[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

Attila Kinali attila at kinali.ch
Mon Aug 14 11:24:53 EDT 2017

On Mon, 14 Aug 2017 10:26:13 +0100
Clint Jay <cjaysharp at gmail.com> wrote:

> That it can "so easily" be spoofed (it's not a trivial hack to spoof and
> would, as far as I can see, take good knowledge of how GPS works and skill
> to implement) is worrying and it could have disastrous consequences if
> anyone decided to use it for malicious means but I'd be surprised if there
> wasn't a turnkey solution available to anyone who has the funds.

You don't need a turnkey solution. If you start from zero and are working 
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend. 

If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.

Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).

The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.

There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.

In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.

				Attila Kinali

It is upon moral qualities that a society is ultimately founded. All 
the prosperity and technological sophistication in the world is of no 
use without that foundation.
                 -- Miss Matheson, The Diamond Age, Neil Stephenson

More information about the time-nuts mailing list