Discussion:
[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
John Allen
2017-08-12 21:23:15 UTC
Permalink
FYI, John K1AE

-----Original Message-----
From: YCCC [mailto:yccc-***@contesting.com] On Behalf Of ROBERT DOHERTY
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

As if there were not enough problems in the world .....

Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone – IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/ by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last http://www.professordavidlast.co.uk/ , former president of the UK’s Royal Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/humphreys , of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 . The scale of the problem did not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is probably for defensive reasons; many NATO guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets.
But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build his first spoofer from scratch in 2008, but notes that it can now be done with commercial hardware and software downloaded from the Internet.
Nor does it require much power. Satellite signals are very weak – about 20 watts from 20,000 miles away – so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation states soon won’t be the only ones using the technology. This is within the scope of any competent hacker http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning . There have not yet been any authenticated reports of criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more serious threat. “It affects safety-of-life operations over a large area,” he says. “In congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine. “My gut feeling is that this is a test of a system which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
YCCC Reflector mailto:***@contesting.com
Yankee Clipper Contest Club http://www.yccc.org
Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 05:46:58 UTC
Permalink
Didn't someone demonstrate this using some rather expensive but 'off the
shelf' Rohde & Schwarz lab gear a year or so ago?
Post by John Allen
FYI, John K1AE
-----Original Message-----
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone –
IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-
in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
article/2143499-ships-fooled-in-gps-spoofing-attack-
suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest
that Russia may be testing a new system for spoofing GPS, New Scientist has
learned. This could be the first hint of a new form of electronic warfare
available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland
incident report. The master of a ship off the Russian port of Novorossiysk
had discovered his GPS put him in the wrong spot – more than 32 kilometres
inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the
captain contacted other nearby ships. Their AIS traces – signals from the
automatic identification system used to track vessels – placed them all at
the same airport. At least 20 ships were affected
http://maritime-executive.com/editorials/mass-gps-spoofing-
attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the
first documented use of GPS misdirection – https://www.marad.dot.gov/
msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack
that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed
https://www.newscientist.com/article/dn20202-gps-chaos-how-
a-30-box-can-jam-your-life/ by masking the GPS satellite signal with
noise. While this can cause chaos, it is also easy to detect. GPS receivers
sound an alarm when they lose the signal due to jamming. Spoofing is more
insidious: a false signal from a ground station simply confuses a satellite
receiver. “Jamming just causes the receiver to die, spoofing causes the
receiver to lie,” says consultant David Last
http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
humphreys , of the University of Texas at Austin, has been warning of the
coming danger of GPS spoofing for many years. In 2013, he showed how a
superyacht with state-of-the-art navigation could be lured off-course by
GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
like during the controlled attacks http://onlinelibrary.wiley.
com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of
electronic warfare. Over the past year, GPS spoofing has been causing chaos
for the receivers on phone apps in central Moscow to misbehave
https://themoscowtimes.com/articles/the-kremlin-eats-gps-
for-breakfast-55823 . The scale of the problem did not become apparent
until people began trying to play Pokemon Go. The fake signal, which seems
to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
probably for defensive reasons; many NATO guided bombs, missiles and drones
rely on GPS navigation, and successful spoofing would make it impossible
for them to hit their targets.
But now the geolocation interference is being used far away from the
Kremlin. Some worry that this means that spoofing is getting easier. GPS
spoofing previously required considerable technical expertise. Humphreys
had to build his first spoofer from scratch in 2008, but notes that it can
now be done with commercial hardware and software downloaded from the
Internet.
Nor does it require much power. Satellite signals are very weak –
about 20 watts from 20,000 miles away – so a one-watt transmitter on a
hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation
states soon won’t be the only ones using the technology. This is within the
scope of any competent hacker http://www.comsoc.org/ctn/
lost-space-how-secure-future-mobile-positioning . There have not yet been
any authenticated reports of criminal spoofing, but it should not be
difficult for criminals to use it to divert a driverless vehicle
https://www.newscientist.com/article/2142059-sneaky-
attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone
delivery, or to hijack an autonomous ship. Spoofing will give everyone
affected the same location, so a hijacker would just need a short-ranged
system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more
serious threat. “It affects safety-of-life operations over a large area,”
he says. “In congested waters with poor weather, such as the English
Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable
of causing widespread disruption, for example, if used in the ongoing
dispute with Ukraine. “My gut feeling is that this is a test of a system
which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
Yankee Clipper Contest Club http://www.yccc.org
Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Clint.

