Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Transportation

Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks (vice.com) 183

An anonymous reader quotes a report from Motherboard: Commercial air crews are reporting something "unthinkable" in the skies above the Middle East: novel "spoofing" attacks have caused navigation systems to fail in dozens of incidents since September. In late September, multiple commercial flights near Iran went astray after navigation systems went blind. The planes first received spoofed GPS signals, meaning signals designed to fool planes' systems into thinking they are flying miles away from their real location. One of the aircraft almost flew into Iranian airspace without permission. Since then, air crews discussing the problem online have said it's only gotten worse, and experts are racing to establish who is behind it.

OPSGROUP, an international group of pilots and flight technicians, sounded the alarm about the incidents in September and began to collect data to share with its members and the public. According to OPSGROUP, multiple commercial aircraft in the Middle Eastern region have lost the ability to navigate after receiving spoofed navigation signals for months. And it's not just GPS -- fallback navigation systems are also corrupted, resulting in total failure. According to OPSGROUP, the activity is centered in three regions: Baghdad, Cairo, and Tel Aviv. The group has tracked more than 50 incidents in the last five weeks, the group said in a November update, and identified three new and distinct kinds of navigation spoofing incidents, with two arising since the initial reports in September.

While GPS spoofing is not new, the specific vector of these new attacks was previously "unthinkable," according to OPSGROUP, which described them as exposing a "fundamental flaw in avionics design." The spoofing corrupts the Inertial Reference System, a piece of equipment often described as the "brain" of an aircraft that uses gyroscopes, accelerometers, and other tech to help planes navigate. One expert Motherboard spoke to said this was "highly significant." "This immediately sounds unthinkable," OPSGROUP said in its public post about the incidents. "The IRS (Inertial Reference System) should be a standalone system, unable to be spoofed. The idea that we could lose all on-board nav capability, and have to ask [air traffic control] for our position and request a heading, makes little sense at first glance" especially for state of the art aircraft with the latest avionics. However, multiple reports confirm that this has happened." [...] There is currently no solution to this problem, with its potentially disastrous effects and unclear cause. According to OPSGROUP's November update, "The industry has been slow to come to terms with the issue, leaving flight crews alone to find ways of detecting and mitigating GPS spoofing." If air crews do realize that something is amiss, Humphreys said, their only recourse is to depend on air traffic control.

This discussion has been archived. No new comments can be posted.

Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks

Comments Filter:
  • I assume they meant that IRS is subject to drift - and recalibrates from GPS, with the assumption that GPS may become unavailable, but is (assumed) reliable if present? They also didnâ(TM)t describe the nature of this attack - is it just a delayed/replay attack of/from an otherwise valid GPS signal?
    • by ffkom ( 3519199 )
      I would not be surprised if some manufacturers decided that they could cut costs by making the IRS less precise on its own, assuming that recalibration via GPS will render this invisible to the customers. Like those radio-controlled clocks that include only a terribly inaccurate clockwork to bridge the times between radio contacts.
      • Re:Specifics? (Score:5, Interesting)

        by tsqr ( 808554 ) on Monday November 20, 2023 @07:06PM (#64019943)

        I would not be surprised if some manufacturers decided that they could cut costs by making the IRS less precise on its own, assuming that recalibration via GPS will render this invisible to the customers.

        Highly unlikely. These inertial systems are typically able to navigate within less than half a mile per hour without GPS, and they're designed to stop using GPS updates if the GPS solution diverges too far from the free inertial solution. Acceptance testing verifies the free inertial performance of each IRS; if the manufacturer is dry-labbing that, they are in for a lot of heartache.

    • by ceoyoyo ( 59147 )

      It's possible there's some kind of crosstalk between the inertial navigation system and the GPS, but there's a good chance some pilots just resynched their INS when they shoud have been more skeptical of the GPS location they were getting.

  • by FeelGood314 ( 2516288 ) on Monday November 20, 2023 @06:32PM (#64019849)
    https://en.wikipedia.org/wiki/... [wikipedia.org]
    The old inertial guidance systems where very hard to program and worse often lacked anyway to verify that they had been correctly programmed until after the plane took off. I seriously hope the interface isn't still this terrible but I have a feeling it might still be and someone's solution was to periodically set the inertial system with the GPS location making the back up dependent on the primary. I would love to know how this got through testing and certification.
    • by tsqr ( 808554 ) on Monday November 20, 2023 @07:16PM (#64019961)

      I'm guessing that by "hard to program" you mean the interface for entering pre-flight position and waypoints was clumsy and error-prone. But a large error in the entered position would make it impossible for the system to gyrocompass accurately enough to align properly and light the "ok to takeoff" light.

