Commercial Flights Are Experiencing ‘Unthinkable’ GPS Attacks and Nobody Knows What to Do::New “spoofing” attacks resulting in total navigation failure have been occurring above the Middle East for months, which is “highly significant” for airline safety.
TL:DR: Israel and Iran are the source of the spoofing.
Edited*
And Iran, according to the article
Israel Iran and Russia be like
Lemmy is starting to feel like Discord with people dropping lazy images like this in every damn thread.
Literally couldn’t even bother to edit the image so the country names are in the image.
Yeah on my phone in hospital waiting room, didn’t have time.
has enough literacy skills to pick up on humor in more than just the shared image
I thought it was funny, anyway…
I hope everything turns out ok!
Thanks yeah one of my kids had a chronic condition so it’s not really anything unexpected but also not fun and just a ton of waiting.
Wow. The state of Israel is really piling on the reasons to hate it these days.
It was doing this for decades but Western countries only start hearing about it.
Social media have prevailed over classic media, and this time they have proven to be harder to steer.
The article says the spoofing was first recorded in September from Iran, then Israel started doing some after the October Hammas attacks
And Russia was doing it just a few years ago, too.
Iran has been doing this shit for decades. I’m sure Israel has too.
Basically, they figure out what a GPS receiver would hear if it was receiving signals from a specific location, say “London”. They then broadcast those exact signals. Any receiver that hears them now thinks it is in “London”.
Start with the aircraft’s actual position, and update the spoofed location based where it actually is and and its intended destination, and you can get it to go where you want it.
If the aircraft is trying to fly to London, for example, and you want it to turn to the east of its track, you start spoofing that it has drifted west on its track to London. The aircraft thinks it is west of London, and turns to the east to get to spoofed-London.
Actually, the issue is far more complicated than that.
Could you expand on what’s the issue? I’m honestly curious
GPS relies on timing - very precise timing - and signed signals. It might be that GPS units ignore that the signal should be signed, but the (picosecond) timing basically defines an objects’ position in space. A picosecond makes a difference of a few centimeters.
Now, modern planes don’t primarily rely on GPS. They have gyroscopes. But as gyroscopes lose precision over the duration of the flight, they cross-reference with GPS to fix this loss of precision. But for that, the measured GPS location must be close enough to the gyroscope-based location, or the GPS result is discarded as erroneous. So one needs not only to spoof any GPS signal, it must be close enough to the actual position, and then slowly move the target over.
BTW, the villains in the movie “Tomorrow never dies” use a different approach. They influence the GPS satellites directly, which is a totally different thing, and if Iran did attempt that, I think the US would react differently and … more directly.
Wow this is so cool!! I did know it was timing based and needed to be precise, but this is so crazy! And to think we’ve gotten so good at making these precise timing circuits to just add them to all phones like it’s nothing! This is really cool! And the part about spoofing GPS in planes, that is even crazier how can anyone accomplish that is beyond me it’s pretty much magic at this point that’s so cool!!
In the cell phone there are specialized chips that “just” read the signal. They use some interesting tricks to catch the timing right, but can’t be used to produce such a signal. The satellite “just” sends a signal with it’s own position and the timecode (based on it’s own atomic clock). And those nanoseconds and picoseconds of difference when the signals from different satellites arrive determine the distance to those satellites, and together with their position, one can calculate the receivers location.
The planes first received spoofed GPS signals, meaning signals designed to fool planes’ systems into thinking they are flying miles away from their real location. One of the aircraft almost flew into Iranian airspace without permission
Tomorrow Never Dies continues to be bizarrely relevant.
Is that the one with Jonathan Pryce as the villain? That was a good one
Johnathan Pryce as the mad, egocentric head of a mass media and tech empire with an inordinate amount of reach and influence on the world stage, who is chiefly concerned with becoming the sole source of media in a post-CCP China.
Which sounds funny and ridiculous in a 1997 spy movie, but in the last 20 years, we’ve seen just how much power mass media companies wield, how they can manipulate sizable percentages of a population, and how being the exclusive source of news for an entire country (China, no less) would give a media mogul incredible power and influence.
