Ships fooled in GPS spoofing attack suggest Russian cyberweapon
Hi
On Aug 14, 2017, at 2:13 PM, Chris Albertson albertson.chris@gmail.com wrote:
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is acting
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a lot of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the results of
breaking the law are fairly predictable. Actually having a competent navigator
on duty all the time running “alternate” data, that costs money …..
Bob
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but no
one uses just GPS alone, they alway compare several methods.
On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay cjaysharp@gmail.com wrote:
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't it?
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from noise
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite
networks
On 14 Aug 2017 5:51 pm, "Attila Kinali" attila@kinali.ch wrote:
On Mon, 14 Aug 2017 12:09:43 -0400
Tim Shoppa tshoppa@gmail.com wrote:
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Hi,
Sure, some have started to work on it, but far from it. Traditional
navigation helps a lot. While you have signal you can trim continously.
Cheers,
Magnus
On 08/14/2017 07:43 PM, paul swed wrote:
Sextent, compass, and clock.
Amazingly as posted on time nuts some time ago the Navy and Coast Guard
have re-introduced that training.
On Mon, Aug 14, 2017 at 1:24 PM, Magnus Danielson <
magnus@rubidium.dyndns.org> wrote:
Hi Jim,
On 08/14/2017 06:03 PM, jimlux wrote:
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty easy to
set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment) this
will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky. (fleets of UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.
There is an overbeliefe in such approaches, rather than trying to look at
the system analysis, since when you loose the GPS signal, what do you do. I
get blank stares all too often when I ask that trick question.
Cheers,
Magnus
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?
The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.
So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.
Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)
--- Graham
==
On Mon, Aug 14, 2017 at 1:41 PM, Bob kb8tq kb8tq@n1k.org wrote:
Hi
On Aug 14, 2017, at 2:13 PM, Chris Albertson albertson.chris@gmail.com
wrote:
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is
acting
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a lot of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the
results of
breaking the law are fairly predictable. Actually having a competent
navigator
on duty all the time running “alternate” data, that costs money …..
Bob
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but
no
one uses just GPS alone, they alway compare several methods.
On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay cjaysharp@gmail.com wrote:
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't
it?
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from
noise
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite
networks
On 14 Aug 2017 5:51 pm, "Attila Kinali" attila@kinali.ch wrote:
On Mon, 14 Aug 2017 12:09:43 -0400
Tim Shoppa tshoppa@gmail.com wrote:
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof
signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
On 8/14/17 10:24 AM, Magnus Danielson wrote:
Hi Jim,
On 08/14/2017 06:03 PM, jimlux wrote:
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty
easy to set up 3 antenna separated by 30 cm or so and tell what
direction the signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem
(e.g. all those Amazon delivery drones operating in a RF dense
environment) this will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources
have to appear to come from the right place in the sky. (fleets of
UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.
I think it is more about are looking for "spoof detection" or "spoof
immunity".. Spoof detection is a easier bar.
There is an overbeliefe in such approaches, rather than trying to look
at the system analysis, since when you loose the GPS signal, what do you
do. I get blank stares all too often when I ask that trick question.
Most successful schemes rely on "side information" of one sort or
another - whether from an IMU or from other sources. Acquisition is
always more vulnerable than track.
I don't do much, if any, of this stuff these days - that was more my
thing in the mid-80s when I would killed to have the cheap processing
power and fast data converters available today.
Detecting a spoof is not really so hard. What you need to redundancy.
When the two navigation methods diverge then you know one of them is acting
up. (that is broken or being spoofed or just buggy)
On a ship you have magnetic compass and knot log and almost certainly gyros
and all these are typically NMEA connected. Then of course there is a
paper based backup. But just using the available electronics you could
detect divergence.
A large ship that is long enough could use two GPS receivers one at each
end. The ship knows it's magnetic heading and the distance between the two
GPS receivers. When the GPS solution is wrong the ship knows to ignore
GPS. An attacker would have to spoof so that both receivers are moved
the exact same direction and distance. I'mhaving some trouble seeing how
that could be done. (not that it can't be done) But in any case the first
method (divergence from expected location) would work eventually and not
requires any extra hardware.