*No trees were harmed in the sending of this mail. However, a large number
of electrons were greatly inconvenienced.*
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bill Byrom
2017-08-14 06:11:05 UTC
Permalink
This has been an area of interest to the US Air Force for many years:

http://www.ainonline.com/aviation-news/aviation-international-news/2006-10-18/usaf-facility-tests-gps-jamming-vulnerability

--
Bill Byrom N5BB
Post by Clint Jay
Didn't someone demonstrate this using some rather expensive but 'off the
shelf' Rohde & Schwarz lab gear a year or so ago?
Post by John Allen
FYI, John K1AE
-----Original Message-----
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone –
IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-
in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
article/2143499-ships-fooled-in-gps-spoofing-attack-
suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest
that Russia may be testing a new system for spoofing GPS, New Scientist has
learned. This could be the first hint of a new form of electronic warfare
available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland
incident report. The master of a ship off the Russian port of Novorossiysk
had discovered his GPS put him in the wrong spot – more than 32 kilometres
inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the
captain contacted other nearby ships. Their AIS traces – signals from the
automatic identification system used to track vessels – placed them all at
the same airport. At least 20 ships were affected
http://maritime-executive.com/editorials/mass-gps-spoofing-
attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the
first documented use of GPS misdirection – https://www.marad.dot.gov/
msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack
that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed
https://www.newscientist.com/article/dn20202-gps-chaos-how-
a-30-box-can-jam-your-life/ by masking the GPS satellite signal with
noise. While this can cause chaos, it is also easy to detect. GPS receivers
sound an alarm when they lose the signal due to jamming. Spoofing is more
insidious: a false signal from a ground station simply confuses a satellite
receiver. “Jamming just causes the receiver to die, spoofing causes the
receiver to lie,” says consultant David Last
http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
humphreys , of the University of Texas at Austin, has been warning of the
coming danger of GPS spoofing for many years. In 2013, he showed how a
superyacht with state-of-the-art navigation could be lured off-course by
GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
like during the controlled attacks http://onlinelibrary.wiley.
com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of
electronic warfare. Over the past year, GPS spoofing has been causing chaos
for the receivers on phone apps in central Moscow to misbehave
https://themoscowtimes.com/articles/the-kremlin-eats-gps-
for-breakfast-55823 . The scale of the problem did not become apparent
until people began trying to play Pokemon Go. The fake signal, which seems
to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
probably for defensive reasons; many NATO guided bombs, missiles and drones
rely on GPS navigation, and successful spoofing would make it impossible
for them to hit their targets.
But now the geolocation interference is being used far away from the
Kremlin. Some worry that this means that spoofing is getting easier. GPS
spoofing previously required considerable technical expertise. Humphreys
had to build his first spoofer from scratch in 2008, but notes that it can
now be done with commercial hardware and software downloaded from the
Internet.
Nor does it require much power. Satellite signals are very weak –
about 20 watts from 20,000 miles away – so a one-watt transmitter on a
hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation
states soon won’t be the only ones using the technology. This is within the
scope of any competent hacker http://www.comsoc.org/ctn/
lost-space-how-secure-future-mobile-positioning . There have not yet been
any authenticated reports of criminal spoofing, but it should not be
difficult for criminals to use it to divert a driverless vehicle
https://www.newscientist.com/article/2142059-sneaky-
attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone
delivery, or to hijack an autonomous ship. Spoofing will give everyone
affected the same location, so a hijacker would just need a short-ranged
system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more
serious threat. “It affects safety-of-life operations over a large area,”
he says. “In congested waters with poor weather, such as the English
Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable
of causing widespread disruption, for example, if used in the ongoing
dispute with Ukraine. “My gut feeling is that this is a test of a system
which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
Yankee Clipper Contest Club http://www.yccc.org
Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Clint.
*No trees were harmed in the sending of this mail. However, a large number
of electrons were greatly inconvenienced.*
_______________________________________________
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 07:26:57 UTC
Permalink
Post by Clint Jay
Didn't someone demonstrate this using some rather expensive but 'off the
shelf' Rohde & Schwarz lab gear a year or so ago?
https://news.utexas.edu/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea

https://sofrep.com/46818/gps-spoofing-how-iran-tricked-us-patrol-boats-into-capture/

Martin

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 08:33:21 UTC
Permalink
It might have been a hoax but I'm sure I saw it demonstrated by a couple of
students who used it to fool Pokémon go...
Post by Martin Burnicki
Post by Clint Jay
Didn't someone demonstrate this using some rather expensive but 'off the
shelf' Rohde & Schwarz lab gear a year or so ago?
https://news.utexas.edu/2013/07/29/ut-austin-researchers-
successfully-spoof-an-80-million-yacht-at-sea
https://sofrep.com/46818/gps-spoofing-how-iran-tricked-us-
patrol-boats-into-capture/
Martin
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 09:03:58 UTC
Permalink
Post by Clint Jay
It might have been a hoax but I'm sure I saw it demonstrated by a couple of
students who used it to fool Pokémon go...
Yes, I read about that, too. However, related to Pokémon go it's just
fun, but related to serious application it can cause quite some damage.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 09:26:13 UTC
Permalink
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology is
if a couple of students could do it with lab equipment that anyone can buy
(obviously you'd need deep pockets).

