Commercial Flights Are Experiencing ‘Unthinkable’ GPS Attacks and Nobody Knows What to Do::New “spoofing” attacks resulting in total navigation failure have been occurring above the Middle East for months, which is “highly significant” for airline safety.

        • deweydecibel@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          arrow-down
          14
          ·
          1 year ago

          Lemmy is starting to feel like Discord with people dropping lazy images like this in every damn thread.

          • Derproid@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            6
            ·
            1 year ago

            Literally couldn’t even bother to edit the image so the country names are in the image.

              • Confused_Emus@lemmy.world
                link
                fedilink
                English
                arrow-up
                7
                arrow-down
                1
                ·
                1 year ago

                has enough literacy skills to pick up on humor in more than just the shared image

                I thought it was funny, anyway…

                • nixcamic@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Thanks yeah one of my kids had a chronic condition so it’s not really anything unexpected but also not fun and just a ton of waiting.

    • gibmiser@lemmy.world
      link
      fedilink
      English
      arrow-up
      51
      arrow-down
      20
      ·
      1 year ago

      Wow. The state of Israel is really piling on the reasons to hate it these days.

      • Flyswat@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        It was doing this for decades but Western countries only start hearing about it.

        Social media have prevailed over classic media, and this time they have proven to be harder to steer.

    • newnton@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      25
      ·
      edit-2
      1 year ago

      The article says the spoofing was first recorded in September from Iran, then Israel started doing some after the October Hammas attacks

    • Rivalarrival@lemmy.today
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      3
      ·
      edit-2
      1 year ago

      Iran has been doing this shit for decades. I’m sure Israel has too.

      Basically, they figure out what a GPS receiver would hear if it was receiving signals from a specific location, say “London”. They then broadcast those exact signals. Any receiver that hears them now thinks it is in “London”.

      Start with the aircraft’s actual position, and update the spoofed location based where it actually is and and its intended destination, and you can get it to go where you want it.

      If the aircraft is trying to fly to London, for example, and you want it to turn to the east of its track, you start spoofing that it has drifted west on its track to London. The aircraft thinks it is west of London, and turns to the east to get to spoofed-London.

          • Treczoks@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            GPS relies on timing - very precise timing - and signed signals. It might be that GPS units ignore that the signal should be signed, but the (picosecond) timing basically defines an objects’ position in space. A picosecond makes a difference of a few centimeters.

            Now, modern planes don’t primarily rely on GPS. They have gyroscopes. But as gyroscopes lose precision over the duration of the flight, they cross-reference with GPS to fix this loss of precision. But for that, the measured GPS location must be close enough to the gyroscope-based location, or the GPS result is discarded as erroneous. So one needs not only to spoof any GPS signal, it must be close enough to the actual position, and then slowly move the target over.

            BTW, the villains in the movie “Tomorrow never dies” use a different approach. They influence the GPS satellites directly, which is a totally different thing, and if Iran did attempt that, I think the US would react differently and … more directly.

            • argarath@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Wow this is so cool!! I did know it was timing based and needed to be precise, but this is so crazy! And to think we’ve gotten so good at making these precise timing circuits to just add them to all phones like it’s nothing! This is really cool! And the part about spoofing GPS in planes, that is even crazier how can anyone accomplish that is beyond me it’s pretty much magic at this point that’s so cool!!

              • Treczoks@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 year ago

                In the cell phone there are specialized chips that “just” read the signal. They use some interesting tricks to catch the timing right, but can’t be used to produce such a signal. The satellite “just” sends a signal with it’s own position and the timecode (based on it’s own atomic clock). And those nanoseconds and picoseconds of difference when the signals from different satellites arrive determine the distance to those satellites, and together with their position, one can calculate the receivers location.

  • deweydecibel@lemmy.world
    link
    fedilink
    English
    arrow-up
    123
    arrow-down
    1
    ·
    1 year ago

    The planes first received spoofed GPS signals, meaning signals designed to fool planes’ systems into thinking they are flying miles away from their real location. One of the aircraft almost flew into Iranian airspace without permission

    Tomorrow Never Dies continues to be bizarrely relevant.

      • deweydecibel@lemmy.world
        link
        fedilink
        English
        arrow-up
        49
        ·
        edit-2
        1 year ago

        Johnathan Pryce as the mad, egocentric head of a mass media and tech empire with an inordinate amount of reach and influence on the world stage, who is chiefly concerned with becoming the sole source of media in a post-CCP China.

        Which sounds funny and ridiculous in a 1997 spy movie, but in the last 20 years, we’ve seen just how much power mass media companies wield, how they can manipulate sizable percentages of a population, and how being the exclusive source of news for an entire country (China, no less) would give a media mogul incredible power and influence.