I’m not nervous, you’re nervous
So basically the plot of citizen Kane with some tweaks
deleted by creator
I must have missed the bit of Citizen Kane where he spoofs a British warship into sailing into Chinese waters then attacks both sides from a stealth submarine.
Director’s cut
That was a badass videogame on PS1. Core memory unlocked
Fucking serves them right, the aviation industry have been buying GPS devices for decades that bleed outside and don’t explicitly filter down to their spectrum. There was a satellite internet startup in the US that went through the whole process, bought its spectrum and was ready to launch, then the aviation industry complained and had them shut down because their devices were all shit and “it would be too difficult to change everyone’s equipment”.
Do you have something I can read about this? It’s a little vague, so hard for me to search, and it sounds like something I would be interested in. Thanks
Pretty sure this is the story, rings true to my memory of the company name starting with “L”: https://arstechnica.com/tech-policy/2011/04/lightsquared-broadband-a-threat-to-gps/
Although this article doesn’t cover how the GPS systems used cheap filtering circuits that didn’t adequately filter out adjacent frequencies. This was done purely to save money, because there wasn’t anything using the adjacent frequencies. As a result, LightSquared went bankrupt in 2012.
Thanks I’ll give it a read.
Edited my last comment, I don’t think that article goes into much detail. It only really covers the objections by GPS device manufacturers against LightSquared, not the technical aspect ie poor filtering by cheap GPS devices.
This article covers LightSquared’s claims of poor filtering by GPS devices: https://www.networkworld.com/article/696602/wireless-lightsquared-says-gps-makers-ignored-filtering-rules.html
This article also covers some of it: https://www.cnet.com/tech/mobile/lightsquared-blew-it-and-heres-why/
TL;DR GPS devices cut corners, however because they were established and so endemic across the industry, there was no practical way to fix them all and LightSquared was sent down the toilet.
Edited my last comment, I don’t think that article goes into much detail. It only really covers the objections, not the technical aspect ie poor filtering by cheap GPS devices.
That just means you can’t use autoland in low visibility conditions. Modern IRUs (inertial reference unit) are highly accurate laser gyros that can use GPS for correction, but will throw out the data if it doesn’t make sense. Navigation won’t be affected much, and autoland (if used) will still rely on VHF guidance.
But the article mentioned that “the spoofing corrupts the Inertial Reference System”. How?
Yeah I have the same question. Based upon a comment above, it looks like the independent gyro system is updated for drift based upon the spoofed GPS data and thus causes issues. If the IRS is not updated at all then drift becomes a bigger issue but if it’s updated regularly with valid GPS data then it’s a good thing. So the challenge is to only update the gyro drift with valid GPS data which I am guessing is hard to determine.
Pretty much this, look up Kalman filters if you want details. The most likely explanation is that they are tuned to effectively trust GPS more than the internal IMU for long periods of time. Really good IMUs are very expensive and still drift but have high speed output. When it works well, GPS is cheap and doesn’t drift but with a slow update rate. The cost optimisation probably means that the IMU data is usually only trusted for a few seconds, probably 10 min at most before it takes whatever the GPS says as truth. If they lost gps signal through jamming, then they would keep navigation on the less certain IMU data, but the GPS sensor thinks all is well so they shift position.
There is probably a software upgrade to the filter that could be used to limit these attacks, but I imagine it’s an active area or research.
If it’s a smaller plane (such as a CRJ / ERJ) with only one IRU, it will not be able to determine if GPS is valid or not, so the drift correction gets spoiled.
Large commercial aircraft are using 3 IRUs, with newer aircraft using ADIRUs. If GPS does not agree with the three IRUs, the GPS data is thrown out. If the GPS is within tolerance, correction is applied. You could build up very small errors over a long distance, but you should still be pretty close to the airfield when you get there.
How do IRUs work do to give you location?