That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.
Post by Martin Burnicki
Post by Clint Jay
It might have been a hoax but I'm sure I saw it demonstrated by a couple
of
Post by Clint Jay
students who used it to fool Pokémon go...
Yes, I read about that, too. However, related to Pokémon go it's just
fun, but related to serious application it can cause quite some damage.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 09:32:30 UTC
Permalink
Post by Clint Jay
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology is
if a couple of students could do it with lab equipment that anyone can buy
(obviously you'd need deep pockets).
That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.
I absolutely agree.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 09:42:43 UTC
Permalink
Post by Clint Jay
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology is
if a couple of students could do it with lab equipment that anyone can buy
(obviously you'd need deep pockets).
I just searched for "Pokémon GO GPS spoofing" on the 'net.

Looks like this was just a hack in Android where apps were provided with
a spoofed position from the hack instead of the true position determined
by the GPS/GNSS receiver.

So this is quite a different thing than spoofing the real GPS signals,
and it only affects the devices which have that hack installed.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 09:55:28 UTC
Permalink
No, this was not the software hack, it was done with some rather nice
Rohde&Schwarz test equipment.
Post by Martin Burnicki
Post by Clint Jay
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology
is
Post by Clint Jay
if a couple of students could do it with lab equipment that anyone can
buy
Post by Clint Jay
(obviously you'd need deep pockets).
I just searched for "Pokémon GO GPS spoofing" on the 'net.
Looks like this was just a hack in Android where apps were provided with
a spoofed position from the hack instead of the true position determined
by the GPS/GNSS receiver.
So this is quite a different thing than spoofing the real GPS signals,
and it only affects the devices which have that hack installed.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 11:07:51 UTC
Permalink
Post by Clint Jay
No, this was not the software hack, it was done with some rather nice
Rohde&Schwarz test equipment.
Ah, OK, of course that's also possible.

However, what I found was much simpler:
https://devs-lab.com/how-to-play-pokemon-go-without-moving-no-root-required.html

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 11:11:40 UTC
Permalink
Oh definitely and if I was going to cheat at Pokémon then that'd be the
most cost effective method (yes, I play, my 9 year old son insists) but I'd
rather have the "fun" of actually catching them the proper way
Post by Martin Burnicki
Post by Clint Jay
No, this was not the software hack, it was done with some rather nice
Rohde&Schwarz test equipment.
Ah, OK, of course that's also possible.
https://devs-lab.com/how-to-play-pokemon-go-without-
moving-no-root-required.html
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Attila Kinali
2017-08-14 15:24:53 UTC
Permalink
On Mon, 14 Aug 2017 10:26:13 +0100
Post by Clint Jay
That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.
You don't need a turnkey solution. If you start from zero and are working
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend.

If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.

Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).

The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.


There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.

In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.


Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
John Hawkinson
2017-08-14 15:54:35 UTC
Permalink
So, what I wonder: to what extent (if any) are GPS, GLONASS, and Galileo sufficiently different that it is challenging to spoof all three in the same way? Is there any reason why it is more than 3 times the work to spoof all 3?

Is there something clever receivers can do, with awareness of all three services, that makes them harder to spoof (beyond checking the services against each other)?

--***@mit.edu
John Hawkinson
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 16:17:36 UTC
Permalink
Hi

The big(er) deal with some systems is that they offer encrypted services. If you happen to have
access to the crypto version, that’s going to help you. As long as you are using “public” (and thus
fully documented) modes … not a lot of difference. The same info that lets anybody design a
receiver lets people design a spoofing system.

Bob
Post by John Hawkinson
So, what I wonder: to what extent (if any) are GPS, GLONASS, and Galileo sufficiently different that it is challenging to spoof all three in the same way? Is there any reason why it is more than 3 times the work to spoof all 3?
Is there something clever receivers can do, with awareness of all three services, that makes them harder to spoof (beyond checking the services against each other)?
John Hawkinson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
jimlux
2017-08-14 16:03:28 UTC
Permalink
Post by Attila Kinali
On Mon, 14 Aug 2017 10:26:13 +0100
Post by Clint Jay
That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and skill
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if there
wasn't a turnkey solution available to anyone who has the funds.
You don't need a turnkey solution. If you start from zero and are working
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend.
If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.
Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).
The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.
There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.
In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty easy
to set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.

I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment)
this will become sort of standard practice.

So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky. (fleets of UAVs?)
Post by Attila Kinali
Attila Kinali
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Magnus Danielson
2017-08-14 17:24:40 UTC
Permalink
Hi Jim,
Post by jimlux
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty easy
to set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment)
this will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky. (fleets of UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.

There is an overbeliefe in such approaches, rather than trying to look
at the system analysis, since when you loose the GPS signal, what do you
do. I get blank stares all too often when I ask that trick question.

Cheers,
Magnus
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
paul swed
2017-08-14 17:43:24 UTC
Permalink
Sextent, compass, and clock.
Amazingly as posted on time nuts some time ago the Navy and Coast Guard
have re-introduced that training.