      KAL007 was in 1983, 13 years before GPS became fully operational. The inertial systems in use then weren't capable of being tightly damped by GPS. Modern system don't use hand-entered waypoints; they have mission computers equipped with databases containing all the routes they fly, and they get pre-flight position for GPS. And again, if that position isn't correct, the system won't align.

  • by Guspaz ( 556486 ) on Monday November 20, 2023 @06:34PM (#64019853)

    Aircraft have the advantage of being in the sky and thus having no obstructions to the satellites. Why isn't their antenna simply mounted on top of the aircraft with a hemispherical pickup pattern (AKA shield the antenna from anything below it) such that it can't receive any spoofed signals from the ground? I assume that GPS isn't being spoofed by other satellites.

    • by CAIMLAS ( 41445 )

      There are a lot of satellites in space. What's to say the signal isn't coming from space - perhaps even from official GPS sats?

      A ground based attack makes the most sense, until you consider the very large area they'd have to cover, horizon problems, and how relatively easy it would be to triangulate on a ground-based GPS signal.

      • Re: (Score:2, Interesting)

        by MacMann ( 7518492 )

        There are a lot of satellites in space. What's to say the signal isn't coming from space - perhaps even from official GPS sats?

        There is more than one kind of "official" GPS so that could be possible. When people hear "GPS" they most often think of the Navstar system run by the USA, but there's GPS from other sources including Russia and China who might not be above messing with navigation in the region. I doubt GPS run by the USA, Japan, or EU would intentionally corrupt their satellite navigation aids. They rely on these systems for their own navigation, and if there's anyone that finds out that the GPS system has been corrupte

        • by LamboAlpha ( 840950 ) on Monday November 20, 2023 @08:45PM (#64020135)
          Technically, there is only one GPS, United States GPS (Global Positioning System).

          However, there is more than one GNSS (global navigation satellite system). Several other countries have GNSS system, include Russia: GLONASS (Russian: Global Navigation Satellite System), China: BeiDou (Northern Dipper Star Navigation System), or European Union: Galileo. Additionally, there are augmentation systems that use GPS (or other GNSS) to increase accuracy in a given area. For example, US: WAAS (Wide Area Augmentation System), Japan: QZSS (Quasi-Zenith Satellite System), IRNSS (Indian Regional Navigation Satellite System). There are other regional, country and even commercial augmentation systems. Furthermore: Most GPS receivers are really GNSS receivers and can receive signal from one or more systems simultaneously. Random fact: More advanced receivers can be configured for select GNSS, augmentations system, or even miliary (or authorized user) bands for increase accuracy. Another random fact: Some receivers don’t work over a given speed to prevent their use in miliary applications.
          • There is more than one kind of "official" GPS so that could be possible.

            Technically, there is only one GPS, United States GPS (Global Positioning System).

            I was going to mention something along the same lines. But I think the post you're responding to isn't considering successful forgeries (hence, the historical meaning of the word 'spoof') of the radio transmissions that are GPS. Meaning, for example, a Russian satellite transmitting a faked + maliciously erroneous GPS signal, rather than simply a maliciously erroneous GLONASS signal. I think some prevention could be in order (ie, gps authentication). But if someone's broadcasting spoofed gps with enough pow

            • by _merlin ( 160982 )

              GPS spoofing is usually done with ground-based (or sea-based) transmitters. In this case, it's pretty clear Israel is doing it. They've even admitted it.

        • I think IFR certified avionics listens only to Navstar (US DoD GPS), not Galileo (EU), Baidu (China), or Glonass (Russia).

          Because the FAA doesn't trust them furriners.

          Your phone isn't so restricted - modern phones listen to all 4 networks. And if one of them gives a wildly different position/velocity than the others, you know somebody is spoofing.

          So, ironically, it's possible that the pilots' phones know where the plane is, while the plane's avionics don't.

          • It's too bad they can't turn on their phones during flight, cause that will cause their nav systems to go haywire...

            • by cstacy ( 534252 )

              It's too bad they can't turn on their phones during flight, cause that will cause their nav systems to go haywire...

              Nav system will work fine, but the copilot's chair will begin spinning, Otto may inflate, ice cubes will fly out of the toilets, and ATC will become unintelligible ("Pan-Am 376 fly heading 270 and pray to J, do the same-ol', same-ol'. I take TCBin', man! Maintain Flight level 170 vectors to see a broad to get dat booty act'ion...lay her down, or smack 'em, yak 'em!")

