Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

GPS Spoofing With $3000 Worth of Equipment and a Laptop

timothy posted 1 year,25 days | from the james-bond-villains-go-frugal dept.

Transportation 180

First time accepted submitter svartbjorn writes "Todd Humphreys and a team from the University of Texas proved the concept that a terrorist could take over the navigation of a ship or even a plane, making it appear to the crew that the ship was moving along a straight line course when in fact it was changing course under the control of the device. This raises some serious issues for this being used for terrorist purposes."

cancel ×

180 comments

Sorry! There are no comments related to the filter you selected.

Now (4, Funny)

memnock (466995) | 1 year,25 days | (#44396111)

the feds will require all laptops to be registered and have a remote kill switch installed. Can't let the terrorists win!!

Re:Now (1)

SpaceLifeForm (228190) | 1 year,25 days | (#44396657)

Then you don't let them on the ship with a laptop and antenna.

It's news worthy but isn't at the same time ... (2, Interesting)

oztiks (921504) | 1 year,25 days | (#44397055)

To say that I didn't know this was possible until now would be far from the truth.

As an avid Air Crash Investigation [natgeotv.com.au] fan, both my wife and myself watch this show on a regular basis. I surmised this was possible a number of years ago. I also thought the concept of spoofing transponders on Cars when we eventually started adapting this technology to Cars was also going to pose similar issues as well and funnily enough it was something that did make the news (don't remember the article now but it did make Slashdot) but was done so to trump autonomous driving, for whatever political agenda.

In all honesty, there is NO WAY to step around this problem unless you get rid of autonomous driving/piloting all together. Because of some simple facts

a) You can't tokenise any form of communication because it then deems the process unreliable
b) You can't encrypt it for the same reason
c) You can't in anyway make it COMPLICATED again for the same reason
d) You can't get rid of it because it makes flying unsafe.
e) It's a security hole that cannot be patched, fixed or resolved. Period.

Also the fact that this is a pretty common and is a widespread issue, which only really just made POC now is an absolute joke.

Re:It's news worthy but isn't at the same time ... (4, Informative)

EmperorArthur (1113223) | 1 year,25 days | (#44397421)

Ahh, but you can sign those packets the GPS satellites are sending. The US military uses encrypted GPS to prevent precisely this kind of attack. It also allows them to use their selective denial system to cut off part of the world without affecting their own systems. Ask the Russians about what their latest trip into Georgia taught them about their reliance on GPS.

So, yes the US can fix it, and should. Every country that is working on their own GPS alternative should as well.

Software defined radio is changing the world. It's bringing the price to capture signals down to a $20 USB TV tuner, and the price to send signals to a few thousand dollars. Not bad for something that used to require millions in fab costs to build transmitter ASICS.

Re:It's news worthy but isn't at the same time ... (5, Insightful)

profplump (309017) | 1 year,25 days | (#44397535)

What are you talking about? There are all sorts of things you can do to mitigate such attacks.

For one, you can sign GPS data without encrypting it. Old equipment can use the plain-text data without issue. New equipment can optionally verify the signature, if that makes sense in the particular application. If your systems does choose to verify the signature it can choose to ignore bad signatures, to warn the user, to throw out the lone bad signal, to throw out the whole fix calculation, etc. There's nothing technically complicated about that at all.

Another approach is to cross-verify this data. Planes and boats have inertial guidance (along with accelerometers, magnetometers, altimeters, etc.), which can easily be compared against each other to determine if one system is providing inaccurate data. And several of those systems require no external reference, making them quite difficult to hack. Combining all that data, throwing out the bits that don't match, and calculating a best-fit solution is pretty common even in low-end position/orientation systems, and I have to assume it's bog-standard in things like planes (or could be if it's not). Even cars have access to a lot of other data (wheel speed, engine speed, compass, etc.) that can be used for similar purposes.

And there are simple signal-based protections you can apply, that raise the complexity of an attack without requiring any modification to the broadcast signal. For example, you could use multiple antennas to ensure you're only listening for signals from the right slice of sky. You could track changes in signal level. You could track bitstream synchronization. None of that would prevent a local radio from overpowering the real system, but it would help you catch the switchover.

Not to mention you could provide some absolute reference via out-of-band tracking and comm. -- a system on the ground gets an actual fix based on radar/etc., and every minute or two sends out that fix with a timestamp via a non-GPS comm system. The on-board position tracker could then validate that external fix against its internal fix at the same time, and take appropriate action if there's a mismatch. This wouldn't stop short-term/small-delta attacks, as the data isn't instant and has some margin of error, but it would prevent long-term/large-delta attacks.

And you can do all of those at the same time -- together that's a lot of protection. I also suspect there are a lot of other things you could do to mitigate such attacks; this is just the list of things I could name of without any research or consideration.

It's also worth noting that removing autonomous course tracking (not even actual driving, but the whole navigation solution, as human pilots use the same navigational systems the computer does) does not solve this problem. It's not technically complicated to construct a sextant/stopwatch/etc. that gives false readings to misdirect whatever form of navigation the crew might undertake, even with no computers in sight.

Re:Now (3, Funny)

CODiNE (27417) | 1 year,25 days | (#44397169)

Even better, we can add handprint recognition to knives so they only work for the registered owner.

