[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

Chris Albertson albertson.chris at gmail.com
Mon Aug 14 15:19:22 EDT 2017


Detecting a spoof is not really so hard.  What you need to redundancy.
When the two navigation methods diverge then you know one of them is acting
up.  (that is broken or being spoofed or just buggy)

On a ship you have magnetic compass and knot log and almost certainly gyros
and all these are typically NMEA connected.   Then of course there is a
paper based backup.   But just using the available electronics you could
detect divergence.

A large ship that is long enough could use two GPS receivers one at each
end.  The ship knows it's magnetic heading and the distance between the two
GPS receivers.  When the GPS solution is wrong the ship knows to ignore
GPS.    An attacker would have to spoof so that both receivers are moved
the exact same direction and distance.   I'mhaving some trouble seeing how
that could be done. (not that it can't be done)   But in any case the first
method (divergence from expected location) would work eventually and not
requires any extra hardware.

In a car it is even easier.  The car nav system KNOWS it must be on a
roadway.  The car's ground track (positional history) must be on a road.
When this is no longer true the navigator can turn the screen red and say
"invalid gps signal".

I more sophisticated car such as a Tesla with autopilot sensors can do a
more sophisticated form of visual navigation and compare the observed road
type (multilane divided highway or residential) and it can notice when it
crosses intersections.   It should notice divergence from GPS more quickly
can could fail back to dead reckoning with visual updates.  Yes an
expensive to develop software system but not science fiction either.

In a way cars have it good because they know they can't drive though
building.

Commercial aircraft have even better data available that could be used to
compare with GPS, Ground based radar being one but many on-board systems as
well.

In short it is REALLY HARD to spoof information a person can  know from
other sources.



On Mon, Aug 14, 2017 at 11:29 AM, Bob kb8tq <kb8tq at n1k.org> wrote:

> HI
>
> Since multi path is a real issue in a mobile environment, defining what an
> “abnormal”
> change is could be quite tricky. A reasonable “spoof” would start with
> feeding the correct
> data and then slowly capture the target (still with correct data). Once he
> is are “in charge”
> signal wise, start doing whatever …. If you are talking about a ship, you
> have *lots* of time.
>
> Bob
>
> > On Aug 14, 2017, at 1:40 PM, ken Schwieker <ksweek at mindspring.com>
> wrote:
> >
> > Wouldn't monitoring the received signal strength and noting any
> non-normal increase (or decrease) level change indicate possible spoofing?
> The spoofing station would have no way to know what the target's
> > received signal strength would be.
> >
> > Ken S
> >
> >
> > ---
> > This email has been checked for viruses by AVG.
> > http://www.avg.com
> >
> > _______________________________________________
> > time-nuts mailing list -- time-nuts at febo.com
> > To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> > and follow the instructions there.
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>



-- 

Chris Albertson
Redondo Beach, California


More information about the time-nuts mailing list