          • FAA is not the sole certification authority for aviation and there are actually significant differences between the requirements of FAA and, say, EASA.

        • by cstacy ( 534252 )

          I doubt GPS run by the USA, Japan, or EU would intentionally corrupt their satellite navigation aids.

          GPS is designed for intentional degradation of accuracy, and that feature is controlled by the US military. However, since there are other global nav satellite systems from other countries that your adversary can use, a better idea is to interfere with the signals. The military practices doing this all the time (at least once a month in the US.) I assume they practice not only interfering, but the recognition that the attack is happening, and practice the mitigations. This war game is not a simulation - t

        • There is more than one kind of "official" GPS so that could be possible. When people hear "GPS" they most often think of the Navstar system run by the USA, but there's GPS from other sources including Russia and China who might not be above messing with navigation in the region. I doubt GPS run by the USA, Japan, or EU would intentionally corrupt their satellite navigation aids. They rely on these systems for their own navigation, and if there's anyone that finds out that the GPS system has been corrupted then that puts trust in the system at risk.

          Look up "Selective Availability". Corrupting the GPS quality for civilian users while keeping a highly accurate one for their own military was the first thing US military built into GPS.

          And IIRC during the Gulf war non military GPS has been disabled completely.

          Currently, they do neither, but willingly corrupting a GPS signal isn't unthinkable, but an existing feature, that has been used before.

        • by djinn6 ( 1868030 )

          As discovered during warfare in the past being blatant about jamming GPS often results in producing a juicy target for an anti-radiation missile. https://en.wikipedia.org/wiki/... [wikipedia.org]

          It works until you realize a jammer is an antenna, aka. a thin rod of metal that costs maybe $5 to make. Add the wire, mounting bracket and screws, you're talking about $25 tops. That's what the $250,000 passive homing missile will be destroying. Everything else, i.e. batteries, signal generator and the operator could be a hundred feet away or even hidden in a tunnel.

    • by 93 Escort Wagon ( 326346 ) on Monday November 20, 2023 @06:40PM (#64019881)

      I assume that - at least in part - it's because airplane systems haven't really been designed with the thought that a sophisticated adversary might attempt to interfere with them.

      Yes, that's "unthinkably" dumb.

      • by tsqr ( 808554 )

        That is a very poor assumption, and says you're unfamiliar with SAASM or m-code.

        • In all seriousness - feel free to enlighten us on how the military technologies you mention apply to the commercial flights we're talking about here.

          • by tsqr ( 808554 )

            Obviously, technology restricted to military use doesn't apply to commercial systems, and I didn't say they did. What I was trying to express is that these technologies exist, and to think that designers have given no thought to the very reasons that those technologies exist, is rather silly. Sorry if I didn't make that sufficiently clear for you.

            • Actually a designer shouldn't have to consider an attack to be military in nature, communication technology in particular has a long history of someone naively implementing something and then having to improve its security later on because somebody was doing bad stuff. It seems clear that the designers of the GPS system considered several sorts of things (including deliberately offsetting the signal themselves, so that only the military receivers would get the fine tuned data; that's been retired) but as I

          • by AmiMoJo ( 196126 )

            It's not difficult to create a public key crypto system that allows receivers to validate the data they are getting, making spoofing impossible. Jamming is still possible, but not sending false positioning data because to generate a valid signal you need the private key.

            The EU's Galileo satellite navigation system implements that via OSNMA. Data is signed, so any spoofing is easy to detect. Aircraft can fall back on other navigational systems.

      • Although, it would be easier for a sophisticated adversary to simply shoot down the plane.
    • by tsqr ( 808554 ) on Monday November 20, 2023 @07:21PM (#64019977)

      If it were only that simple. Do you know how weak GPS signals are? A ground-based transmitter with enough power can overwhelm that signal regardless of antenna type or mounting.

      I supported flight test of an experimental aircraft at Edwards Airforce Base a few years back. Periodically we'd have to stand down for a day because China Lake (70 miles to the north of EAFB) was doing GPS jamming and spoofing tests.

    • GPS need to view from just about horizon to horizon, and to not lose satellites during banking turns, take-off (tilted back) etc. So while I am guessing they already are mostly pointed skyward, you can't easily shield your way out of this.

      As received GPS signals are below the noise floor of the receiver. A good antenna as you describe might be able to get a front-to-back ratio of maybe 20-30 dB. A bad actor just need to transmit a jammer signal to overcome the noise-level signal as received, which just i

      • by Guspaz ( 556486 )

        Starlink phased-array antennas are already certified by Transport Canada, the FAA, and EASA. It's not intended for navigation use, but it could be (without any hardware changes) if they wanted to:

        https://www.technologyreview.c... [technologyreview.com]

        Of course you'd then also need certification to use it as a navigation device.