OMG TERRORIST (5, Insightful)

Spy Handler (822350) | 1 year,25 days | (#44396127)

terrorists could do this, terrorists could do that, they can KILL YOU in so many ways! Run for your lives! Or better yet, submit to your federal overlords via TSA DHS who will keep you safe!

Actually no, fuck the terrorists, they're third world noobs living in mud huts and the best they could do in 12 years of trying realyl hard is to hijack a few planes with knives. You have more to fear from your own government than any terrorist.

Over and out

but there's this new thing called a knife! (2)

raymorris (2726007) | 1 year,25 days | (#44396195)

Imagine what terrorists could do with a knife!
Hint - 9/11

Meanwhile, the government IS, admittedly, tracking of your phone calls and emails. Have you called your Congressman yet? Posted on their Facebook page?

Re:but there's this new thing called a knife! (4, Insightful)

anagama (611277) | 1 year,25 days | (#44396469)

And you know what? That entire problem was solved by putting locks on the door. For the 110% solution, the Feds no longer tell people to comply with hijacker's demands.

Everything else, the gutting of the Constitution -- that's just gravy for our rulers.

Re:but there's this new thing called a knife! (1)

icebike (68054) | 1 year,25 days | (#44396667)

And you know what? That entire problem was solved by putting locks on the door. For the 110% solution, the Feds no longer tell people to comply with hijacker's demands.

Except now the feds are back on the Be Sheep and Run Away kick.

Re:but there's this new thing called a knife! (0)

Anonymous Coward | 1 year,25 days | (#44396895)

Unlike the states that have made it legal to kill children.

Re:but there's this new thing called a knife! (0)

Anonymous Coward | 1 year,25 days | (#44397025)

Can we kill the 40 year old religious zealots, yet?

Re:but there's this new thing called a knife! (0)

Anonymous Coward | 1 year,25 days | (#44397335)

Actually the solution was not locks on the door.

The solution was changing the 'comply with the hijacker's demands, they want you alive' to 'they do not care if you live or die, and successful execution of their plan will result in your death.' Suddenly, the only way to take a plane is to kill pretty much everyone on board. ... or get to the controls and kill 2-3 people.

You know what? I think it may be safer without the locks on the door.

Re:OMG TERRORIST (1, Flamebait)

Jane Q. Public (1010737) | 1 year,25 days | (#44396265)

"Actually no, fuck the terrorists, they're third world noobs living in mud huts and the best they could do in 12 years of trying realyl hard is to hijack a few planes with knives. You have more to fear from your own government than any terrorist."

And that's assuming, of course, that they really did it to begin with. I'm not about to claim otherwise, but the evidence is actually pretty thin and there is a lot of counter-evidence. That's just the truth.

But anyway... I think really the bigger question is: who ever really doubted this could be done? All it takes to spoof a radio signal is a stronger signal... and GPS is a pretty damned low-power signal.

Of course, you do have to do the actual spoofing... that's where the $3000 comes in. But I mean, it has always been technically feasible. I guess they're just saying it's cheaper now.

Seriously??? (0, Flamebait)

Jane Q. Public (1010737) | 1 year,25 days | (#44396605)

Gimme a break. "I'm not about to claim otherwise, but the evidence is actually pretty thin..." gets modded as "flamebait"???

I just love how there are still people who mod people down for telling the truth, just because it's not politically correct. I thought the "politically correct" fad died out more than 5 years ago.

Re:Seriously??? (0)

Anonymous Coward | 1 year,25 days | (#44396889)

Because the evidence is not thin, and even if it was, you do not need huge amounts more proof to prove the most obvious and likely explanation. The "terrorists" had motive (fanatical religion) and means (when hijackers take over the plane no one thought they would try to crash it while still inside, standard orders where do what the hijackers say) and there is plenty of evidence they where on the plains and took them over . It was not even that hard to do, where is the evidence thin?

And yes several paranoid people have claimed to have proof that the plains could not have taken down the building, as if they would have to act as bombs. This is not how the plains took the building down, a good fire halves the strength of steal well before it starts to melt (and the fireproofing in the world trade centre had already proven insufficient and was early in the proses of being replaced), this is all that is needed to explain the collapse.

Re:Seriously??? (1)

dryeo (100693) | 1 year,25 days | (#44397481)

You're unclear about whether talking about the 9/11 hijackers or the GPS spoofers. I first thought that you were talking about 9/11 where the evidence is pretty clear that someone flew some planes into some buildings. I'm not knowledgeable enough to comment on the GPS spoofing though it seems possible.

Re:Seriously??? (1)

Jane Q. Public (1010737) | 1 year,25 days | (#44397591)

"You're unclear about whether talking about the 9/11 hijackers or the GPS spoofers. I first thought that you were talking about 9/11 where the evidence is pretty clear that someone flew some planes into some buildings."

Considering that I quoted the part I was replying to, it hardly seems unclear to me.

But the second thing is: yes, definitely, somebody flew some airplanes into some buildings. Just about anybody would have to be a fool to claim otherwise. But what does that have to do with my comment?