It’s knows where it was and where it isn’t
They know where you took off from, and can detect your movement with precision.
Here is an alternative Piped link(s):
https://piped.video/bZe5J8SVCYQ
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
They use gyroscopes and accelerometers to measure the aircrafts movement from the starting position at takeoff. That can then be used to plot the course the aircraft has taken to show the current location.
First, they have to align on the ground. You initialize them with your current known position (usually by GPS or your known airport/gate spot). Then, you wait for them to synchronize with the Earth’s rotation. If you’re far north, like in Alaska, this could take half an hour. If you’re close to the equator, it could take 5 minutes. Once they’re ready, from that point, any movement you make, it will know where you are and where you’ve been.
If you spin up a gyro and begin moving around, it will maintain it’s starting position. You can use this deflection to calculate direction. If you know how fast you are going and for how long, you’ll have your position.
Mechanical gyros drift. It’s the nature of a world with friction. Newer IRUs use laser gyros, so the only real drift they have comes from extremely minute rounding errors.
Ignore my ignorance. Are you saying the aircrafts track where they are going by calculating their position from gyroscope data? And this is more precise than GPS?
That’s like using the accelaration sensors in your phone to navigate. Or sailing with compass and nautical maps.
Possible. Tech isn’t even that novel. But still impressive.
Yes. Most of commercial navigation systems rely on the IRUs as a primary source of position data, and they’ll usually have 3 of them. VHF is used by the crew to confirm that the aircraft is on track by referencing VOR stations, though these are slowly being phased out due to GPS.
That being said, a single traditional IRU can have up to 2km of drift over a 2 hr flight (at which point it’s removed from service and replaced). When used in combination with two other IRUs, the error is dramatically reduced. Traditional IRUs are gyroscopically mechanical in nature and do not talk to GPS.
Now, that being said, the new standard is called an ADIRU (ADvanced IRU), which ties in with GPS and features laser gyros. They’re extremely accurate and have essentially zero drift, plus multiple redundant components within each unit.
If anyone is really curious about how INS works https://en.m.wikipedia.org/wiki/Inertial_navigation_system
Also this Air Force training audio REALLY clears the subject up: https://youtu.be/VUrMuc-ULmM
The Missile Knows Where It Is
Transcription for the audio is as follows:
"The missile knows where it is at all times. It knows this because it knows where it isn’t. By subtracting where it is from where it isn’t, or where it isn’t from where it is (whichever is greater), it obtains a difference, or deviation. The guidance subsystem uses deviations to generate corrective commands to drive the missile from a position where it is to a position where it isn’t, and arriving at a position where it wasn’t, it now is. Consequently, the position where it is, is now the position that it wasn’t, and it follows that the position that it was, is now the position that it isn’t.
In the event that the position that it is in is not the position that it wasn’t, the system has acquired a variation, the variation being the difference between where the missile is, and where it wasn’t. If variation is considered to be a significant factor, it too may be corrected by the GEA. However, the missile must also know where it was.
The missile guidance computer scenario works as follows. Because a variation has modified some of the information the missile has obtained, it is not sure just where it is. However, it is sure where it isn’t, within reason, and it knows where it was. It now subtracts where it should be from where it wasn’t, or vice-versa, and by differentiating this from the algebraic sum of where it shouldn’t be, and where it was, it is able to obtain the deviation and its variation, which is called error."
Here is an alternative Piped link(s):
https://piped.video/VUrMuc-ULmM
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
The missile knows where it is by knowing where it is not.
I’m glad I wasn’t the only one scratching my head at why was this an issue….(30 + years in aircraft maintenance just not avionics trade, airframes and engines)
Well the article says it caused at least one plane to almost fly into Iran’s restricted airspace…
deleted by creator
We need a backup for GPS. LORAN should never have been shut down.
I can’t see how omega and similar were not just as susceptible to this type of attack. Active outside in positioning almost always has this vulnerability.
There are 3 of them. Galileo, Glonass and Beidou
Yet another reason to avoid the middle east
I’ve got an idea, how bout stop using the same technology from 20 years ago?