      • If you want to design a system from the ground-up with such a threat in mind the approach would be to put a phased array receiver on the plane and actively track the satellites individually before sending the IF signal to the GPS to convert to ephemeris data, which would greatly increase the directivity and make a jammer/spoofer attack much more difficult.

        That's probably something like what the cool kids are doing in Ukraine with their drones, because Russian jammers are good.

    • I assume that GPS isn't being spoofed by other satellites.

      I would assume that, too, but that's the precursor to the next "unthinkable" attack.

    • Planes get their most accurate positions from GROUND STATIONS near airports where they need precise coordinates.

      Ground Based Augmentation System (GBAS) augments the existing Global Positioning System (GPS) used in U.S. airspace by providing corrections to aircraft in the vicinity of an airport in order to improve the accuracy of, and provide integrity for, these aircrafts' GPS navigational position. https://www.faa.gov/about/offi... [faa.gov]

      • by Guspaz ( 556486 )

        Then it sounds like it should be possible to spoof GBAS but not GPS, and that GPS should be the fallback when GBAS data diverges too much from GPS.

    • Wrong question.

      Would it help to build antennas that are 180-degrees-shielded? Probably.

      But WHY they aren't build that way? It was simply never necessary! Have you seen your phones GPS antenna? Probably not as it is a 1/10 squareinch loop on a PCB-board. A simple antenna like that can be stuck everywhere on the plane. Directional antennas are much larger, need to be moving if mounted on a moving vehicle. And RF paths are tricky. Think of diffraction and fresnel zones.... the antennas ARE probably already on

  • by Cajun Hell ( 725246 ) on Monday November 20, 2023 @06:41PM (#64019883) Homepage Journal

    And it's not just GPS -- fallback navigation systems are also corrupted

    That seems a lot worse than losing GPS. GPS is a luxury, available from the military as a favor which could, at any moment, go away. It's "unthinkable" that anyone would ever rely on it.

    Inertial guidance, though, ought to be unspoofable (even though less accurate than GPS on average). There will certainly be found an explanation for this; it isn't magic.

    (Or is it?!)

    • It would be crazy to not count votes from the US, Russian, and Chinese positioning systems.

      My $250 drone can land within 2' of its launch point, so that's good.

    • by AmiMoJo ( 196126 )

      GPS is certified for aircraft navigation systems, and the US government guarantees its availability and accuracy in the US. The ability for the military to disable it or reduce its accuracy was disabled permanently.

      The EU intends the same for the Galileo system.

      You absolutely are supposed to rely on them, when in the airspace of the operating countries. Of course, you might not trust those governments, but Airbus and Boeing are obliged to.

  • Adding a public/private key signing to the signals for next generation would at least help.
    Requires more processing power by receivers but since they already need lots it shouldn't be much trouble.
    • They don't need lots, though. You can run a GPS receiver for months in a dog collar. Having to verify a cryptographically strong signature every small number of seconds really would cost a lot more processing power.

      A two-tiered system might make sense, though. Unencrypted signals for dog collars, commodity watches and phones and such. Encrypted signals for things that are more critical. Jamming might still be a problem. It doesn't matter if the signal is signed if you can't hear it.

      • > It doesn't matter if the signal is signed if you can't hear it.

        It's better to know your GPS is down than to trust a spoofed signal.

      • by Cyberax ( 705495 )
        Your dog collar receiver won't _need_ to verify them.
        • Exactly. Signing does not encrypt.
          Also, the calculations for position is complex and iterative to converge on a trustworthy position. It's not just a simple trig calculation.
  • This just shows poor design and poor FAA oversight. I don't mean that the mechanical systems in the plane are poorly designed, nor am I claiming that the IRS (Inertial Reference System) software does not provide the correct output given correct input. I am claiming that the software and hardware was not designed to account for Murphy's Law and Electronic Warfare (EW).

    There should always be a paper backup. There should be an altimeter and a compass that is not connected to anything. That air gap between

    • Comment removed based on user account deletion
      • I believe there are barometric sensors (outside the pressurized cabin, obviously) that help determine altitude. Radar altimeters additionally are used to measure proximity to terrain.

        (Disclaimer: IANAP, don't play one on TV, not *your* pilot, etc., etc.)