Re:OMG TERRORIST (1)

Shavano (2541114) | 1 year,25 days | (#44396613)

It's pretty tricky, really. You have to simulate at least 4 satellites' signals, compensating for their orbital movement at the position where you want to tell your target it's located.

Re:OMG TERRORIST (2)

icebike (68054) | 1 year,25 days | (#44396723)

It's pretty tricky, really. You have to simulate at least 4 satellites' signals, compensating for their orbital movement at the position where you want to tell your target it's located.

But its just numbers and time. That's all the GPS receiver knows about. It knows nothing actual orbits or movements. Just precise time and epheremis numbers. [wikipedia.org]
The signals would be trivial to generate with a computer.

GPS jammers are even easier. I was approaching a tractor trailer in Utah one moment, and the next the GPS was in a "Recalculating" frenzy and I was jumping from Montana to Iowa and points in between. After I was half a mile away from the rig everything was back to normal. Apparently some long-haul truckers don't like to be tracked [arstechnica.com] . The thing was, the GPS didn't say it lost signal, it indicated I was suddenly in specific locations hundreds of miles away.

Re:OMG TERRORIST (1)

ebno-10db (1459097) | 1 year,25 days | (#44396779)

I was approaching a tractor trailer in Utah one moment, and the next the GPS was in a "Recalculating" frenzy and I was jumping from Montana to Iowa and points in between.

Sounds like your GPS needs better position filtering.

Re:OMG TERRORIST (0)

Anonymous Coward | 1 year,25 days | (#44396339)

All utensils are now banned besides chopsticks and forks.

Re:OMG TERRORIST (-1)

Anonymous Coward | 1 year,25 days | (#44396387)

Sporks* goddammit.

shitfucknigger
why must i always fuck up my comments

Re:OMG TERRORIST (1)

Shavano (2541114) | 1 year,25 days | (#44396591)

Or pirates could run ships aground so they can steal the cargo. Also useful for defending targets against military guidance systems.

Re:OMG TERRORIST (1)

jamesh (87723) | 1 year,25 days | (#44396655)

Actually no, fuck the terrorists, they're third world noobs living in mud huts and the best they could do in 12 years of trying realyl hard is to hijack a few planes with knives.

In a lot of ways that's a "better" feat than crashing a plane with a rogue GPS signal. There's next to nothing feasible the government could do to the people to stop this happening.

OTOH, by taking down a few planes with knives the terrorists have manage to make the American government really work hard against the people, instead of for the people. Some might argue that it was already, but it's definitely worse now. The average American is now worse off because of 9/11, mainly because of the governments reaction, not the terrorist act itself.

If i was a terrorist, i'd be pretty pleased with myself.

Re:OMG TERRORIST (2)

interkin3tic (1469267) | 1 year,25 days | (#44396927)

This has always been evident to anyone with half a brain, yet it hasn't stopped the insanity. So perhaps we can use the paranoia of terrorism to do good things.

I don't know really anything about GPS. I've heard the military has one or two better systems which are barred from civilian use, but aren't that hard to use. Maybe we could use "OMG TERRORISM!" as an excuse to demand it for everyone. Alternatively, if military grade GPS is vulnerable to the same attack here, then it seems like that could have actual security implications. "Oh no, a plane is off course" is less of a threat than "Oh no, a cruise missile is off course" but maybe no one gave a shit until they mentioned terrorism.

Anyway, I think we should be using the constructed threat for actual important things, for instance, getting regulation on antibiotic use. The brits are starting to use terrorism as a reason why we need to clamp down on antibiotic abuse [nature.com] . A tool is only as good or as evil as the person using it. "We have to protect against the terrorists" has been used mainly to justify writing big checks to the military industrial complex, and ideally the voters would, as you suggest, grow brains and relax about terrorists. In the meantime, we could use the tool for good.

Gyros (4, Interesting)

BetterSense (1398915) | 1 year,25 days | (#44396133)

This is why ships still have gyros. GPS is too handy not to use, but I'm pretty sure most large oceangoing vessels also have navigation gyros. The question then is, what happens when GPS gets spoofed...does the system/crew assume the GPS is broken or the gyro broken?

Re:Gyros (5, Funny)

the_other_chewey (1119125) | 1 year,25 days | (#44396175)

This is why ships still have gyros.

So the only vessels at risk are those with 100% vegetarian crews.
It's probably not too much of an issue then...

Re:Gyros (1)

Anonymous Coward | 1 year,25 days | (#44396213)

Pleeb: "Gyro is reading funny, Captain!"

Captain: "What do you trust more, satellites in space, or this little spinning thing that I don't even?"

Pleeb: "Sir, but according to this, the sun is due North!"

Captain: "Did you not not hear me, FRIGGIN SATELLITES...in SPACE!! Go scrub the poop deck!"

Stupid archaic mechanical spinning things.

Re:Gyros (1)

ebno-10db (1459097) | 1 year,25 days | (#44396225)

This is why ships still have gyros.

Are you talking gyro compasses or full blown inertial nav?