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
When this is no longer true the navigator can turn the screen red and say
"invalid gps signal".
I more sophisticated car such as a Tesla with autopilot sensors can do a
more sophisticated form of visual navigation and compare the observed road
type (multilane divided highway or residential) and it can notice when it
crosses intersections. It should notice divergence from GPS more quickly
can could fail back to dead reckoning with visual updates. Yes an
expensive to develop software system but not science fiction either.
In a way cars have it good because they know they can't drive though
building.
Commercial aircraft have even better data available that could be used to
compare with GPS, Ground based radar being one but many on-board systems as
well.
In short it is REALLY HARD to spoof information a person can know from
other sources.
On Mon, Aug 14, 2017 at 11:29 AM, Bob kb8tq kb8tq@n1k.org wrote:
HI
Since multi path is a real issue in a mobile environment, defining what an
“abnormal”
change is could be quite tricky. A reasonable “spoof” would start with
feeding the correct
data and then slowly capture the target (still with correct data). Once he
is are “in charge”
signal wise, start doing whatever …. If you are talking about a ship, you
have lots of time.
Bob
On Aug 14, 2017, at 1:40 PM, ken Schwieker ksweek@mindspring.com
wrote:
Wouldn't monitoring the received signal strength and noting any
non-normal increase (or decrease) level change indicate possible spoofing?
The spoofing station would have no way to know what the target's
received signal strength would be.
Ken S
This email has been checked for viruses by AVG.
http://www.avg.com
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
Hi
Setting up the signals for any time / location on earth is simply matter of
a few mouse clicks with any of a number of packages. No need to do anything
more than that to get the data.
Bob
On Aug 14, 2017, at 3:02 PM, Graham / KE9H ke9h.graham@gmail.com wrote:
Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?
The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.
So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.
Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)
--- Graham
==
On Mon, Aug 14, 2017 at 1:41 PM, Bob kb8tq kb8tq@n1k.org wrote:
Hi
On Aug 14, 2017, at 2:13 PM, Chris Albertson albertson.chris@gmail.com
wrote:
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is
acting
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a lot of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the
results of
breaking the law are fairly predictable. Actually having a competent
navigator
on duty all the time running “alternate” data, that costs money …..
Bob
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but
no
one uses just GPS alone, they alway compare several methods.
On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay cjaysharp@gmail.com wrote:
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't
it?
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from
noise
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite
networks
On 14 Aug 2017 5:51 pm, "Attila Kinali" attila@kinali.ch wrote:
On Mon, 14 Aug 2017 12:09:43 -0400
Tim Shoppa tshoppa@gmail.com wrote:
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof
signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.
This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news item in 'Inside GNSS' and other journals before that. Didn't get many comments on my post :-(
Must have used the wrong subject!!!!
Paul G8GJA
-----Original Message-----
From: time-nuts [mailto:time-nuts-bounces@febo.com] On Behalf Of John Allen
Sent: 12 August 2017 22:23
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
FYI, John K1AE
-----Original Message-----
From: YCCC [mailto:yccc-bounces@contesting.com] On Behalf Of ROBERT DOHERTY
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone –
IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
are
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
are
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/ by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last http://www.professordavidlast.co.uk/ , former president of the UK’s Royal Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/humphreys , of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 . The scale of the problem did not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is probably for defensive reasons; many NATO guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets.
But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build his first spoofer from scratch in 2008, but notes that it can now be done with commercial hardware and software downloaded from the Internet.
Nor does it require much power. Satellite signals are very weak – about 20 watts from 20,000 miles away – so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation states soon won’t be the only ones using the technology. This is within the scope of any competent hacker http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning . There have not yet been any authenticated reports of criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more serious threat. “It affects safety-of-life operations over a large area,” he says. “In congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine. “My gut feeling is that this is a test of a system which will be used in anger at some other time.”