Huh what do you propose then, go back to the 1960s and ensure they are only using VOR and DME ground equipment. There isn’t a check sum to check on GPS/GNSS it just a bunch of satellites broadcasting what they think is the correct time. If you jam those and replace them with signals close enough but wrong values you can trick the math that’s used inside the GPS/GNSS receiver that computes the the position (and velocity), and it looks like this signal can be introduced slow enough to trick the receiver in real-world applications. One trick to protect yourself is to ensure the signals you receive are from the direction you expect but we aren’t going to attach directional antennas on every face of a civilian aircraft, to ensure the strongest signal is from the top of the plane and not the bottom. Essentially civil navigation equipment isn’t supposed to be messed with and if it is authorities are supposed to go over and arrest and fine the idiots doing things over the radio they shouldnt. When the bad guy is a government well yea I guess that plan doesn’t work and governing bodies such as ICAO should impose penalties like no commerical aircraft from companies from those countries are not allowed elsewhere.
That’s one way to do it.
Or avionics companies could sell modern equipment that uses multiple constellations (GPS, GLONASS, Galileo), is capable of acquiring more satellites at a time than a 20 year old system, and has basic jamming protection like ignoring spurious signals. You know: like consumer devices have been doing for years.
Then the commercial operators could install them in their aircraft.
First Glonass is a mess, missing quite a few operational satellites Galileo is just ramping up.
Interms of what is broadcast they still work on the same principle satellites broadcast time receiver does something like a linear least squares fit to estimate position, and time.
Mixing all the sources and doing a linear least squares like fit means the bad guy has to spoof more signals, and this system will be more robust but it is susceptible to the same attack just ramped up a bit
Just equip the airliners with modified AGM-88 HARM missiles to deal with the jammers.
Yea then they just start shooting down everything randomly,
And really want needs to be modified on the missiles? Sounds more like an airliner issue to me…
Sounds like they should remove the explosive part before putting into an airliner but maybe that’s just me
Something that sounds like a production flaw to me is how the IRS gets corrupted. Sadly the article did not go too much into detail, but gyroscopes and accelerometers should not be affected by GPS data. Sure, if they do not sync up with current data, error propagation becomes a problem - especially on long flights. But i reckon gradually depreciating data is better than maliciously wrong data.
The article mentioned, that large plains have 2 GPS receivers. The spooving seems less traditional (sending wrong data with more power), but more sending a lot of incomplete data to confuse the receiver. This should introduce a desynchronization of the two receivers present, and alert the internal systems. Since it is detected, that something went wrong with the GPS, the 3 IRS can calculate the position from recorded data. This is a fallback and accuracy will depreciate. But if the pilot is aware it could still be valuable information. Additionally it is more scalable than air traffic control having to navigate affected planes.
What about GLONASS, Galilleo, or BDS? Are they all being equally jammed? Why wouldn’t they sync with all of them and use a consensus to determine accuracy? Like having multiple ntp servers.
The latest generations of gnss receivers have spoofing and jamming mitigation and detection features included with the chip, and multi-band rx technology to sync to more constellations simultaneously and do exactly what you’re talking about. Before then, the spoofing/jamming detection would likely need a software implementation after the receiver. There are different types of spoofing/jamming, all of which are detected and mitigated in different ways.
I don’t know the commercial aircraft industry standards for updating technology, but I wouldn’t be surprised if most commercial aircraft don’t have what you’re talking about.
Do none of the systems, GPS, glonass etc. use encryption or authentication of any form?
The problem is with the way GPS works. Your device gets telemetry from the satellites. A fake signal can screw up the whole system.
But if they had authentication you would know that the message doesn’t come from a legitimate satélite.
If their isn’t then there’s a big problem with implementing that now, which would require a retrofit of every single GPS system currently in use and likely a replacement of all GPS satellites
Edit: I’m slightly mistaken, the military uses encryption but they don’t have that open for public use.
I would hope whoever designed the satellites had the foresight to allow remote software updates.