Re:Gyros (5, Insightful)

Rich0 (548339) | 1 year,25 days | (#44396359)

In the case of airliners, it is usually full inertial navigation. Usually three independent inertial systems which continual comparison. The navigation system uses all the inertial systems as inputs, usually 1-2 GPS systems as input, and also radio navigation beacons (not very precise, but good enough for anything but landing). The GPS mainly provides long-term stability to the inertial systems, which are the direct reference.

Any area navigation system used in an aircraft for navigation in non-visual conditions has to meet a number of standards, which include the ability to measure its own performance/inaccuracy. I'm not sure if the spoofing in this article would defeat that - it isn't enough to give a false position - you need to give a false position which looks very accurate, and which drifts from the real position slowly enough that if the aircraft has inertial navigation it will consider the change plausible.

Even then, you'll also have to jam all the local radio navigation beacons which is going to be noticed most likely. If the aircraft tunes a radio beacon and gets inconsistent values from every station it tunes (automatically) it will probably report a navigation failure to the crew who will take it into account (and you'd be surprised how well a plane can do with nothing but the magnetic compass, good wind reports, and dead reckoning).

If you did manage to confuse the plane it really would only be a problem low to the ground in fairly mountainous terrain, unless you can keep it up for hours to get it way off course (and the crew will notice when they can't tune stations that are supposed to be in range and ATC will surely notice until they go entirely to ADS-B - and in the case of international flight the air defense identification zones surrounding many countries including the US will have active radar for obvious reasons). Most actual landings use ILS, which is completely independent of GPS - the aircraft won't really descend enough to hit buildings until it is on the ILS glideslope which is guaranteed to be clear. Only an actual GPS-based runway approach would get the plane low enough to hit something unless there are mountains nearby.

So, an attack would be hard to pull off against an airliner. Small planes do not have so much redundancy, but their GPS units still try to evaluate position accuracy and generate warnings (which pilots are trained to heed) when they believe they are having problems.

All that aside, GPS signals really need to have authentication embedded. That said, they would still be vulnerable to replay attacks if the main signal could be jammed and the receiver did not have a sufficiently accurate clock to spot replays (it would have to be VERY accurate over fairly long periods of time).

Re:Gyros (1)

jamesh (87723) | 1 year,25 days | (#44396679)

Seems easier just to shoot it out of the sky...

Re:Gyros (1)

ebno-10db (1459097) | 1 year,25 days | (#44396767)

Didn't you learn anything from Dr. Evil? Just shooting them is nowhere near as classy as sharks with frickin' laser beams attached to their heads!

GPS does have authentication (0)

Anonymous Coward | 1 year,25 days | (#44396989)

It's called the P/Y code and it's cryptographically secure (sort of).

These jamming/spoofing attacks would generally not work in aircraft situations, because of internal cross checks. A big ship would have similar.

A small boat (50 ft sort of thing) with a consumer GPS hooked up to the autopilot? Yeah, I'd believe you could spoof it, because it relies on a human as the safety measure. Hmm, GPS says heading 90 degrees, but the compass says we're heading 0? Something is wrong.

Re:Gyros (0)

Anonymous Coward | 1 year,25 days | (#44397175)

Airplanes have another last ditch fail safe system (granted it only works in the day and when it's reasonably clear). It's called looking out the windows. Or angling the radar sweep down and reading surface features. Or calling the tower and asking where the hell they are (doesn't work everyplace). Airplane design and operations religion is backup, backup, backup.

Re:Gyros (1)

Anonymous Coward | 1 year,25 days | (#44396231)

Ships have not only Gyros, but DVLs. DVLs can fit into something as small as an AUV. If the ship has a proper integrated solution, then their software/firmware should alert them of the invalid data(think the DVL track overlaid with GPS) with a large discrepancy between the two). It would be much more horriffic if terrorists just comandeered a cruise ship and steered it right into a populated waterfront, like they tried to do in that movie Speed 2.

DVLs and other sensors with extremely high accuracy, unlike laptops, are ITAR-controlled items and so are unlikely to fall into the hands of durka-durka terrorists. IED's are much more dangerous and cost-effective anyway.

-- Ethanol-fueled

Re:Gyros (1)

ebno-10db (1459097) | 1 year,25 days | (#44396465)

Ok, I'll bite. What's a DVL? (my usual deacronymizing techniques fail me).

If it's ITAR controlled though, that means a lot of ships won't have it. Best to keep the compass and sextant handy. Maybe even keep your eyes open.

Re:Gyros (1)

Anonymous Coward | 1 year,25 days | (#44396717)

A DVL is a gadget which uses directional echolocation and the doppler shift to determine, among other things, the velocity of the bottom relative to the vessel -- in other words, single-percent accurate "dead-reckoning" (two paces north, three paces east etc.) navigation when GPS fails(which happens to be everywhere under the water) and a INS fails or is not available.

There are different levels of ITAR control, and even within those levels there's a lot of hustling and politics behind the scenes to determine which countries can be just given the DVL's(England for example), which countries are eligible but have to apply for an export license they may or may not get(Argentina for example), and which countries(Iran, Syria, North Korea, Sudan, Cuba) are not at this time allowed to receive them at all.

I speak with authority in these matters because I am a shipyard prostitute.

-- Ethanol-fueled

Re:Gyros (1)

ebno-10db (1459097) | 1 year,25 days | (#44396749)

I speak with authority in these matters because I am a shipyard prostitute.