On Mon, Aug 14, 2017 at 1:24 PM, Magnus Danielson <
Post by Magnus Danielson
Hi Jim,
Post by jimlux
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty easy to
set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment) this
will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky. (fleets of UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.
There is an overbeliefe in such approaches, rather than trying to look at
the system analysis, since when you loose the GPS signal, what do you do. I
get blank stares all too often when I ask that trick question.
Cheers,
Magnus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Magnus Danielson
2017-08-14 18:54:17 UTC
Permalink
Hi,

Sure, some have started to work on it, but far from it. Traditional
navigation helps a lot. While you have signal you can trim continously.

Cheers,
Magnus
Post by paul swed
Sextent, compass, and clock.
Amazingly as posted on time nuts some time ago the Navy and Coast Guard
have re-introduced that training.
On Mon, Aug 14, 2017 at 1:24 PM, Magnus Danielson <
Post by Magnus Danielson
Hi Jim,
Post by jimlux
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty easy to
set up 3 antenna separated by 30 cm or so and tell what direction the
signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem (e.g.
all those Amazon delivery drones operating in a RF dense environment) this
will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources have
to appear to come from the right place in the sky. (fleets of UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.
There is an overbeliefe in such approaches, rather than trying to look at
the system analysis, since when you loose the GPS signal, what do you do. I
get blank stares all too often when I ask that trick question.
Cheers,
Magnus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
jimlux
2017-08-14 19:07:48 UTC
Permalink
Post by Magnus Danielson
Hi Jim,
Post by jimlux
And GPS users who care about spoofing tend to use antenna systems that
will reject signals coming from the "wrong" direction. It's pretty
easy to set up 3 antenna separated by 30 cm or so and tell what
direction the signal from each S/V is coming from.
I would expect that as spoofing/jamming becomes more of a problem
(e.g. all those Amazon delivery drones operating in a RF dense
environment) this will become sort of standard practice.
So now your spoofing becomes much more complex, because the sources
have to appear to come from the right place in the sky. (fleets of
UAVs?)
You gain maybe 10 to 20 dB, but not much more.
A real protection scheme needs much more tolerance to handle severe
problems.
I think it is more about are looking for "spoof detection" or "spoof
immunity".. Spoof detection is a easier bar.
Post by Magnus Danielson
There is an overbeliefe in such approaches, rather than trying to look
at the system analysis, since when you loose the GPS signal, what do you
do. I get blank stares all too often when I ask that trick question.
Most successful schemes rely on "side information" of one sort or
another - whether from an IMU or from other sources. Acquisition is
always more vulnerable than track.

I don't do much, if any, of this stuff these days - that was more my
thing in the mid-80s when I would killed to have the cheap processing
power and fast data converters available today.



_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 15:38:56 UTC
Permalink
All very true and yes, for a capable programmer and hardware tech it's not
going to be an impossible task.

I would still expect a turnkey solution to exist though as I can see many
applications for not just state actors.
Post by Attila Kinali
On Mon, 14 Aug 2017 10:26:13 +0100
Post by Clint Jay
That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and
skill
Post by Clint Jay
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if
there
Post by Clint Jay
wasn't a turnkey solution available to anyone who has the funds.
You don't need a turnkey solution. If you start from zero and are working
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend.
If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.
Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).
The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.
There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.
In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 17:42:00 UTC
Permalink
Hi
Post by Clint Jay
All very true and yes, for a capable programmer and hardware tech it's not
going to be an impossible task.
I would still expect a turnkey solution to exist though as I can see many
applications for not just state actors.
There have been multiple “turn key” solutions out there for at least 10 years now.
It’s a bit like buying a couple hundred pounds of heroin. You just need to know
where to shop ….

Bob
Post by Clint Jay
Post by Attila Kinali
On Mon, 14 Aug 2017 10:26:13 +0100
Post by Clint Jay
That it can "so easily" be spoofed (it's not a trivial hack to spoof and
would, as far as I can see, take good knowledge of how GPS works and
skill
Post by Clint Jay
to implement) is worrying and it could have disastrous consequences if
anyone decided to use it for malicious means but I'd be surprised if
there
Post by Clint Jay
wasn't a turnkey solution available to anyone who has the funds.
You don't need a turnkey solution. If you start from zero and are working
alone, it probably will take you a month or two to write the code to spoof
GPS L1 C/A. If you start from one of the GnuRadio based GPS simulators,
you can do it in a weekend.
If you want to spoof L2C and L5 as well and also Galileo OS E1/E5,
it will take a bit longer, but not that much, as 90% of the code shared.
Not only is this very simple. All the documentation you need is readily
available and packaged such, that you don't need to know anything about
GNSS systems before you start and it will not slow you down significantly.
(e.g. Pick up the book from Hegarty and Kaplan and you can just write
the code as you read it).
The most difficult part of this is not creating the signals, but figuring
out a way what PRN's and fake position to choose, such that the tracking
loop of the target doesn't go completely bonkers and needs to do a
re-aquisition on all signals. But even that is not that difficult, if
you have some estimate of the target's location. Or you can simply not
care about it, if you have a slow moving target, like a car or a ship,
as the re-aquisition will take less than a minute.
There have been discussions on adding authentication to GNSS services
for quite some time (at least 10 years, probably longer). And it
culminated in the CS and PRS services of Galileo. I.e. they are a
restricted and/or paid-for service. I am pretty sure that this will
change at some point and the OS serivces (including the free services
of GPS) will provide some basic authentication system as well.
In the meantime, people who rely on GNSS heavily have monitoring
facilites that check the on air signals for degradation or spoofing.
As this requires multiple monitoring stations over the whole area
covered, to ensure that no spoofing or jamming attempt goes unnoticed,
this is rather expensive. The only use of this kind of system, that I
am aware of, are airports. And yes, this is not fool-proof. A narrow
beam spoofer pointed at some airplane will go unoticed, as all the
monitoring stations are on the ground.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
bg
2017-08-14 10:43:42 UTC
Permalink
Hi Martin,
No there was also a SDR hack to spoof.
http://www.rtl-sdr.com/cheating-at-pokemon-go-with-a-hackrf-and-gps-spoofing/
--
     Björn