    • Exactly. It's only unthinkable because they had no imagination. How long has it been since a battle situation first depended on GPS, or even that it would one day depend on GPS, or that civilian society would become so highly dependent on GPS? Plenty long enough to realize the implications of losing it through a (GPS) arms race and plan to do something about it.
    • It honestly ought to be a box in the middle of the console with the only input being power. Let it have an optical out to the rest of the instruments so they can use it for sanity checks. An old school mechanical compass, attitude indicator, and altimeter plus an IRS with its own display. Maybe a wind speed indicator.

      The idea that your avionics themselves can be remotely corrupted is indeed frightening. I'd actually assume the attack was coming from someone onboard with a specialized electronic device, o

    • The FAA doesn't regulate the Middle East.
    • This just shows poor design and poor FAA oversight.

      The FAA resolved this where it has jurisdiction with WAAS, the affected areas are not inside FAA jurisdiction.

      There should always be a paper backup. There should be an altimeter and a compass that is not connected to anything.

      A map, compass, and altimeter isn't going to provide sufficient precision to prove GPS isn't being spoofed. Paper maps would prove gross errors in navigation but not be fine enough for getting a jet onto a runway. For that kind of precision they'd need trusted radio beacons on land, such as VOR or... wait for it... WAAS and we already went over why WAAS doesn't apply here.

      People have been navigati

      • Paper maps would prove gross errors in navigation but not be fine enough for getting a jet onto a runway.

        Why wouldn't they? People were flying jets across the Atlantic and landing quite nicely long before GPS came along. The US even has the remains of a navigation system that pre-dated radio direction/range finding: large painted concrete arrows on the ground pointing in the direction of the next city on the route. Primitive, but it worked.

    • the pilot is well trained for flight only using those sensors, maps, and the view out the cockpit window, and

      Tell us you don't know anything about flying an aircraft at 43000ft without telling us you don't know anything about flying an aircraft at 43000ft.

  • The fine article misspells the phrase "easily predictable" as "unthinkable".

    Attacks like this are downright obvious. It's a broadcast signal. Of course, it's possible for someone to screw it up. Of course, it's foreseeable that someone will.

    I've said the very same thing of automotive systems that promise to talk to nearby cars. I'll say it again because I'm sure that'll be unthinkable, too. Other cars will lie to you. Some of the other cars won't even be cars. Some things will just scream noise at yo

  • by u19925 ( 613350 ) on Monday November 20, 2023 @08:26PM (#64020105)

    There are multiple ways to avoid spoofing but difficult to avoid jamming. A simplest technique would be to use multiple GPS systems mounted on two ends of the plane and two ends of the wings. It is almost impossible to spoof it so that all four of them read the correct data (you know the relative distance, so you know the difference in positions they are supposed to read). I don't think any company is making such a kit which can alert you of spoofing if the data from multiple receiver do not match the pre-calibrated distances). It will work very well on large planes (or any other large moving objects).

    Also you can use directional antennas, but they don't work well for GPS as GPS satellites are spread over huge angles but now the spoofing transmitters will have to use higher power and higher chance of getting detected and getting caught.

    • The antennas don't have to be very directional. A hemisphere above the plane would work fine, it'd detect almost all of the usable satellites while excluding ground-based transmitters. Spoofing that would require putting a satellite in orbit, something beyond the capabilities of most of the people doing the spoofing.

      • by u19925 ( 613350 )

        Agree that it is not hard to make directional antenna. But now you will need tracking antenna since planes tilt while taking off, landing (when you need the GPS most), turning and so on. Plus directional antennas don't reject 100% signal from the other directions unless they are bulky ones. Ground signal is close by and can be very strong, so even the directional antennas will pick up ground signal unless they are bulky antennas. Now think about mounting a large directional, and tracking antenna on a plane.

  • GPS being hosed in one city or another is not particularly new. What is new is that older navigation methods are being deprecated and aircraft are more dependent now on GPS. The cities mentioned all still have VOR as far as I can tell, but are the systems the planes are flying with capable of using it or noticing a discrepancy?
  • STOP FLYING OVER ACTIVE WARZONES. Problem largely solved. Let me know where I can send the consulting bill.

    Seriously though, these spoofing attacks are generalised and countries not at war don't do this because countries have their own airlines and passengers that need to be taken care of as well.

    • by AmiMoJo ( 196126 )

      These aren't active warzones. Iran, for example, is not an active warzone.

      Some airlines do avoid areas that are not part of a hot war, e.g. many now avoid Russia. However, it would be a big escalation if airlines were required to avoid anywhere that might potential become a warzone. A country's economy could be badly damaged by the mere threat or hint of escalation.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...