Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Gaffers]

Possibility of hacking GPS?

I have a box on my desk at work that can be programmed to generate a GPS signal telling the receiving station anything you want. Can't believe I'm the only one.

As I understand it the GPS satellites emit a very low power (I have heard it's the equivalent power of a 40w bulb but not sure) so jamming or freaking the signal would not require much hardware.  The tricky bit would be calculating the necessary offset in order to have the effect you require on the target receiving the signal.

[Kevin Wood]

Possibility of hacking GPS?

I have a box on my desk at work that can be programmed to generate a GPS signal telling the receiving station anything you want. Can't believe I'm the only one.

As I understand it the GPS satellites emit a very low power (I have heard it's the equivalent power of a 40w bulb but not sure) so jamming or freaking the signal would not require much hardware.  The tricky bit would be calculating the necessary offset in order to have the effect you require on the target receiving the signal.

Yep, the satellites transmit an early form of CDMA, all on top of each other on the same frequency,and signal levels at the receiver are very low indeed, so it's quite easy to swamp the lot. There are military extensions which are possibly less susceptible, of course - if they're using them.

[aaronjb]

Possibility of hacking GPS?

I have a box on my desk at work that can be programmed to generate a GPS signal telling the receiving station anything you want. Can't believe I'm the only one.

As I understand it the GPS satellites emit a very low power (I have heard it's the equivalent power of a 40w bulb but not sure) so jamming or freaking the signal would not require much hardware.  The tricky bit would be calculating the necessary offset in order to have the effect you require on the target receiving the signal.

It's been done before - I actually did research on this just a couple of weeks ago as part of my day job:

GPS Spoofing has been back in the news again this week[6] - actually if I'm honest, this week is the first time I've seen much about it but if you dig just a little you find practical reports of GPS Spoofing exploitation back to 2011 (when a US drone was allegedly captured by Iran[7]) and academic papers stretching all the way back to 2001[8] (shortly after Selective Availability was discontinued) that discuss the same topic. It seems clear everyone agrees this has the potential to be a major problem, especially for non-military uses of GPS (which turns out to be far more than just navigation as GPS is, at it's core, simply a highly accurate time-source[9]). Military GPS is, you see, somewhat protected from spoofing by encryption with keys held in each receiver, while civilian GPS uses unencrypted signals and, generally speaking, has no protection against the external injection of a false signal.

In fact, it turns out that not only have we seen academic papers going back to ~2001, we've also seen practical demonstrations performed[10] with the approval of the relevant authorities. And now, it seems, we may have had our first large scale demonstration taken without the approval of the relevant authorties, when some 20 ships were lured off course.

It looks like we might need to start taking this threat seriously and at least ensuring civilian mass-transit and -transport systems use anti-spoofing technology atop their GPS navigation systems - it's not so bad if Waze thinks I'm a few miles off course, but if that supertanker thinks it's a few miles off course and cruises straight into the nearest shore?

[6] Ships fooled in GPS spoofing attack suggest Russian cyberweapon - https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/
[7] US spy drone hijacked with GPS spoof hack, report says - https://www.theregister.co.uk/2011/12/15/us_spy_drone_gps_spoofing/
[8] Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System - https://www.navcen.uscg.gov/pdf/vulnerability_assess_2001.pdf
[9] On the Requirements for Successful GPS Spoofing Attacks - https://www.cs.ox.ac.uk/files/6489/gps.pdf
[10] Protecting GPS From Spoofers Is Critical to the Future of Navigation - http://spectrum.ieee.org/telecom/security/protecting-gps-from-spoofers-is-critical-to-the-future-of-navigation

So yes, Kevin is definitely not the only one also some light reading in there if you want more details (especially the IEEE article and the Oxford University published paper)

[edit] Reading it back a week later makes it apparent that I really need to work on my writing style!