Sent from my smartphone.
-------- Original message --------From: Martin Burnicki <***@burnicki.net> Date: 14/08/2017 11:42 (GMT+01:00) To: Discussion of precise time and frequency measurement <time-***@febo.com> Subject: Re: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian
  cyberweapon
Post by Clint Jay
Absolutely, their use of it was for something trivial and my reason for
using that example was to show how 'simple' and available the technology is
if a couple of students could do it with lab equipment that anyone can buy
(obviously you'd need deep pockets).
I just searched for "Pokémon GO GPS spoofing" on the 'net.

Looks like this was just a hack in Android where apps were provided with
a spoofed position from the hack instead of the true position determined
by the GPS/GNSS receiver.

So this is quite a different thing than spoofing the real GPS signals,
and it only affects the devices which have that hack installed.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Martin Burnicki
2017-08-14 11:18:43 UTC
Permalink
Hi Björn,
Post by bg
Hi Martin,
No there was also a SDR hack to spoof.
http://www.rtl-sdr.com/cheating-at-pokemon-go-with-a-hackrf-and-gps-spoofing/
This sounds indeed like a nice way to test if a real spoofing approach
is working properly, so it could also be used to do really evil things.

But of course it's a nice way to demonstrate how easy it's possible.

Thanks for the pointer.

Martin

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Tim Shoppa
2017-08-14 16:09:43 UTC
Permalink
Bringing this back around to time-nuts - wouldn't the timescale
discontinuity at the receiver, be a powerful clue that spoofing was going
on? But these being navigation receivers they aren't looking so critically
at the time.

Presumably this was a single-transmitter jammer that pretended it was a
whole GPS constellation.

A 32 kilometer jump in position would've been a 10 to 100 microsecond time
jump for at least some of the receivers in that section of the Black Sea.
And 10 microseconds sticks out like a sore thumb to a time nut.

I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved without
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.

Tim N3QE
Post by John Allen
FYI, John K1AE
-----Original Message-----
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone –
IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-
in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
article/2143499-ships-fooled-in-gps-spoofing-attack-
suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest
that Russia may be testing a new system for spoofing GPS, New Scientist has
learned. This could be the first hint of a new form of electronic warfare
available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland
incident report. The master of a ship off the Russian port of Novorossiysk
had discovered his GPS put him in the wrong spot – more than 32 kilometres
inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the
captain contacted other nearby ships. Their AIS traces – signals from the
automatic identification system used to track vessels – placed them all at
the same airport. At least 20 ships were affected
http://maritime-executive.com/editorials/mass-gps-spoofing-
attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the
first documented use of GPS misdirection – https://www.marad.dot.gov/
msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack
that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed
https://www.newscientist.com/article/dn20202-gps-chaos-how-
a-30-box-can-jam-your-life/ by masking the GPS satellite signal with
noise. While this can cause chaos, it is also easy to detect. GPS receivers
sound an alarm when they lose the signal due to jamming. Spoofing is more
insidious: a false signal from a ground station simply confuses a satellite
receiver. “Jamming just causes the receiver to die, spoofing causes the
receiver to lie,” says consultant David Last
http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
humphreys , of the University of Texas at Austin, has been warning of the
coming danger of GPS spoofing for many years. In 2013, he showed how a
superyacht with state-of-the-art navigation could be lured off-course by
GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
like during the controlled attacks http://onlinelibrary.wiley.
com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of
electronic warfare. Over the past year, GPS spoofing has been causing chaos
for the receivers on phone apps in central Moscow to misbehave
https://themoscowtimes.com/articles/the-kremlin-eats-gps-
for-breakfast-55823 . The scale of the problem did not become apparent
until people began trying to play Pokemon Go. The fake signal, which seems
to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
probably for defensive reasons; many NATO guided bombs, missiles and drones
rely on GPS navigation, and successful spoofing would make it impossible
for them to hit their targets.
But now the geolocation interference is being used far away from the
Kremlin. Some worry that this means that spoofing is getting easier. GPS
spoofing previously required considerable technical expertise. Humphreys
had to build his first spoofer from scratch in 2008, but notes that it can
now be done with commercial hardware and software downloaded from the
Internet.
Nor does it require much power. Satellite signals are very weak –
about 20 watts from 20,000 miles away – so a one-watt transmitter on a
hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation
states soon won’t be the only ones using the technology. This is within the
scope of any competent hacker http://www.comsoc.org/ctn/
lost-space-how-secure-future-mobile-positioning . There have not yet been
any authenticated reports of criminal spoofing, but it should not be
difficult for criminals to use it to divert a driverless vehicle
https://www.newscientist.com/article/2142059-sneaky-
attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone
delivery, or to hijack an autonomous ship. Spoofing will give everyone
affected the same location, so a hijacker would just need a short-ranged
system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more
serious threat. “It affects safety-of-life operations over a large area,”
he says. “In congested waters with poor weather, such as the English
Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable
of causing widespread disruption, for example, if used in the ongoing
dispute with Ukraine. “My gut feeling is that this is a test of a system
which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
Yankee Clipper Contest Club http://www.yccc.org
Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 16:19:42 UTC
Permalink
Hi

