[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

jimlux jimlux at earthlink.net
Mon Aug 14 12:03:28 EDT 2017

On 8/14/17 8:24 AM, Attila Kinali wrote:
> On Mon, 14 Aug 2017 10:26:13 +0100
> Clint Jay <cjaysharp at gmail.com> wrote:
>> That it can "so easily" be spoofed (it's not a trivial hack to spoof and
>> would, as far as I can see, take good knowledge of how GPS works and skill
>> to implement) is worrying and it could have disastrous consequences if
>> anyone decided to use it for malicious means but I'd be surprised if there
>> wasn't a turnkey solution available to anyone who has the funds.
> You don't need a turnkey solution. If you start from zero and are working
> alone, it probably will take you a month or two to write the code to spoof
> GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
> you can do it in a weekend.
> If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
> it will take a bit longer, but not that much, as 90% of the code shared.
> Not only is this very simple. All the documentation you need is readily
> available and packaged such, that you don't need to know anything about
> GNSS systems before you start and it will not slow you down significantly.
> (e.g. Pick up the book from Hegarty and Kaplan and you can just write
> the code as you read it).
> The most difficult part of this is not creating the signals, but figuring
> out a way what PRN's and fake position to choose, such that the tracking
> loop of the target doesn't go completely bonkers and needs to do a
> re-aquisition on all signals. But even that is not that difficult, if
> you have some estimate of the target's location. Or you can simply not
> care about it, if you have a slow moving target, like a car or a ship,
> as the re-aquisition will take less than a minute.
> There have been discussions on adding authentication to GNSS services
> for quite some time (at least 10 years, probably longer). And it
> culminated in the CS and PRS services of Galileo. I.e. they are a
> restricted and/or paid-for service. I am pretty sure that this will
> change at some point and the OS serivces (including the free services
> of GPS) will provide some basic authentication system as well.
> In the meantime, people who rely on GNSS heavily have monitoring
> facilites that check the on air signals for degradation or spoofing.
> As this requires multiple monitoring stations over the whole area
> covered, to ensure that no spoofing or jamming attempt goes unnoticed,
> this is rather expensive. The only use of this kind of system, that I
> am aware of, are airports. And yes, this is not fool-proof. A narrow
> beam spoofer pointed at some airplane will go unoticed, as all the
> monitoring stations are on the ground.

And GPS users who care about spoofing tend to use antenna systems that 
will reject signals coming from the "wrong" direction.  It's pretty easy 
to set up 3 antenna separated by 30 cm or so and tell what direction the 
signal from each S/V is coming from.

I would expect that as spoofing/jamming becomes more of a problem (e.g. 
all those Amazon delivery drones operating in a RF dense environment) 
this will become sort of standard practice.

So now your spoofing becomes much more complex, because the sources have 
to appear to come from the right place in the sky.  (fleets of UAVs?)

> 				Attila Kinali

More information about the time-nuts mailing list