A time honored profession.

Re:Gyros (0)

Anonymous Coward | 1 year,25 days | (#44396909)

I speak with authority in these matters because I am a shipyard prostitute.

Now that's a Dirty Job.

Re:Gyros (0)

Anonymous Coward | 1 year,25 days | (#44397329)

and a paper map

Re:Gyros (1)

The MAZZTer (911996) | 1 year,25 days | (#44396367)

Well if you're trying to follow the GPS going straight, and it leads you to the side, presumably more than just the gyros will indicate you're steering a little to the side, and the gyro is going to match up with that... compass too at least, I dunno too much about boats to guess at what else.

Re:Gyros (1)

Hans Lehmann (571625) | 1 year,25 days | (#44396903)

Based on what I've read on the Internet, students in the U.S. Naval Academy aren't even taught how to use a sextant any more, because, you know, we have GPS now.

Re:Gyros (1)

profplump (309017) | 1 year,25 days | (#44397561)

They already use both and track the relative error, because that's useful even in normal operation. Inertial tracking systems are subject to drift over time (and are useless when you're not moving). GPS can correct for this drift, but requires external resources. So it's pretty common to tie the systems together and have it whine when the correction the GPS demands is outside the amount of drift expected by the inertial guidance system, because that helps detect normal, non-hacking failures in either system.

How the crew would react depends on what sort of error it shows and how relevant that is to their operations. Bear in mind that being off even by a couple of miles isn't a big problem in most oceanic navigation, so the amount of acceptable error is pretty large in many cases. And remember that in order to do inertia-based navigation you need a log of your previous positions, so it's possible to look you your past position fixes to effect a "roll back" to better data -- that won't tell you exactly where you are now, but it will give you a good starting point for figuring out what's wrong with your navigation system.

TERRORISDTS ?? (0)

Anonymous Coward | 1 year,25 days | (#44396153)

A kid with a laser pointer is not a terrorist but seems to not understand the extreme danger man !! Put this same kid in the plane and he still won't !! The king is dead !! And no I do not expect the self-called Mythbusters to get to the bottom of this, or anything, anymore !!

Iran already did this (2, Interesting)

Anonymous Coward | 1 year,25 days | (#44396159)

They already did this trick to snag an american drone. Old news.

Re:Iran already did this (1)

ebno-10db (1459097) | 1 year,25 days | (#44396477)

Iran claimed that's what they did.

Re:Iran already did this (1)

Shavano (2541114) | 1 year,25 days | (#44396633)

Indeed, and the fact that college students have now done it makes their claims plausible.

Wait a second... (0)

Anonymous Coward | 1 year,25 days | (#44396169)

Are you saying that those other countries that claim to have done this exact same thing might have actually done what they said they did?

Why would the United States Government lie to us about something like that?

Already happened (1)

Anonymous Coward | 1 year,25 days | (#44396199)

If Iran's claim is true they took control and captured a US drone by spoofing GPS signals: https://en.wikipedia.org/wiki/Iran%E2%80%93U.S._RQ-170_incident

Already didn't happen (0)

Anonymous Coward | 1 year,25 days | (#44396365)

Wired had a good article that explains the reasons why their claim is probably false

http://www.wired.com/dangerroom/2011/12/iran-drone-hack-gps/

Re:Already didn't happen (0)

Anonymous Coward | 1 year,25 days | (#44396443)

That same article states that the US Military knew that GPS spoofing was a possible danger for 20-30 years.

Which signal? (4, Interesting)

KDN (3283) | 1 year,25 days | (#44396205)

What they don't say is whether he is spoofing the CA signal, which is publically known and documented, the P signal, which is encrypted, and best I can recall, is not publically known, or the WAIS signal, which I have no bleeping idea.

Re:Which signal? (1)

ebno-10db (1459097) | 1 year,25 days | (#44396255)

The P signal is only available to the military. I doubt they're spoofing it. Last I heard the weekly(?) code distributions are such a security pain that sometimes even the military doesn't use it. The military might benefit from an unspoofed P signal, but it won't help civilian planes or ships.

Re:Which signal? (1)

Pinhedd (1661735) | 1 year,25 days | (#44396863)

This is correct. P code isn't very easy to use as it requires first acquiring CA code and then transferring the lock to a decoder. The newer M code is quite a bit more versatile but very little is known about it.

Re:Which signal? (1)

Entropius (188861) | 1 year,25 days | (#44396309)

Could you not still spoof the encrypted signals by time-delaying them, without bothering with the decryption?

GPS is just a bunch of clocks, no? Just record the encrypted signals and play them back with time delays (of a fraction of a second) at higher power designed to give false position readings.

Re:Which signal? (1)

ebno-10db (1459097) | 1 year,25 days | (#44396411)

You can't just "store and forward" them because the received signals are quite noisy (especially before despreading!). You really have to receive and regenerate the signals. It's not a trivial thing to do, but it's not like there are only six people in the world who could do it (I used to work on CSMA and a bit of GPS).