Time is one more thing the spoofer needs to consider. It does not eliminate the
ability to spoof, it just adds one more factor to his setup. If he’s got a “clear” GPS
signal to base his spoof on, that gives him a timebase to use.

Bob
Post by Tim Shoppa
Bringing this back around to time-nuts - wouldn't the timescale
discontinuity at the receiver, be a powerful clue that spoofing was going
on? But these being navigation receivers they aren't looking so critically
at the time.
Presumably this was a single-transmitter jammer that pretended it was a
whole GPS constellation.
A 32 kilometer jump in position would've been a 10 to 100 microsecond time
jump for at least some of the receivers in that section of the Black Sea.
And 10 microseconds sticks out like a sore thumb to a time nut.
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved without
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.
Tim N3QE
Post by John Allen
FYI, John K1AE
-----Original Message-----
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone –
IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-
in-gps-spoofing-attack-suggest-russian-cyberweapon/#.
WY6zNfZq1VA.google_plusone_share https://www.newscientist.com/
article/2143499-ships-fooled-in-gps-spoofing-attack-
suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_share
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest
that Russia may be testing a new system for spoofing GPS, New Scientist has
learned. This could be the first hint of a new form of electronic warfare
available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland
incident report. The master of a ship off the Russian port of Novorossiysk
had discovered his GPS put him in the wrong spot – more than 32 kilometres
inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the
captain contacted other nearby ships. Their AIS traces – signals from the
automatic identification system used to track vessels – placed them all at
the same airport. At least 20 ships were affected
http://maritime-executive.com/editorials/mass-gps-spoofing-
attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the
first documented use of GPS misdirection – https://www.marad.dot.gov/
msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack
that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed
https://www.newscientist.com/article/dn20202-gps-chaos-how-
a-30-box-can-jam-your-life/ by masking the GPS satellite signal with
noise. While this can cause chaos, it is also easy to detect. GPS receivers
sound an alarm when they lose the signal due to jamming. Spoofing is more
insidious: a false signal from a ground station simply confuses a satellite
receiver. “Jamming just causes the receiver to die, spoofing causes the
receiver to lie,” says consultant David Last
http://www.professordavidlast.co.uk/ , former president of the UK’s Royal
Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/
humphreys , of the University of Texas at Austin, has been warning of the
coming danger of GPS spoofing for many years. In 2013, he showed how a
superyacht with state-of-the-art navigation could be lured off-course by
GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much
like during the controlled attacks http://onlinelibrary.wiley.
com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of
electronic warfare. Over the past year, GPS spoofing has been causing chaos
for the receivers on phone apps in central Moscow to misbehave
https://themoscowtimes.com/articles/the-kremlin-eats-gps-
for-breakfast-55823 . The scale of the problem did not become apparent
until people began trying to play Pokemon Go. The fake signal, which seems
to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-
spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is
probably for defensive reasons; many NATO guided bombs, missiles and drones
rely on GPS navigation, and successful spoofing would make it impossible
for them to hit their targets.
But now the geolocation interference is being used far away from the
Kremlin. Some worry that this means that spoofing is getting easier. GPS
spoofing previously required considerable technical expertise. Humphreys
had to build his first spoofer from scratch in 2008, but notes that it can
now be done with commercial hardware and software downloaded from the
Internet.
Nor does it require much power. Satellite signals are very weak –
about 20 watts from 20,000 miles away – so a one-watt transmitter on a
hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation
states soon won’t be the only ones using the technology. This is within the
scope of any competent hacker http://www.comsoc.org/ctn/
lost-space-how-secure-future-mobile-positioning . There have not yet been
any authenticated reports of criminal spoofing, but it should not be
difficult for criminals to use it to divert a driverless vehicle
https://www.newscientist.com/article/2142059-sneaky-
attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone
delivery, or to hijack an autonomous ship. Spoofing will give everyone
affected the same location, so a hijacker would just need a short-ranged
system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more
serious threat. “It affects safety-of-life operations over a large area,”
he says. “In congested waters with poor weather, such as the English
Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable
of causing widespread disruption, for example, if used in the ongoing
dispute with Ukraine. “My gut feeling is that this is a test of a system
which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
Yankee Clipper Contest Club http://www.yccc.org
Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Attila Kinali
2017-08-14 16:51:39 UTC
Permalink
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved without
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.

