Know your location: The effects of GPS spoofing and jamming

Artificial satellites have transformed the world in a variety of ways, not only for communicating relays and previously unimaginable planetary observations, but also for enabling incredibly accurate navigation. A so-called global navigation satellite system (GNSS), or satnav for short, uses data provided by satellites to pinpoint a location on the surface within a few centimeters.

The US Global Positioning System (GPS) is the first GNSS, the satellites were launched in 1978, although it was available to civilians in a degraded precision mode. When fully accurate GPS was released to the public under the Clinton administration in the 1990’s, it increased the public’s acceptance of everything from fishing boats and merchant ships to today’s navigation using nothing but a smartphone. .

Nonetheless, the GNSS has a dark side that extends beyond the military use of cruise missiles and directing relatives to their targets. It comes in the form of jamming and spoofing GNSS signals, which can hide illegal activity from surveillance systems and disrupt or disable enemy systems during combat. Along with other forms of electronic warfare (EW), the GNSS signal interceptor creates a powerful weapon that can render most modern avionics and drone technology useless.

With that in mind, how significant is the threat, especially from GNSS spoofing, and what are the ways to detect or prevent it?

Transient location

GPS Autonomous Location Using Satellite Navigation Solutions (Credit: Jan Van Sickle, GPS for Land Surveyors)
GPS Autonomous Location Using Satellite Navigation Solutions (Credit: Jan Van Sickle, GPS for Land Surveyors)

The basic concept of a GNSS is fairly straight-forward: ground-based receivers listen to signals from satellites as part of specific GNSS constellations. Each GNSS satellite encodes a collection of information on this signal, including the location of the satellite at a specific time (ephemeris) as well as the local time of the satellite when the signal was sent.

By receiving signals from at least four of these satellites and applying solutions to the satellite, the exact position of the receiver can be determined. It uses the principle of triangulation (distance from a known point) instead of triangles (using angles). Presumably, a potential problem here involves the clock flow next to the receiver and the satellite. It is perhaps less likely that the speed of signal travel is greatly influenced by the atmosphere, especially the ionosphere.

This part of the atmosphere changes in density and composition within a day and is greatly affected by exposure to the sun’s radiation. As a result, the message portion of the GNSS satellite contains the required atmospheric correction parameters. Due to the clock-drift and the constant change in the Earth’s atmospheric composition, each GNSS constellation has its own magnification system. These typically consist of a combination of ground- and satellite-based systems that provide additional information that a recipient can use to adjust the GNSS information he receives.

For use on aircraft, for example, it is very common to install a ground-based augmentation system (GBAS) using a stationary receiver. These GNSS receivers then transmit the correction parameters to the aircraft through the airport’s VHF communication system, helping them to navigate when they arrive or depart at the airport.

In addition to the GNSS satellites, each GNSS constellation has its own ground-based master controller station, from which updated weather information is regularly uploaded to the satellites, including time adjustments to compensate for the satellite’s onboard clock drift. This proves that a GNSS constellation is a highly dynamic system that requires constant updates to function properly.

Attempts are made to block this system by jamming or actively spoofing GNSS signals where things become interesting.

Jam fight

GNSS spoofing illustrated. (Credit: C4ADS)

The concept of jamming radio frequency communication is quite simple: broadcast the frequencies you want to jam with more power than the original transmitter is capable of. Since the GNSS signal is relatively weak, it makes it easy for a ground-based system to jam this signal. Of course, since the loss of a GNSS satellite fix is ​​a known problem, backup techniques are common to this scenario, and it is also very noticeable due to the loss of communication from a satellite.

Spoofing is much more subtle than jamming, as well as more versatile. Instead of just blasting air waves with raw energy, GNSS spoofing still makes the original signal irresistible, but instead of a denial of service (DoS) attack, spoofing is closer to a man-in-the-middle (MitM) attack, where the fake satellite signal is near the receiver. As presented, of course with spoofed parameters that will force the receiver to calculate a position that is actually far from where it is.

Title in C4ADS (Center for Advanced Defense Studies) 2019 Report The only star above us – to reveal GPS spoofing in Russia and Syria, A number of observations have been reported on where Russia has used GNSS spoofing for various reasons. An interesting and common use seems to be spoofing of GNSS signals so that the receivers feel they are located at a nearby airport. Perhaps it will trigger drones and similar geofencing restrictions, which will then refuse to land. For example, it can be effective during VIP inspections as an anti-drone tactic.