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    54
    arrow-down
    3
    ·
    1 year ago

    Fucking serves them right, the aviation industry have been buying GPS devices for decades that bleed outside and don’t explicitly filter down to their spectrum. There was a satellite internet startup in the US that went through the whole process, bought its spectrum and was ready to launch, then the aviation industry complained and had them shut down because their devices were all shit and “it would be too difficult to change everyone’s equipment”.

  • Dettweiler@lemmyonline.com
    link
    fedilink
    English
    arrow-up
    46
    arrow-down
    6
    ·
    1 year ago

    That just means you can’t use autoland in low visibility conditions. Modern IRUs (inertial reference unit) are highly accurate laser gyros that can use GPS for correction, but will throw out the data if it doesn’t make sense. Navigation won’t be affected much, and autoland (if used) will still rely on VHF guidance.

      • assembly@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yeah I have the same question. Based upon a comment above, it looks like the independent gyro system is updated for drift based upon the spoofed GPS data and thus causes issues. If the IRS is not updated at all then drift becomes a bigger issue but if it’s updated regularly with valid GPS data then it’s a good thing. So the challenge is to only update the gyro drift with valid GPS data which I am guessing is hard to determine.

        • Dimand@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          ·
          1 year ago

          Pretty much this, look up Kalman filters if you want details. The most likely explanation is that they are tuned to effectively trust GPS more than the internal IMU for long periods of time. Really good IMUs are very expensive and still drift but have high speed output. When it works well, GPS is cheap and doesn’t drift but with a slow update rate. The cost optimisation probably means that the IMU data is usually only trusted for a few seconds, probably 10 min at most before it takes whatever the GPS says as truth. If they lost gps signal through jamming, then they would keep navigation on the less certain IMU data, but the GPS sensor thinks all is well so they shift position.

          There is probably a software upgrade to the filter that could be used to limit these attacks, but I imagine it’s an active area or research.

      • Dettweiler@lemmyonline.com
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        If it’s a smaller plane (such as a CRJ / ERJ) with only one IRU, it will not be able to determine if GPS is valid or not, so the drift correction gets spoiled.

        Large commercial aircraft are using 3 IRUs, with newer aircraft using ADIRUs. If GPS does not agree with the three IRUs, the GPS data is thrown out. If the GPS is within tolerance, correction is applied. You could build up very small errors over a long distance, but you should still be pretty close to the airfield when you get there.

      • thehatfox@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        They use gyroscopes and accelerometers to measure the aircrafts movement from the starting position at takeoff. That can then be used to plot the course the aircraft has taken to show the current location.

      • Dettweiler@lemmyonline.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        First, they have to align on the ground. You initialize them with your current known position (usually by GPS or your known airport/gate spot). Then, you wait for them to synchronize with the Earth’s rotation. If you’re far north, like in Alaska, this could take half an hour. If you’re close to the equator, it could take 5 minutes. Once they’re ready, from that point, any movement you make, it will know where you are and where you’ve been.

        If you spin up a gyro and begin moving around, it will maintain it’s starting position. You can use this deflection to calculate direction. If you know how fast you are going and for how long, you’ll have your position.

        Mechanical gyros drift. It’s the nature of a world with friction. Newer IRUs use laser gyros, so the only real drift they have comes from extremely minute rounding errors.

    • _s10e@feddit.de
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Ignore my ignorance. Are you saying the aircrafts track where they are going by calculating their position from gyroscope data? And this is more precise than GPS?

      That’s like using the accelaration sensors in your phone to navigate. Or sailing with compass and nautical maps.

      Possible. Tech isn’t even that novel. But still impressive.

      • Dettweiler@lemmyonline.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Yes. Most of commercial navigation systems rely on the IRUs as a primary source of position data, and they’ll usually have 3 of them. VHF is used by the crew to confirm that the aircraft is on track by referencing VOR stations, though these are slowly being phased out due to GPS.

        That being said, a single traditional IRU can have up to 2km of drift over a 2 hr flight (at which point it’s removed from service and replaced). When used in combination with two other IRUs, the error is dramatically reduced. Traditional IRUs are gyroscopically mechanical in nature and do not talk to GPS.

        Now, that being said, the new standard is called an ADIRU (ADvanced IRU), which ties in with GPS and features laser gyros. They’re extremely accurate and have essentially zero drift, plus multiple redundant components within each unit.

        • Vqhm@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          1 year ago

          If anyone is really curious about how INS works https://en.m.wikipedia.org/wiki/Inertial_navigation_system

          Also this Air Force training audio REALLY clears the subject up: https://youtu.be/VUrMuc-ULmM

          The Missile Knows Where It Is

          Transcription for the audio is as follows:

          "The missile knows where it is at all times. It knows this because it knows where it isn’t. By subtracting where it is from where it isn’t, or where it isn’t from where it is (whichever is greater), it obtains a difference, or deviation. The guidance subsystem uses deviations to generate corrective commands to drive the missile from a position where it is to a position where it isn’t, and arriving at a position where it wasn’t, it now is. Consequently, the position where it is, is now the position that it wasn’t, and it follows that the position that it was, is now the position that it isn’t.

