How to Hack a Yacht: The Vulnerabilities of GPS
Every year Americans become more reliant on their electronic devices for navigation in unfamiliar neighborhoods, advice on where to get lunch, information on traffic patterns and more. These systems all depend on the global position system.
Owned and maintained by the US Air Force, today’s GPS system consists of three “segments”: a constellation of 24 satellites (plus a few extras), ground control stations, and consumer devices that receive and interpret the signals.
In short, the GPS system works by timing the signals emanating from the satellites. Because we know the speed of radio waves, the GPS device can use this time to calculate the distance it is from the satellite. Using three satellites, and knowing exactly how far it is from each, it knows exactly where it is in space. How Stuff Works gives a wonderfully simple example of this: if you know that some location is 625 miles from Boise and 690 miles from Minneapolis, there are only two possible places you can be. By adding a third measurement, for example 615 miles from Tucson, you can then find the exact location, in this case Denver. This is exactly what GPS receivers do, by measuring the distance to multiple satellites using the time it took for the signal to arrive. (The calculations are actually somewhat more complex because of the satellites’ motion and the refraction of the atmosphere but it works according to just this principle. If you want more details check out the resources on GPS.gov.)
Because they work by using carefully-maintained nuclear clocks to broadcast precisely timed messages (accurate to 100 billionths of a second), GPS signals are useful for timing as well as navigation. Banks use GPS signals to time stamp market transactions, power companies use them to time the grid, and cell phone systems use them to synchronize their towers. All this is in addition to ocean and land navigation, aircraft altitude, railroad monitoring and scheduling, and much more.
As with all technology and communications systems, this one has vulnerabilities that smart people with bad intentions can use to cause problems. The biggest weaknesses of GPS are signal strength and encoding. Because the satellites are over 20,200 miles away and their power for operation is limited to what can be collected over their solar panels (stored in onboard batteries), the strength of the signal at the receivers is quite weak. And because the system is only useful if people are able to use it GPS signals are open-source with no encoding, thus easy to copy.
These vulnerabilities have lead to two major threats faced by almost all GPS devices: jamming and spoofing. Jamming is simply restricting use of the signal, usually by broadcasting other signals at higher powers (very easy to do) on the same frequency. Though they are illegal to use in the US, you can buy one online for as little as $25 that plugs into your cigarette lighter. In 2013 a truck driver using one of these to keep his boss from being able to track his every move drove past Newark Airport one too many times, blowing out their GPS receivers and leading to hefty fines.
Spoofing is much more difficult, and is done by sending a false signal that is slightly different from the real one, leading GPS receivers to continue working but to display incorrect information. Some University of Texas grad students demonstrated how to do so last year, using a home-built device to steer an $80 million yacht off course without the captain ever realizing it had happened. (This was an experiment, not wayward pirate TAs.) This video below explains just how they did it.
The potential impacts of jamming and spoofing are massive. One might sink container ships, or just steer them off course into reefs or towards waiting pirates; alter or degrade commercial airliners’ navigation equipment; deteriorate the power grid or cell phone system; or even use false time stamps on market transactions to fraudulently arbitrage large sums of money. With such threats being cheap and easy to acquire—if not yet common—one might expect that lots of defenses are in place. Unfortunately, this is not the case.
GPS defensive measures fall into three general categories: warning, prevention, and redundancy. Though warning of GPS jamming is not usually necessary (the warning is that it stops working), it is critical to know when one is being spoofed. Luckily the same type of device can provide warning of spoofing and help in deterring jamming. Cornell faculty and students recently demonstrated a device that detects false signals based on transmitter location, and tested it aboard the same yacht that was steered off course in the video above. They were able to warn the captain before he was 20 meters off course. Using this same set-up one might be able to find the location of jammers as well; commercial jammer detectors are already available.
Prevention of jamming or spoofing is much more difficult. One might be able to do so using a more complicated device like the one described above, that uses directionality to differentiate between real and false signals and then subtracts the false ones. The Air Force is working to launch new satellites with higher-power transmitters, which may provide some level of mitigation as well. Finally, directional antennas that only receive signals from a certain degree over the horizon may also be an option.
The third category is redundancy. It is important that alternate systems be developed that can make up for failures of GPS, be they intentional as described above or natural (e.g. sunspots). One example is eLoran, a ground-based system that works in much the same way but with low-frequency high-power signals that can follow the curve of the earth. They are much less likely to fall victim to natural or man-made interference than GPS. Although they are not as accurate, they could serve an invaluable function as a backup system. Unfortunately, through executive order Obama has spent more money tearing down existing Loran stations than it would have cost to maintain them and system’s coverage has been greatly reduced in the last few years. There are a few other systems in development, but only Europe and South Korea appear committed to alternate systems, and then only in their own waters.
As GPS and related electronic systems continue to become more critical to other systems we rely on, and as spoofing and jamming technology continue to proliferate and go down in price, it will become more and more important to implement defensive measures and substitute systems. Unfortunately the US government has now shown much commitment toward this end, and convincing shippers to spend the money on for redundant shipboard systems has been a major challenge. Hopefully it will not take a major disaster before we realize the importance of such measures and begin to add some resilience to our systems.
For more by this author, consider checking out the following:
Yep, the CIA Really Did Train Terrorists in Florida
Security, Liberty and Architecture: Creating Safe — and Safe-Feeling — Public Spaces
Red Mercury, Real Conspiracies, and Strategic Waste
What is Homeland Security? Co-Citation Analysis and the Mapping of a New Discipline