Military use is less harmful, with Norway and Finland reporting serious GPS disruptions during recent Russian and NATO exercises. It affects the public by limiting the navigation capabilities of commercial aircraft and also disrupts the use of cellphone networks. Presumably, in 2011 Iran used GPS spoofing to land a Lockheed Martin RQ-170 drone at one of its airfields, where it was later intercepted. Similarly, there have been multiple incidents where marine vehicles have been disrupted due to feeding of faulty GPS data to the Automatic Identification System (AIS).

As the 2019 C4ADS report notes, it has been reported on multiple occasions by ships in the Black Sea, and also in 2019 it was reported that an American container ship – MV Manukai – I noticed a very strange behavior while in the port of Shanghai, China. According to its AIS screen, a ship is shown running on the same channel Manukai, Before disappearing from the screen, then appearing in the dock, before appearing on the channel and much more. When the mysterious captain picked up the telescope and scanned for the ship, the whole time it was clearly fixed in the dock.

GNSS Hunting

GPS interference can be identified based on this ring of false AIS locations.  Approximately 200 meters in diameter, the speed of many positions in the ring is close to 31 knots (much faster than the speed of a typical ship) and a course counterclockwise around the circle.  Global Phishing Watch / Orbcom / Spire courtesy of AIS Data.
GPS interference can be identified based on this ring of false AIS locations. Approximately 200 meters in diameter, the speed of many positions in the ring is close to 31 knots (much faster than the speed of a typical ship) and a course counterclockwise around the circle. Global Phishing Watch / Orbcom / Spire courtesy of AIS Data.

What’s mysterious about the GNSS spoofing detected in Shanghai is that instead of simply moving the calculated position to a certain point nearby, what we see when we add incorrect AIS data to a map is that they form a near-perfect circle. This is mentioned in both the MIT Technology Review article as well as the next article in SkyTruth.

Interestingly, when using anonymous route data from Strova in Shanghai, this same ‘circle spoofing’ can be noticed, independent of AIS data. Somehow it would seem that the forged data is constantly updated, so that it appears that the affected receiver is dynamic and traveling in this large circle.

Exactly how this is done, or why, is still unknown without any major updates since the initial report in 2019. Whether the motive is to hide illegal activity, or whether it was caused by some kind of cyber hack or error, no one is entirely sure. Even independent of Iran, China, and Russia, GPS-related positional errors continue to occur.

Yet a team from the University of Texas at Austin already demonstrated in 2013 using equipment worth $ 2,000 and $ 80 million yachts, to make GPS signal spoof relatively easy and straightforward. It doesn’t take much imagination to illustrate what is possible today, since the use of university-budgets since those protests nine years ago, especially when upgrading to a national-sized budget.

According to current reports, Russia is actively spoofing GPS data during the war in Ukraine, which will affect most personal and commercial users. It is unknown at this time what he will do after leaving the post. Nonetheless, with the importance of GNSS, including navigation and more, it seems pertinent to consider whether spoofing can be detected or prevented.

Known half war

In an analysis by Guy Buesnell, he noted that there are several risks to the GNSS chain, including faulty equipment and not a source of intervention. Perhaps the most important lesson of the past years is that it is risky to rely solely on GNSS, and it is essential to add additional ways to locate one, as well as the ability to detect the work of spoofing.

This aspect of spoofing detection and potential prevention is currently the subject of active research, such as Mark L. Mentioned by Psyche, et al. In a recent paper. While it is unlikely that there will be a silver bullet that will cure all ailments and return GNSS to the flawed system that was promised to us by glitter flyers a few years ago, we will probably see better, more powerful GNSS receivers in the near future. We’ve already seen that GNSS receivers built on smartphones can use multiple GNSS constellations, with the ability to use local WiFi networks and more.

Many spoofing attacks will be easier to detect using fairly low-tech improvements, such as when one’s calculated position changes abruptly and dramatically, or when one’s calculated course does not match the data provided by the augmentation system, cell tower or other source. Location information.

Even if GNSS does not heal as easily as many have taken it for granted, it is still a major naval wonder, and a cornerstone of modern civilization that will continue to see improvement since the first GPS satellite was launched. It only takes one step ahead of the interfering hackers.

Leave a Reply

Your email address will not be published.