They’re talking about the millions of receivers around the world, not the satellites.
Nah we just need a satellite mechanic astronaut
Software updates become useless if you hit hardware limitations
you can’t have authentication in a one way system. satellites send days, planes receive it, but never send anything.
You can have a digital signature, so the recievers know it’s legit
yes of course, but that isn’t authentication.
Playing with semantics a little, it can be thought of as the satellite authenticating with the client using the signature as password.
deleted by creator
That’s not how PKI works?
Unless you know how digital signatures work better than me
If you’ve figured out how to do that, a lot of governments would pay you a lot of money for your solution
You can’t copy a signature, since it is different every time the signed content is different. You need to have the correct key in order to make a valid signature.
Yes Galileo supports encryption. But as far as I know it’s not in use. Has been trialled only. But I know all Airbus aircraft only support GPS satellites and nothing else (yet). I assume Boeing, being American would be the same then.
As far as solutions go, an aircraft can navigate fine without GPS. It can update its position from ground navigation aids and if they are not available it can still Dead Reckon very well. The navigation error very slowly grows until it’s out of the black spot and can use GPS or navigation aid to increase its accuracy. But this navigation error on the time frame of say an hour is a matter of kilometers at most, not dozens.
Nope. And more importantly, it looks like nobody considered what might happen if the signal gets spoofed. The backup systems that are supposed to keep working if GPS breaks also break due to these spoofed signals.
GPS is encrypted, it’s just that the US military won’t share the encryption keys so the rest of us have to use the unencrypted channels. They’ve clearly thought about it and decided against making it public.
If they shared the encryption keys, then it wouldn’t be safe from spoofing anymore. The whole point of encryption is to not share the keys.
Also, before someone tries to point out PKI, the satellites don’t use PKI. So that’s not relevant. You can’t share the current keys without jeopardizing the system.
PKI? I assume you mean asymmetric encryption? That’s been available long before the GPS system was launched. Why do you think it isn’t relevant? They could have designed it into the protocol if they wanted to.
The military didn’t design it for civilian use. That’s really all there is to it. The commenter I was replying to made it sound like theres an easy solution here. There isn’t.
I’m the commenter you originally replied to. If the US military wanted unspoofable GPS available to everyone then it would be available to everyone. They only want the public to have unencrypted GPS, so that’s all we get.
The military is as concerned with civilian gps as much as they are with anything else that isn’t military-related: not their issue to solve. They won’t stop anyone from using encrypted gps. They really won’t. The only branch in the us that actively tries to prevent public encryption is the NSA. (Even then, they wouldn’t block something like gps). For the record, I’m a security engineer (DDI, private sector), previously worked for the DOD, and used to work in satcom.
GPS is old, the amount of data you get from the satellite is small, essentially satellite id and timestamp. If we would redesign this today, you could include a digital signature.
Sure, but… you can google this to verify … one can probably manipulate GPS by introducing delay, i.e. resend data from a sat that was hear some seconds ago. With this signal the location will be off.
But that would also mean the timestamp to be off. Just resending them would also require extremely precise timing if you want to simulate a position that is not anywhere but just a bit off the last position. Making a GPS position jumping around half the world is (comparably) easy, pushing it off for a few kilometers is much, much harder.
Removed by mod
I generally don’t believe in an isolationist American policy except for Israel. They always drag us into stupid shit like this.
Easy solution: homing rockets that seek out the strongest signal using that band. Whitelist the sources that are official and proper.
GPS is passive so the rockets won’t go for the plane… it’ll go for the transmission tower.
Use less destructive devices if you’d rather risk sending humans to do the job.
It’s called a HARM, Homing Anti Radiation Missile.
boosting the stereotype
Nobody knows what to do?
How they did between 1890 and 1980? Maybe with paper maps and their eyes? It needs investigating!
I don’t know from 1903 to 1980 but from 1890 to 1903 they did not fly at all. The first “modern” flight happened in December 1903.
Clément Ader ?
They winged it