Terrorism (0)

Anonymous Coward | 1 year,25 days | (#44396209)

Created, managed, controlled, dictated, and fostered by the CIA

All terrorist acts are inside jobs my friends, as was 9/11.

http://www.ae911truth.org/ [ae911truth.org]

As for the "serious concerns about terrorism" , you should be asking your congress people who the real terrorists are.

Re:Terrorism (0)

Anonymous Coward | 1 year,25 days | (#44396641)

who the real terrorists are.

Oh, this is easy. It's man, of course! I saw The Twilight Zone when I was a kid.

A more technical explanation (4, Informative)

Anonymous Coward | 1 year,25 days | (#44396215)

Old news. If you want a less sensationalistic, more technical discussion of how this is done, see this article http://www.gpsworld.com/drone-hack/.

In brief:
1) Yes, it's possible but there are a lot of issues that make it less than practical
2) It's a non-issue for military positioning systems, which use encrypted, time-stamped signals.
3) Experts are already aware of the problem and are working on solutions.

Re:A more technical explanation (1, Insightful)

ebno-10db (1459097) | 1 year,25 days | (#44396377)

Old news. If you want a less sensationalistic, more technical discussion of how this is done, see this article http://www.gpsworld.com/drone-hack/ [gpsworld.com] .

In brief:
1) Yes, it's possible but there are a lot of issues that make it less than practical
2) It's a non-issue for military positioning systems, which use encrypted, time-stamped signals.
3) Experts are already aware of the problem and are working on solutions.

What issues make it less than practical? I read the article and I didn't see any major problems with doing it, nor did the authors.

As for "experts are already aware of the problem and are working on solutions", it reminds me of the last scene in the 1st Indiana Jones movie, where the Ark of the Covenant is being put into a seemingly endless warehouse. "Don't worry Dr. Jones, we have top people working on it". "Who?" asks Jones. "Top people".

Yes, it is possible to fix, but does that mean it isn't worth paying attention to? It hasn't been fixed yet. I also didn't find the article Slashdot linked to to be terribly sensationalistic.

Re:A more technical explanation (0)

Anonymous Coward | 1 year,25 days | (#44396537)

>What issues make it less than practical?
Try reading the paragraph that starts with "Developing a full spoofer-based control system for a UAV is a difficult problem..." and the two that start with "Constructing from scratch a sophisticated GPS spoofer like the one developed by UT is not easy..." or the one that starts with "There are also a number of promising non-cryptographic techniques for civil GPS spoofing detection...". More techniques are being added all the time; subscribe to GPS World if you want updates.

>Yes, it is possible to fix, but does that mean it isn't worth paying attention to?
You're welcome to pay attention if you feel like it but it won't get the problem fixed any faster. The ultimate solution, the authenticable civilian signal proposed in the article, would require launching a new constellation of satellites, a fifteen to twenty year undertaking.

Re:A more technical explanation (1, Informative)

ebno-10db (1459097) | 1 year,25 days | (#44396665)

Try reading the paragraph that starts with "Developing a full spoofer-based control system for a UAV is a difficult problem..."

You mean the paragraph that also says "causing a UAV to spin out of control and crash is not difficult with a spoofer"?

"Constructing from scratch a sophisticated GPS spoofer like the one developed by UT is not easy..."

Which ends with "the trend toward software-defined GNSS receivers for research and development, where receiver functionality is defined entirely in software downstream of the A/D converter, has significantly lowered the bar to spoofer development in recent years."

or the one that starts with "There are also a number of promising non-cryptographic techniques for civil GPS spoofing detection...".

Which certainly jibes well with my statement that "it is possible to fix".

You're welcome to pay attention if you feel like it but it won't get the problem fixed any faster.

That's true of most of the news I read. Should I take it that you never read news or consider the possibilities unless changing it is under your direct control? If so, why are you even reading this site or commenting here?

"Terrorist", sure.... (1)

Anonymous Coward | 1 year,25 days | (#44396233)

I'm so sick about the high-tech terrorist straw man. Let's be honest, the first to use technology like that, probably against their own population, are our governments.

Terrorist don't use cyberweapons of mass destruction, three letter agencies do.

sorry bout that (0)

Anonymous Coward | 1 year,25 days | (#44396257)

Had a party, left my black Book of inventions that should never be built out on the coffee table..
And some escaped.. good luck with that, plenty more where that came from.

farewell (1)

Spaham (634471) | 1 year,25 days | (#44396281)

Say goodbye to your laptop onboard :)
problem fixed \o/

Well, obviously (2)

russotto (537200) | 1 year,25 days | (#44396295)

There's a reason the encryption on the P(Y) signal is part of a system called "anti-spoofing". The potential to spoof the C/A code was understood from the beginning, and it getting cheaper is expected as well.

Still many unanswered questions (2)

dwillden (521345) | 1 year,25 days | (#44396305)

How close were they? Sounds like they were on the ship. Can this attack be performed by technologically unskilled "terrorists" from a distance or might the captain get suspicious of the small ship following at less than 100 meters. Or will the pirates have to board the ship to do this. Just because it can be done by highly educated professional researchers who do nothing but try to find ways to do this does not mean terrorists can do it. Yes the Iranians did it with a drone but do we know exactly how they did it, did they have to fly in close proximity to it? Or build a network of vastly overpowered GPS ground stations to overpower the satellite signals?