          In the event that the position that it is in is not the position that it wasn’t, the system has acquired a variation, the variation being the difference between where the missile is, and where it wasn’t. If variation is considered to be a significant factor, it too may be corrected by the GEA. However, the missile must also know where it was.

          The missile guidance computer scenario works as follows. Because a variation has modified some of the information the missile has obtained, it is not sure just where it is. However, it is sure where it isn’t, within reason, and it knows where it was. It now subtracts where it should be from where it wasn’t, or vice-versa, and by differentiating this from the algebraic sum of where it shouldn’t be, and where it was, it is able to obtain the deviation and its variation, which is called error."

    • peanutyam@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’m glad I wasn’t the only one scratching my head at why was this an issue….(30 + years in aircraft maintenance just not avionics trade, airframes and engines)

    • Dimand@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      1 year ago

      I can’t see how omega and similar were not just as susceptible to this type of attack. Active outside in positioning almost always has this vulnerability.

    • chuck@lemmy.ca
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      3
      ·
      edit-2
      1 year ago

      Huh what do you propose then, go back to the 1960s and ensure they are only using VOR and DME ground equipment. There isn’t a check sum to check on GPS/GNSS it just a bunch of satellites broadcasting what they think is the correct time. If you jam those and replace them with signals close enough but wrong values you can trick the math that’s used inside the GPS/GNSS receiver that computes the the position (and velocity), and it looks like this signal can be introduced slow enough to trick the receiver in real-world applications. One trick to protect yourself is to ensure the signals you receive are from the direction you expect but we aren’t going to attach directional antennas on every face of a civilian aircraft, to ensure the strongest signal is from the top of the plane and not the bottom. Essentially civil navigation equipment isn’t supposed to be messed with and if it is authorities are supposed to go over and arrest and fine the idiots doing things over the radio they shouldnt. When the bad guy is a government well yea I guess that plan doesn’t work and governing bodies such as ICAO should impose penalties like no commerical aircraft from companies from those countries are not allowed elsewhere.

      • oatscoop@midwest.social
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        1 year ago

        That’s one way to do it.

        Or avionics companies could sell modern equipment that uses multiple constellations (GPS, GLONASS, Galileo), is capable of acquiring more satellites at a time than a 20 year old system, and has basic jamming protection like ignoring spurious signals. You know: like consumer devices have been doing for years.

        Then the commercial operators could install them in their aircraft.

        • chuck@lemmy.ca
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          First Glonass is a mess, missing quite a few operational satellites Galileo is just ramping up.

          Interms of what is broadcast they still work on the same principle satellites broadcast time receiver does something like a linear least squares fit to estimate position, and time.

          Mixing all the sources and doing a linear least squares like fit means the bad guy has to spoof more signals, and this system will be more robust but it is susceptible to the same attack just ramped up a bit

            • chuck@lemmy.ca
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              Yea then they just start shooting down everything randomly,

              And really want needs to be modified on the missiles? Sounds more like an airliner issue to me…

              • Daxtron2@startrek.website
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                Sounds like they should remove the explosive part before putting into an airliner but maybe that’s just me

      • ToxicWaste@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Something that sounds like a production flaw to me is how the IRS gets corrupted. Sadly the article did not go too much into detail, but gyroscopes and accelerometers should not be affected by GPS data. Sure, if they do not sync up with current data, error propagation becomes a problem - especially on long flights. But i reckon gradually depreciating data is better than maliciously wrong data.

        The article mentioned, that large plains have 2 GPS receivers. The spooving seems less traditional (sending wrong data with more power), but more sending a lot of incomplete data to confuse the receiver. This should introduce a desynchronization of the two receivers present, and alert the internal systems. Since it is detected, that something went wrong with the GPS, the 3 IRS can calculate the position from recorded data. This is a fallback and accuracy will depreciate. But if the pilot is aware it could still be valuable information. Additionally it is more scalable than air traffic control having to navigate affected planes.

  • astray@lemm.ee
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    2
    ·
    1 year ago

    What about GLONASS, Galilleo, or BDS? Are they all being equally jammed? Why wouldn’t they sync with all of them and use a consensus to determine accuracy? Like having multiple ntp servers.

    • CaptainBuckleroy@lemm.ee
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      The latest generations of gnss receivers have spoofing and jamming mitigation and detection features included with the chip, and multi-band rx technology to sync to more constellations simultaneously and do exactly what you’re talking about. Before then, the spoofing/jamming detection would likely need a software implementation after the receiver. There are different types of spoofing/jamming, all of which are detected and mitigated in different ways.

