first GPS spoof in the wild?

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Paul Saffo <paul () saffo com>
> Date: August 12, 2017 at 9:39:22 AM EDT
> To: Dave Farber <dave () farber net>
> Subject: first GPS spoof in the wild?
>
> For IP if you think it would be of interest. This is why the scramble to upgrade LORAN-C to eLoran, esp out here in 
> the Pacific.
> -p
>
> https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/
>
> New Scientist
> DAILY NEWS  10 August 2017 
> Ships fooled in GPS spoofing attack suggest Russian cyberweapon
>
> GPS signals of 20 ships in the Black Sea were hacked to indicate they were 32km inland
>
> By David Hambling
>
> Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for 
> spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available 
> to everyone from rogue nation states to petty criminals.
>
> On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the 
> Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at 
> Gelendzhik Airport.
>
> After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS 
> traces – signals from the automatic identification system used to track vessels – placed them all at the same 
> airport. At least 20 ships were affected.
>
> While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a 
> spoofing attack that has long been warned of but never been seen in the wild.
>
> Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While 
> this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to 
> jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. 
> “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former 
> president of the UK’s Royal Institute of Navigation.
>
> Todd Humphreys, of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many 
> years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS 
> spoofing. “The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks my team 
> conducted,” says Humphreys.
>
> Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over the past year, GPS spoofing 
> has been causing chaos for the receivers on phone apps in central Moscow to misbehave. The scale of the problem did 
> not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the 
> Kremlin, relocates anyone nearby to Vnukovo Airport, 32 km away. This is probably for defensive reasons; many NATO 
> guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them 
> to hit their targets.
>
> But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that 
> spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build 
> his first spoofer from scratch in 2008, but notes that it can now be done with commercial hardware and software 
> downloaded from the Internet.
>
> Nor does it require much power. Satellite signals are very weak – about 20 watts from 20,000 miles away – so a 
> one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon.
>
> If the hardware and software are becoming more accessible, nation states soon won’t be the only ones using the 
> technology. This is within the scope of any competent hacker. There have not yet been any authenticated reports of 
> criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle or drone 
> delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker 
> would just need a short-ranged system to affect one vehicle.
>
> But Humphreys believes that spoofing by a state operator is the more serious threat. “It affects safety-of-life 
> operations over a large area,” he says. “In congested waters with poor weather, such as the English Channel, it would 
> likely cause great confusion, and probably collisions.”
>
> Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if 
> used in the ongoing dispute with Ukraine. “My gut feeling is that this is a test of a system which will be used in 
> anger at some other time.”



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170812113131:4F01BB54-7F73-11E7-98A0-DC14AD52D01D
Powered by Listbox: http://www.listbox.com