Re:Still many unanswered questions (1)

ebno-10db (1459097) | 1 year,25 days | (#44396609)

Just because it can be done by highly educated professional researchers who do nothing but try to find ways to do this does not mean terrorists can do it.

No, it doesn't. I'm not going to loose sleep over this. But that doesn't mean it's not a concern and shouldn't be fixed.

Load of garbage (0)

Anonymous Coward | 1 year,25 days | (#44396327)

These clowns have no clue about how real navigation SYSTEMS, like the ones I work on, work. I'm not going to give these idiots what they need, but to put it very simply: we specifically verify, as part of our development testing, that messing with the GPS signals will not cause any problems. When lives depend upon the SYSTEMS you develop, you do not make them vulnerable to the sort of amateur-hour sensationalist "experiments" of twerps like these guys (who, if they REALLY knew how to do this stuff, would be DOING and not TEACHING). What they are doing is good for PR, great for scaring the public into demanding new laws, and probably a good way to get papers published and more research grant money... but they are not keeping anybody I know in the industry from sleeping well at night.... of course WE know exactly how our stuff works and how it will react to various events. NOTE: they are "spoofing" GPS systems (not the complete navigation systems) on a commercial ship and on a model airplane (not an actual "drone") .... ooooooooohhhhhh, SO scary!

Re:Load of garbage (0)

Anonymous Coward | 1 year,25 days | (#44396475)

You sound like an insufferable, arrogant faggot. Did you get beat up a lot when you were a kid?

Re:Load of garbage (1)

mmell (832646) | 1 year,25 days | (#44397275)

Yeah, he did get beat up a lot - by guys like you.

Now, he's your boss. For teh win!

Re:Load of garbage (1)

ebno-10db (1459097) | 1 year,25 days | (#44396511)

These clowns have no clue about how real navigation SYSTEMS, like the ones I work on, work.

We are so impressed. You've heard of redundancy and sanity checking. Ooh-ahh.

I'm not going to give these idiots what they need ...

Don't worry, they can figure it out just fine without your vast and impressive knowledge.

Seen this before (1)

Anonymous Coward | 1 year,25 days | (#44396335)

This sounds like the plot from https://en.wikipedia.org/wiki/Tomorrow_Never_Dies, but with less sexy spies and less stealth ships.

Ship or Plane???? (2)

l0ungeb0y (442022) | 1 year,25 days | (#44396453)

a terrorist could take over the navigation of a ship or even a plane,

Put a few dozen of these between LA and Long Beach and you can create traffic jams that will cripple a fundamental portion of the manufacturing supply chain to the US by sending tourists and GPS addicted drivers to the wrong off ramps, causing them to get back on, thereby blocking access to the main arterials and causing miles of gridlock and congestion preventing vital shipment from getting to and from the Ports in a timely manner. And just how long would it take for the DoT or local authorities to realize that a week long Carmageddon was maliciously manufactured?

Tomorrow Never Dies (1)

Anonymous Coward | 1 year,25 days | (#44396457)

Awesome, we can make James Bond movies happen!

Re:Tomorrow Never Dies (4, Funny)

ebno-10db (1459097) | 1 year,25 days | (#44396517)

Awesome, we can make James Bond movies happen!

On Slashdot you can easily find the know-how to do everything in a James Bond movie, except get the girl.

EXCEPT FOR THE RUDDER POSITION INDICATOR (1)

mutantSushi (950662) | 1 year,25 days | (#44396485)

They can spoof the GPS position which plots on a navigational map, but if the ship is not moving in a straight line that means the rudder (or steerable propulsion pods) need to move, which have their own indicators. If the steering is locked to a wheel, the ship will not turn unless that wheel turns.

Re:EXCEPT FOR THE RUDDER POSITION INDICATOR (1)

ebno-10db (1459097) | 1 year,25 days | (#44396527)

If all you need to tell your bearing is the rudder position, then why was the compass considered a big deal?

Re:EXCEPT FOR THE RUDDER POSITION INDICATOR (1)

mutantSushi (950662) | 1 year,25 days | (#44396787)

Of course rudder position doesn't indicate heading, which is why I did'nt write that. But if GPS spoofing is to "take over navigation without pilot detection" and divert a ship or plane from it's straight line path, that means the rudder needs to turn to achieve that adjusted path... Which the pilots would be able to detect if an autopilot initiates it, and if they are not on autopilot, GPS spoofing alone cannot "take over navigation".

Re:EXCEPT FOR THE RUDDER POSITION INDICATOR (1)

ebno-10db (1459097) | 1 year,25 days | (#44397023)

That's true if you suddenly make a major change in heading, but a few degrees is another matter.

Re:EXCEPT FOR THE RUDDER POSITION INDICATOR (0)

Anonymous Coward | 1 year,25 days | (#44396543)

Steering a ship isn't like driving a car. There are currents and winds to compensate for as well.

HP-41cv (0)

Anonymous Coward | 1 year,25 days | (#44396503)

I have a nav pac with an hp-41cv, along with a bunch of handwritten ocean seafaring notes in the manual

I'll take that over your new fangled gps stuff any day.