      I don’t know the commercial aircraft industry standards for updating technology, but I wouldn’t be surprised if most commercial aircraft don’t have what you’re talking about.

  • nixcamic@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    Do none of the systems, GPS, glonass etc. use encryption or authentication of any form?

    • AreaKode@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      The problem is with the way GPS works. Your device gets telemetry from the satellites. A fake signal can screw up the whole system.

      • jormaig@programming.dev
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        But if they had authentication you would know that the message doesn’t come from a legitimate satélite.

        • Gormadt@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          1 year ago

          If their isn’t then there’s a big problem with implementing that now, which would require a retrofit of every single GPS system currently in use and likely a replacement of all GPS satellites

          Edit: I’m slightly mistaken, the military uses encryption but they don’t have that open for public use.

        • Creat@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          7
          ·
          1 year ago

          you can’t have authentication in a one way system. satellites send days, planes receive it, but never send anything.

              • Nailbar@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Playing with semantics a little, it can be thought of as the satellite authenticating with the client using the signature as password.

              • randombullet@feddit.de
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                1
                ·
                1 year ago

                That’s not how PKI works?

                Unless you know how digital signatures work better than me

              • zalgotext@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                If you’ve figured out how to do that, a lot of governments would pay you a lot of money for your solution

              • Nailbar@sopuli.xyz
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                You can’t copy a signature, since it is different every time the signed content is different. You need to have the correct key in order to make a valid signature.

    • Lafrack@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      Yes Galileo supports encryption. But as far as I know it’s not in use. Has been trialled only. But I know all Airbus aircraft only support GPS satellites and nothing else (yet). I assume Boeing, being American would be the same then.

      As far as solutions go, an aircraft can navigate fine without GPS. It can update its position from ground navigation aids and if they are not available it can still Dead Reckon very well. The navigation error very slowly grows until it’s out of the black spot and can use GPS or navigation aid to increase its accuracy. But this navigation error on the time frame of say an hour is a matter of kilometers at most, not dozens.

    • SeriousBug@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      Nope. And more importantly, it looks like nobody considered what might happen if the signal gets spoofed. The backup systems that are supposed to keep working if GPS breaks also break due to these spoofed signals.

      • Ajen@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        GPS is encrypted, it’s just that the US military won’t share the encryption keys so the rest of us have to use the unencrypted channels. They’ve clearly thought about it and decided against making it public.

        • grandkaiser@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          If they shared the encryption keys, then it wouldn’t be safe from spoofing anymore. The whole point of encryption is to not share the keys.

          Also, before someone tries to point out PKI, the satellites don’t use PKI. So that’s not relevant. You can’t share the current keys without jeopardizing the system.

          • Ajen@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            PKI? I assume you mean asymmetric encryption? That’s been available long before the GPS system was launched. Why do you think it isn’t relevant? They could have designed it into the protocol if they wanted to.

            • grandkaiser@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              The military didn’t design it for civilian use. That’s really all there is to it. The commenter I was replying to made it sound like theres an easy solution here. There isn’t.

              • Ajen@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                I’m the commenter you originally replied to. If the US military wanted unspoofable GPS available to everyone then it would be available to everyone. They only want the public to have unencrypted GPS, so that’s all we get.

                • grandkaiser@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  The military is as concerned with civilian gps as much as they are with anything else that isn’t military-related: not their issue to solve. They won’t stop anyone from using encrypted gps. They really won’t. The only branch in the us that actively tries to prevent public encryption is the NSA. (Even then, they wouldn’t block something like gps). For the record, I’m a security engineer (DDI, private sector), previously worked for the DOD, and used to work in satcom.

    • _s10e@feddit.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.

      Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.

      • Treczoks@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        But that would also mean the timestamp to be off. Just resending them would also require extremely precise timing if you want to simulate a position that is not anywhere but just a bit off the last position. Making a GPS position jumping around half the world is (comparably) easy, pushing it off for a few kilometers is much, much harder.

  • kingthrillgore@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    11
    ·
    1 year ago

    I generally don’t believe in an isolationist American policy except for Israel. They always drag us into stupid shit like this.

  • just_change_it@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    4
    ·
    1 year ago

    Easy solution: homing rockets that seek out the strongest signal using that band. Whitelist the sources that are official and proper.

    GPS is passive so the rockets won’t go for the plane… it’ll go for the transmission tower.

    Use less destructive devices if you’d rather risk sending humans to do the job.

  • Magister@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    15
    ·
    1 year ago

    Nobody knows what to do?

    How they did between 1890 and 1980? Maybe with paper maps and their eyes? It needs investigating!