at all. the CAPTAIN of the boat does. In international waters the owner of that ship has no say what so ever. The captain has 100% say.
You've seen a few too many cheesy movies.
In theory, that sounds great - Only the captain knows the real conditions affecting his vessel at any given moment; and it romantically hearkens back to an era when they didn't have things like "global weather reports" at least reasonably accurate for the next few hours.
In practice, try it today (in the absence of a life-threatening emergency) and see how long you remain a free man. Or since that won't happen (since we both count as arm-chair braggarts, ARRR!), show me case law where a captain, with no good reason, decided to go somewhere else, the owner pressed charges, and the court found the captain not guilty by reason of the-captain-can-do-whatever-the-hell-he-wants.
Fat chance trying such a trick with Long John Silver aboard!
>I think it's time for a revision to the L2C, L1C and L5 civilian GPS specifications.
Sure, all that will take is replacing the entire GPS satellite constellation. Hope you have a few hundred billion dollars of money just laying around..
Regarding the sextant; it's not really used any longer. It's like a slide rule, it's a niche thing that a small group still make use of, but most just don't bother to learn let alone make use of.
I tease my kids that their kids will not know how to drive a car. .
Yep, bet they have never seen a manual transmission too.
You know the best theft protection these days is a clutch..
That's pretty region-specific... mainly North America, where manuals made up only 7% of sales in early 2012. And anyone targeting cars specifically would know how to drive stick, unlike say robbers trying to commandeer a running car as part of their escape (happened locally a few years ago).
I come fer yer booty!! And if ye be trying to steer clear of me piratey waters, Aye'll call the GPS sirens on ye!!
Iran hijacked a US drone back in 2011 doing this
kinda off topic but...does any one still use LOng RAnge Navigation? http://www.loran.org/
Just asking.
The US Navy stopped teaching it a few years ago.
Yes, the crew followed the GPS, like good little auomatons. But being a sailor, especially a navigator or quartermaster is more than just reading a GPS.
If the bridge crew is not competent enough to read a compass nor experienced enough to look at the sky and realize that something was wrong, they shouldn't be entrusted to control anything more experienced than a dinghy. There's this really cool gadget that, with a little work, tells you almost exactly where you are at. It's called a sextant. Put that together with a decent clock and there's no reason to be sailing in the wrong direction.
If you intend to venture out beyond sight of land, you really should take some means of navigation along. My minimum navigation equipment would depend on how far I was planning to go, but it would start with a compass, a watch and maps of the local coast. If you are crossing the ocean, you need to take along more and a sextant is a good idea.
Personally, I think that it would be good practice to require that mariners crossing international waters be required to fix their positions using non-electronic means every few hours and then explain any differences between what the GPS says and what they observed. It's also a good idea to plot these positions on a paper map, just because you never know when the GPS is going to die and you will get left trying to find your way home.
But you can't fix stupid.... Folks are free to run out to international waters in a row boat without life jackets in the middle of a tropical storm. Just like they are free to depend on a battery operated electronic device as their sole means of navigation.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I wonder how many folks have actually driven a manual transmission if they only make up 7% of sales. My guess is that the younger the driver is, the less likely they are to have actually driven one.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Let's take look at these so-called "nations".
Spain - busy torturing cows, otherwise asleep.
France - on strike.
Italy - might as well be on strike or asleep, it's difficult to tell.
Greece - Same as Italy, alternating with riots.
Israel - not interested unless there's some profit in it. Don't get mistaken for an aid convoy, though.
Entire Southern coast - Same as Greece, but with guns & tanks.
Did I miss anyone?
Unless they got too close to Cyprus or Gibraltar I think they've nothing to fear.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The GPS satellites are dumb relays with local timebases, roughly speaking. You don't need to modify anything on the satellites to transmit arbitrary NAV data. The changes are to the ground segment software only.
A successful API design takes a mixture of software design and pedagogy.
Except that when you're seeing more than the minimum amount of satellites, there are simple feasibility checks that will trigger if you push the target too far off. In open space, like on sea, you can detect such spoofing if it's off by merely 50m or so. Remember that the ephemerides tell you where the satellites are supposed to be at any time. If you've got redundant signals, like you most often do, there are no solutions to changes in the signals that will still be self-consistent, IIRC. Some solutions, if they exist, put you at some spot very far from the original position, a spot you have no control over.
A successful API design takes a mixture of software design and pedagogy.
Due to the rather arbitrary phasing of the satellites, replay attacks are pretty much infeasible. Even if they were feasible, GPS receivers know what the time is - they have pretty decent timebases. Time rolling back is a big no-no. If you've got your timebase synced up to crypto-validated time source "up there", the time won't ever roll back. Even "tiny" rollbacks, just a few ms worth, are not only detectable, but can't happen with the real GPS system. If you detect it, it only will due to spoofing or serious problems with the infrastructure - that's when you have to turn off the receiver's position output, if it's not a hybrid receiver with an IMU.
A successful API design takes a mixture of software design and pedagogy.
Also remember that whatever position fix you get automatically validates the location of satellites in space, especially once you've got more than the minimum number of satellites needed for a fix. Since the receivers would keep unspoofable ephemerides, you can't really make the satellites "appear" to be somewhere else. The most you could spoof things is within a rather narrow position window, +/-100m or so.
A successful API design takes a mixture of software design and pedagogy.
I sure hope they have gps in safety boats.
The article notes that in that particular quarter, manual sales actually increased from the usual 3-4%. I bought one myself 5 years ago... when I drove it off the lot I'd driven stick only 4 times (2 recent lessons, 2 test drives).
I'm sure you're right that the younger the driver is in North America, the less likely they know how to drive stick, but I'd say the percentage of North Americans who know how is around 10-15%, since there are many who for whatever reason (family, etc) just drive auto at the moment. Anecdotally, about 1/3 of my friends and family know how, too.
Pah! Astrolabe and a cross-staff. Home-made. If we were lucky.
You kids today...
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
It's just software. And no, you don't need an entirely new satellite just to update the software. These things are maintained regularly. It could be patched, much as the Mars rovers get patches.