About a year ago, Todd Humphreys and his team from the University of
Texas called GPS navigation into serious question. Using just a few
simple pieces of equipment, a roughly $3,000 investment dwarfed by what
cyber-criminals often invest in hardware, they were able to steer a
small drone badly off course.
It was a blunt instrument, just capable of messing with the drone’s sense of direction and, potentially, sending it careening into the ground.
The demonstration was so worrying that Humphreys soon found himself testifying before Congress, and sitting in meetings with everyone from the FAA to the Pentagon.
Still, how much harm would it really do? Military GPS devices use encrypted signals specifically to prevent attacks of this kind, and it’s not like the team could actually control these drones through global positioning. It was just a highly sophisticated form a vandalism, and exploited a loophole in GPS technology that, surely, would not remain open for long.
More than year later, not only does that loophole remain glaringly open, but Humphreys and team have refined their software significantly. This week, they boarded a 210-foot super-yacht by the name of White Rose of the Drachs and used the exact same technique to leave its captain and crew stunned and helpless.
With just a laptop, a small antenna, and a GPS “spoofing” device, the team fed a stronger signal to the yacht’s steering system than the genuine one, incoming from actual GPS satellites. By doing this, they essentially tricked the ship’s computer into believing it was somewhere it was not, causing it to adjust its heading to stay on course.
This is an insidious form of attack because the ship’s navigation technology will continue to report that the ship is both on course and precisely where it is supposed to be even if neither of those things is true.
By slowly “sliding” the ship into a parallel course, they ensure that even a conventional compass will show the correct direction. Course changes have to be gradual, so time-of-flight calculations remain close to correct and the ship never totally loses its signal lock. But that seems to be the only restriction.
The team was able to steer the ship to port or starboard at will, and the crew was totally unaware that anything was wrong. Captain Andrew Schofield told Fox News he was “gobsmacked,” when he found out what had been done to his ship, as was the entire deck team. His $80 million baby could have easily been run into a sandbar or reef. Running it aground is unlikely the crew still have eyes but maritime workers have come to rely on navigation technology to keep them from running afoul of all sorts of less obvious dangers.
This spoofing attack undermines the trust these professionals put in their navigation systems. Even slightly interfering with a large amount of sea traffic could hamper trading ports, and potentially throw a wrench into large-scale economies.
Planes, too
Never one to shy from scaring the living daylights out of the public, Humphreys has made the implications of his research very clear: even a commercial airliners are vulnerable to this spoofing attack, and can be steered far off course while instruments tell the pilots they are perfectly within their lanes. Midair collisions could be a threat, but those are most likely near airports, where GPS is not the main source of navigational data. Besides, pilots and skippers still have complete control of their craft, and will intervene to stop most of the truly devastating possible consequences.
This is likely most relevant to unmanned technology, like drones. Here’s a ploy: order a pizza by drone to a house down the street. When the drone arrives, use this spoofing technology to direct it over to your waiting car. Quickly remove its positioning system, and drive away. Voila: free drone (and pizza). Just paint over the Domino’s logo, and you’re good to go.
But we shouldn’t make light of the dangers involved here. As the world learned so powerfully with the wreck of the Costa Concordia, even a properly functioning vessel requires constant vigilance. Aircraft hang even more precariously, and can endure even less uncertainty. If you could manage to get a wirelessly controlled antenna and spoofing device on-board in the baggage area, anything from a laptop to a smartphone could be made to control them. Nerds generally scoff at strict prohibitions against electronic devices on planes — but with this advance we might just have gotten a real reason for the lockdown.
The solution here is as obvious as it is difficult: implement the P(Y)-code encryption used by military assets in a wider range of civilian technology. This would be expensive on the receiving end and put a heavy burden on the satellite networks, especially if expanded to more than just major commercial airliners and security-relevant ships. It may just be necessary, however. How long did we really think we could continue to lean ever more heavily on a 40-year-old technology without at least a few serious upgrades?
It was a blunt instrument, just capable of messing with the drone’s sense of direction and, potentially, sending it careening into the ground.
The demonstration was so worrying that Humphreys soon found himself testifying before Congress, and sitting in meetings with everyone from the FAA to the Pentagon.
Still, how much harm would it really do? Military GPS devices use encrypted signals specifically to prevent attacks of this kind, and it’s not like the team could actually control these drones through global positioning. It was just a highly sophisticated form a vandalism, and exploited a loophole in GPS technology that, surely, would not remain open for long.
More than year later, not only does that loophole remain glaringly open, but Humphreys and team have refined their software significantly. This week, they boarded a 210-foot super-yacht by the name of White Rose of the Drachs and used the exact same technique to leave its captain and crew stunned and helpless.
With just a laptop, a small antenna, and a GPS “spoofing” device, the team fed a stronger signal to the yacht’s steering system than the genuine one, incoming from actual GPS satellites. By doing this, they essentially tricked the ship’s computer into believing it was somewhere it was not, causing it to adjust its heading to stay on course.
This is an insidious form of attack because the ship’s navigation technology will continue to report that the ship is both on course and precisely where it is supposed to be even if neither of those things is true.
By slowly “sliding” the ship into a parallel course, they ensure that even a conventional compass will show the correct direction. Course changes have to be gradual, so time-of-flight calculations remain close to correct and the ship never totally loses its signal lock. But that seems to be the only restriction.
The team was able to steer the ship to port or starboard at will, and the crew was totally unaware that anything was wrong. Captain Andrew Schofield told Fox News he was “gobsmacked,” when he found out what had been done to his ship, as was the entire deck team. His $80 million baby could have easily been run into a sandbar or reef. Running it aground is unlikely the crew still have eyes but maritime workers have come to rely on navigation technology to keep them from running afoul of all sorts of less obvious dangers.
This spoofing attack undermines the trust these professionals put in their navigation systems. Even slightly interfering with a large amount of sea traffic could hamper trading ports, and potentially throw a wrench into large-scale economies.
Planes, too
Never one to shy from scaring the living daylights out of the public, Humphreys has made the implications of his research very clear: even a commercial airliners are vulnerable to this spoofing attack, and can be steered far off course while instruments tell the pilots they are perfectly within their lanes. Midair collisions could be a threat, but those are most likely near airports, where GPS is not the main source of navigational data. Besides, pilots and skippers still have complete control of their craft, and will intervene to stop most of the truly devastating possible consequences.
This is likely most relevant to unmanned technology, like drones. Here’s a ploy: order a pizza by drone to a house down the street. When the drone arrives, use this spoofing technology to direct it over to your waiting car. Quickly remove its positioning system, and drive away. Voila: free drone (and pizza). Just paint over the Domino’s logo, and you’re good to go.
But we shouldn’t make light of the dangers involved here. As the world learned so powerfully with the wreck of the Costa Concordia, even a properly functioning vessel requires constant vigilance. Aircraft hang even more precariously, and can endure even less uncertainty. If you could manage to get a wirelessly controlled antenna and spoofing device on-board in the baggage area, anything from a laptop to a smartphone could be made to control them. Nerds generally scoff at strict prohibitions against electronic devices on planes — but with this advance we might just have gotten a real reason for the lockdown.
The solution here is as obvious as it is difficult: implement the P(Y)-code encryption used by military assets in a wider range of civilian technology. This would be expensive on the receiving end and put a heavy burden on the satellite networks, especially if expanded to more than just major commercial airliners and security-relevant ships. It may just be necessary, however. How long did we really think we could continue to lean ever more heavily on a 40-year-old technology without at least a few serious upgrades?
No comments:
Post a Comment