With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.

With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.

Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Clint Jay
2017-08-14 17:12:19 UTC
Permalink
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't it?

There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from noise
floor without some rather complex processing?

Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Chris Albertson
2017-08-14 18:13:33 UTC
Permalink
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is acting
up and turn it off.

I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but no
one uses just GPS alone, they alway compare several methods.
Post by Clint Jay
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't it?
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from noise
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
Post by Attila Kinali
Post by Tim Shoppa
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
Post by Attila Kinali
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 18:41:01 UTC
Permalink
Hi
Post by Chris Albertson
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is acting
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a *lot* of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the results of
breaking the law are fairly predictable. Actually having a competent navigator
on duty all the time running “alternate” data, that costs money …..

Bob
Post by Chris Albertson
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but no
one uses just GPS alone, they alway compare several methods.
Post by Clint Jay
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't it?
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from noise
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
Post by Attila Kinali
Post by Tim Shoppa
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
Post by Attila Kinali
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Graham / KE9H
2017-08-14 19:02:05 UTC
Permalink
Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?

The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.

So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.

Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)

--- Graham

==
Post by Chris Albertson
Hi
Post by Chris Albertson
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is
acting
Post by Chris Albertson
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a *lot* of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the results of
breaking the law are fairly predictable. Actually having a competent navigator
on duty all the time running “alternate” data, that costs money …..
Bob
Post by Chris Albertson
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but
no
Post by Chris Albertson
one uses just GPS alone, they alway compare several methods.
Post by Clint Jay
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't
it?
Post by Chris Albertson
Post by Clint Jay
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from
noise
Post by Chris Albertson
Post by Clint Jay
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
Post by Attila Kinali
Post by Tim Shoppa
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof
signal.
Post by Chris Albertson
Post by Clint Jay
Post by Attila Kinali
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
Post by Attila Kinali
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
Post by Chris Albertson
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 19:25:07 UTC
Permalink
Hi

Setting up the signals for any time / location on earth is simply matter of
a few mouse clicks with any of a number of packages. No need to do anything
more than that to get the data.

Bob
Post by Graham / KE9H
Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?
The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.
So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.
Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)
--- Graham
==
Post by Chris Albertson
Hi
Post by Chris Albertson
The trouble with spoofing location is that in theory every ship is using
more than one method of navigation. They would notice their GPS is
acting
Post by Chris Albertson
up and turn it off.
In most cases the “other method” is dead reckoning. That’s actually being
generous. There are a *lot* of cases every year where the answer is that
the vessel is on GPS autopilot with nobody at all on watch. Yes the results of
breaking the law are fairly predictable. Actually having a competent navigator
on duty all the time running “alternate” data, that costs money …..
Bob
Post by Chris Albertson
I'm far from a professional but I've taken the six week class and I'm
reasonably certain I could find a place on the other side of the pacific
ocean with no GPS. The GPS is far easier to use and more accurate but
no
Post by Chris Albertson
one uses just GPS alone, they alway compare several methods.
Post by Clint Jay
I guess it would depend on the level of infrastructure available to the
attacker, clock distribution is a reasonably well solved problem isn't
it?
Post by Chris Albertson
Post by Clint Jay
There would, I suppose also be the issue of receiver swamping, you could
monitor received signal levels as it's my understanding that the signals
from the satellites are weak enough that they're indiscernible from
noise
Post by Chris Albertson
Post by Clint Jay
floor without some rather complex processing?
Authentication via signing could be another feasible way to prevent
spoofing except we are potentially talking about interference from state
actors who may even be the very people who run one of the satellite networks
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a
time-nut
Post by Attila Kinali
Post by Tim Shoppa
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof
signal.
Post by Chris Albertson
Post by Clint Jay
Post by Attila Kinali
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie
similar
Post by Attila Kinali
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
Post by Chris Albertson
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
ken Schwieker
2017-08-14 17:40:38 UTC
Permalink
Wouldn't monitoring the received signal strength and noting any
non-normal increase (or decrease) level change indicate possible
spoofing? The spoofing station would have no way to know what the target's
received signal strength would be.

Ken S


---
This email has been checked for viruses by AVG.
http://www.avg.com

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Tim Shoppa
2017-08-14 17:49:44 UTC
Permalink
Civilian receivers generally do not measure absolute strength but instead
report S/N. The spoofer could fake up a reasonable amount of noise to get a
wimpy S/N with a much stronger signal.