73’s
webmaster
YCCC Reflector mailto:yccc@contesting.com Yankee Clipper Contest Club http://www.yccc.org Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
This article from 2009:
http://web.stanford.edu/group/scpnt/gpslab/website_files/anti-spoofing/insideGNSS_rasd-montgomery.pdf
It talks about spoofing and preventing Spoofing.
On 2017-08-15 09:06, REEVES Paul wrote:
This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news item in 'Inside GNSS' and other journals before that. Didn't get many comments on my post :-(
Must have used the wrong subject!!!!
Paul G8GJA
-----Original Message-----
From: time-nuts [mailto:time-nuts-bounces@febo.com] On Behalf Of John Allen
Sent: 12 August 2017 22:23
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
FYI, John K1AE
-----Original Message-----
From: YCCC [mailto:yccc-bounces@contesting.com] On Behalf Of ROBERT DOHERTY
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon Ships fooled in GPS spoofing attack suggest Russian cyberweapon News from: New Scientis (article reported by R/O Luca Milone - IZ7GEG) https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are On date: 10 August 2017 By David Hambling Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals. On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship
off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot - more than 32 kilometres inland, at Gelendzhik Airport. After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces - signals from the automatic identification system used to track vessels - placed them all at the same airport. At least 20 ships were affected http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea [2] . While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection - https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ [3] a spoofing attack that has long been warned of but never been seen in the wild. Until now, the biggest worry for GPS has been it can be jammed https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/ [4] by masking the GPS satellite signal with noise. While this can cause chaos,
it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. "Jamming just causes the receiver to die, spoofing causes the receiver to lie," says consultant David Last http://www.professordavidlast.co.uk/ [5] , former president of the UK's Royal Institute of Navigation. Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/humphreys [6] , of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. "The receiver's behaviour in the Black Sea incident was much like during the controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full [7] my team conducted," says Humphreys. Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over
the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 [8] . The scale of the problem did not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/ [9] , 32 km away. This is probably for defensive reasons; many NATO guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets. But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build his first spoofer from scratch in 2008, but notes that it can now be
done with commercial hardware and software downloaded from the Internet. Nor does it require much power. Satellite signals are very weak - about 20 watts from 20,000 miles away - so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon. If the hardware and software are becoming more accessible, nation states soon won't be the only ones using the technology. This is within the scope of any competent hacker http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning [10] . There have not yet been any authenticated reports of criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ [11] or drone delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle. But
Humphreys believes that spoofing by a state operator is the more serious threat. "It affects safety-of-life operations over a large area," he says. "In congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions." Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine. "My gut feeling is that this is a test of a system which will be used in anger at some other time." 73's webmaster
YCCC Reflector mailto:yccc@contesting.com Yankee Clipper Contest Club http://www.yccc.org [12] Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc [13]
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus [14]
time-nuts mailing list -- time-nuts@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts [15]
and follow the instructions there.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts [15]
and follow the instructions there.
Links:
[1]
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
[2]
http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea
[3]
https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/
[4]
https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/
[5] http://www.professordavidlast.co.uk/
[6] http://www.ae.utexas.edu/faculty/faculty-directory/humphreys
[7] http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full
[8]
https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823
[9]
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/
[10]
http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning
[11]
https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/
[12] http://www.yccc.org
[13] http://lists.contesting.com/mailman/listinfo/yccc
[14] https://www.avast.com/antivirus
[15] https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
Hi all,
On Mon, Aug 14, 2017 at 06:10:33PM -0400, Ron Bean wrote:
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.
In a regular vehicle you can still look out of the window and see the
GNSS fools you.
For autonomous vehicles we have seen that even with a rather expensive
unit, that is fusing IMU with RTK, the position is not accurate enough.
We see offsets of >10 m in urban areas due to multipath[1]. Thus, I
believe, map matching with LIDAR, RADAR, Cameras, etc. is necessary to
navigate an autonomous vehicle in urban areas. This allows, as a side
effect, to detect spoofing.
On ships RADAR is standard if visibility is low, but doesn't help if
there are no obstacles above water.
Best regards,
Thomas
[1] Fusing odometry information would help a bit.