[STEMO]

Apparently, ships computers are not that well protected, not civilian ones anyway.

http://www.bbc.co.uk/news/technology-40685821

[Gaffers]

Apparently, ships computers are not that well protected, not civilian ones anyway.

http://www.bbc.co.uk/news/technology-40685821

It's not just ships.  Lots of industrial machines are wide open and susceptible to very simple attacks.  Not helped by the fact that a lot of them run plants which run 24/7 and require several days to shutdown and install patches.  This results in machines for some very expensive plant machinery running on XP and in some cases barebone (ie no service pack)

[Marks DTM Calib]

The military GPS bands are generally for weapon functions only, the VMS/DP uses DGPS systems (at least two receivers for anything of importance) which will pickup the GPS and/or GLONAS satellite signals.

Now any DP setup of worth, is constantly looking for small errors when it compares wind direction, wind speed, vessel movement (vertical, yaw etc.) compass indication and other information sources and will raise an alarm if the indicated position has typically more than a 0.5% error of the calculated (the DP software has models for the vessel so it can calculate wind direction effects and even current influences).

But a fundamental is that in congested waters or areas of hazard, DP for movement or auto pilot should not be used.....its the officer of the watch who is in charge and should be in control.

[Marks DTM Calib]

Apparently, ships computers are not that well protected, not civilian ones anyway.

http://www.bbc.co.uk/news/technology-40685821

The control networks cannot be connected to the internet, they are class rules.

We have dual redundant networks (A and B) with all controllers (distributed around the vessel) and HMI stations on these networks, to connect to the internet would need human intervention......which then breaks class rules and approvals and probably voids the insurance

[aaronjb]

You don't need an Internet connection to get infected, though - just ask the Iranian nuclear workers..

(Of course that assumes these control systems have a USB port just begging for someone to put a "found" memory stick into, and that the sensible thing hasn't been done by epoxying the ports up)

[Kevin Wood]

You don't need an Internet connection to get infected, though - just ask the Iranian nuclear workers..

(Of course that assumes these control systems have a USB port just begging for someone to put a "found" memory stick into, and that the sensible thing hasn't been done by epoxying the ports up)

If they've got any epoxy left after doing the side of the ship, you mean?

[aaronjb]

If they've got any epoxy left after doing the side of the ship, you mean?

  In this case, indeed!

[Marks DTM Calib]

You don't need an Internet connection to get infected, though - just ask the Iranian nuclear workers..

(Of course that assumes these control systems have a USB port just begging for someone to put a "found" memory stick into, and that the sensible thing hasn't been done by epoxying the ports up)

Which would be human intervention 

The response was in reply to the ability to control the vessel remotely.   

[Rods2]

So much easier when young Lord Opti was amassing his fortune. The midshipman would hollow from the crows nest, Treasure Ahoy, he would run up the Jolly Rodger, raid, board and capture the Spanish galleon, so they be adding more gold doubloons to M'luds growing fortune.

[Gaffers]

One of the first checks to make on an air-gapped system; plug in a USB wifi card (alba preferably) and setup your mobile as a wifi hotspot.  You would be suprised how many fail (ie how many will connect to the wifi)

[TheBoy]

Been working in MK for the last 6 months and likely to continue for the next year or so.

Crap, I'm going to have to moderate my piss-taking if you're that close to me!

You needn't worry, I dont know where you live

It's not even like I'd hear the milk float coming..

The milk float is gone and my scoobie is dead so if you see a dark blue s-type with a personalised plate, give me a wave

I shall keep an eye out, and give you a special one fingered wave

If you see a black XJ, do likewise

[aaronjb]

Been working in MK for the last 6 months and likely to continue for the next year or so.

Crap, I'm going to have to moderate my piss-taking if you're that close to me!

You needn't worry, I dont know where you live

It's not even like I'd hear the milk float coming..

The milk float is gone and my scoobie is dead so if you see a dark blue s-type with a personalised plate, give me a wave

I shall keep an eye out, and give you a special one fingered wave

If you see a black XJ, do likewise

Welcome to JOF, folks. The Jaguar Owners Forum