I wonder who j hazelwood was

Re:HP-41cv (1)

Ken_g6 (775014) | 1 year,25 days | (#44396957)

I wonder who j hazelwood was

Apparently nobody with mod points looked this up. [wikipedia.org] Although I guess if you have to look something up to get the punch line of a joke, maybe it isn't very funny.

Dear Americans (0)

Anonymous Coward | 1 year,25 days | (#44396599)

Fuck you and your "terrorist" bullshit.

Sincerely,
The Rest Of The World ("that place beyond your country borders")

=================

Seriously, I'm getting tired of this crap. I guess I should expect nothing less from Fox News. It's unbelievable- someone finds an exploit in some existing system, and suddenly the entire thing is tied to terrorism. Why? What does that add to the story? Nothing of value from my point of view. It seems like mindless scaremongering, and frankly the frequency at which stories like this occur is quite alarming. It's almost as if the American public has been conditioned towards the word "terrorism", and they expect to hear it as some sort of indication that the government or some random agency is doing its job or something.

Archaic Tools (2)

Bucc5062 (856482) | 1 year,25 days | (#44396615)

There is this strange device called a...what was it a gain...oh a compass. The cool device that relies on something pretty hard to spoof, Earth's magnetic field as I remember. Ships and airplanes still carry a compass on board (well I know airplanes do) as backup to all that electronic stuff, because every now and then the power goes out and pilots are trained to fly and navigate by compass. They also cross check (or they should) the modern equipment with the analog to validate the primary instruments.

Just because someone says they can do something does not mean its really viable or will work well. Still waiting on flying cars, long lasting batteries, and fusion power plants so this type of drama news is not even close to registering on the danger meter.

Re:Archaic Tools (1)

Dominare (856385) | 1 year,25 days | (#44396695)

Yes, or perhaps we could install some kind of giant light in the sky, the position of which would provide an easy reference frame for one's heading.

Re:Archaic Tools (2)

ebno-10db (1459097) | 1 year,25 days | (#44396803)

Fusion power? That's 20 years off.

Re:Archaic Tools (0)

Anonymous Coward | 1 year,25 days | (#44397193)

It's not that hard... I have several compass spoofing devices attached to my refrigerator right now.

Re:Archaic Tools (0)

Anonymous Coward | 1 year,25 days | (#44397613)

A small coil arround the compass, or a large one around the boat will take care of the compass. Don't forget this jammer needs to be on the ship to begin with, so it may not be to hard to create a fixed magnetic field to pull the compass to match the new gps coords.

Tomorrow Never Dies (0)

Dwedit (232252) | 1 year,25 days | (#44396651)

Didn't this kind of thing happen in that James Bond film, Tomorrow Never Dies?

That's how Iran hijacked a US drone (1)

SensitiveMale (155605) | 1 year,25 days | (#44396849)

and Obama and the DoD didn't do a damn thing about it.

steer off course without the captain knowing? (0)

Anonymous Coward | 1 year,25 days | (#44396999)

Only if the captain never looks at the compass or the position of the helm.

If the ship's master is willing to let the ship be guided only by GPS with no cross checks, then he deserves what he or she gets.

This is, in concept, no different than those stories of people driving into parks by blindly following their GPS instructions.

This is what sensor integration is for!!! (1)

John Sokol (109591) | 1 year,25 days | (#44397015)

We have gps, gyro's , accelerometers, magnetometers in our Cell phones.

It would seem anyone serious would use GPU in conjuction with Inertial sensors and also include maybe a 180 Sky view to check the sun or stars positions and LORAN, VAR and VOR as well as shortwave, commercial terrestrial TV and Radio broadcast strength, phase, call signs which could also provide decent navigation information.

In addition there are navigation units that combine GPS and GLONASS the Russian version to gain better accuracy and reliability.
http://www.qualcomm.com/media/blog/2011/12/15/gps-and-glonass-dual-core-location-your-phone [qualcomm.com]

There is also IRNSS: India, Galileo: EU and Compass: China.

Lastly if on land, I think Google is also using Wifi MAC addresses which should in theory be unique although some low end vendors reuse them or just make them up.

GPS is not seen as a trusted device.... (1)

lookingglass (2935519) | 1 year,25 days | (#44397179)

Don't know about ships or drones, but in airplanes the GPS only provide part of the picture. Navigation in airplanes require at least 2 (different) means of assessing position (radio beacon (NDB), GPS/VOR/Tacan/MLS/ILS/Radar/Compass/map/Etc). As those means are always cross checked against each others, a malfunctioning/corrupted GPS would be found relatively quickly.

Now if only... (0)

Anonymous Coward | 1 year,25 days | (#44397229)

All captains exclusively used the new and already obsolete GPS system exclusively for navigation...that'd be even scarier!

Everything Fox News says is a lie (0)

Anonymous Coward | 1 year,25 days | (#44397251)

Even true things, once said on Fox News, become lies.

And the children! (1)

hduff (570443) | 1 year,25 days | (#44397429)

What about the children?

007 will take care of this (1)

Joe_Dragon (2206452) | 1 year,25 days | (#44397451)

And he has the right to give on the spot death sentences

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>