Tim.
Wouldn't monitoring the received signal strength and noting any non-normal
increase (or decrease) level change indicate possible spoofing? The
spoofing station would have no way to know what the target's
received signal strength would be.
Ken S
---
This email has been checked for viruses by AVG.
http://www.avg.com
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 18:34:25 UTC
Permalink
Hi

Consider what your automotive GPS receiver does coming out of a tunnel or out from under
a bunch of trees. It still needs to work correctly in that situation. Same thing with
a big rain cloud “over there”. I don’t think you would want a receiver that went nuts in those cases.
I don’t think the military would want one either.

Bob
Post by Tim Shoppa
Civilian receivers generally do not measure absolute strength but instead
report S/N. The spoofer could fake up a reasonable amount of noise to get a
wimpy S/N with a much stronger signal.
Tim.
Wouldn't monitoring the received signal strength and noting any non-normal
increase (or decrease) level change indicate possible spoofing? The
spoofing station would have no way to know what the target's
received signal strength would be.
Ken S
---
This email has been checked for viruses by AVG.
http://www.avg.com
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/m
ailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-14 18:29:51 UTC
Permalink
HI

Since multi path is a real issue in a mobile environment, defining what an “abnormal”
change is could be quite tricky. A reasonable “spoof” would start with feeding the correct
data and then slowly capture the target (still with correct data). Once he is are “in charge”
signal wise, start doing whatever …. If you are talking about a ship, you have *lots* of time.

Bob
Wouldn't monitoring the received signal strength and noting any non-normal increase (or decrease) level change indicate possible spoofing? The spoofing station would have no way to know what the target's
received signal strength would be.
Ken S
---
This email has been checked for viruses by AVG.
http://www.avg.com
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Chris Albertson
2017-08-14 19:19:22 UTC
Permalink
Detecting a spoof is not really so hard. What you need to redundancy.
When the two navigation methods diverge then you know one of them is acting
up. (that is broken or being spoofed or just buggy)

On a ship you have magnetic compass and knot log and almost certainly gyros
and all these are typically NMEA connected. Then of course there is a
paper based backup. But just using the available electronics you could
detect divergence.

A large ship that is long enough could use two GPS receivers one at each
end. The ship knows it's magnetic heading and the distance between the two
GPS receivers. When the GPS solution is wrong the ship knows to ignore
GPS. An attacker would have to spoof so that both receivers are moved
the exact same direction and distance. I'mhaving some trouble seeing how
that could be done. (not that it can't be done) But in any case the first
method (divergence from expected location) would work eventually and not
requires any extra hardware.

In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
When this is no longer true the navigator can turn the screen red and say
"invalid gps signal".

I more sophisticated car such as a Tesla with autopilot sensors can do a
more sophisticated form of visual navigation and compare the observed road
type (multilane divided highway or residential) and it can notice when it
crosses intersections. It should notice divergence from GPS more quickly
can could fail back to dead reckoning with visual updates. Yes an
expensive to develop software system but not science fiction either.

In a way cars have it good because they know they can't drive though
building.

Commercial aircraft have even better data available that could be used to
compare with GPS, Ground based radar being one but many on-board systems as
well.

In short it is REALLY HARD to spoof information a person can know from
other sources.
Post by Bob kb8tq
HI
Since multi path is a real issue in a mobile environment, defining what an “abnormal”
change is could be quite tricky. A reasonable “spoof” would start with
feeding the correct
data and then slowly capture the target (still with correct data). Once he
is are “in charge”
signal wise, start doing whatever …. If you are talking about a ship, you
have *lots* of time.
Bob
Post by ken Schwieker
Wouldn't monitoring the received signal strength and noting any
non-normal increase (or decrease) level change indicate possible spoofing?
The spoofing station would have no way to know what the target's
Post by ken Schwieker
received signal strength would be.
Ken S
---
This email has been checked for viruses by AVG.
http://www.avg.com
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
Post by ken Schwieker
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Ron Bean
2017-08-14 22:10:33 UTC
Permalink
Post by Chris Albertson
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Thomas Petig
2017-08-15 07:53:16 UTC
Permalink
Hi all,
Post by Ron Bean
Post by Chris Albertson
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.
In a regular vehicle you can still look out of the window and see the
GNSS fools you.

For autonomous vehicles we have seen that even with a rather expensive
unit, that is fusing IMU with RTK, the position is not accurate enough.
We see offsets of >10 m in urban areas due to multipath[1]. Thus, I
believe, map matching with LIDAR, RADAR, Cameras, etc. is necessary to
navigate an autonomous vehicle in urban areas. This allows, as a side
effect, to detect spoofing.

On ships RADAR is standard if visibility is low, but doesn't help if
there are no obstacles above water.

Best regards,
Thomas

[1] Fusing odometry information would help a bit.

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Chris Albertson
2017-08-15 08:35:24 UTC
Permalink
I think that even with a rudimentary and incomplete knowledge of the road
network one could detect spoofing a car navigation system. The car would
show up inside buildings and farm fields and lakes. You'd see this even
on a very poor map.

If the spoofer moved the signal even 200 yards the match to the roads would
be total rubbish and non sense. It would be detectable even using very old
maps with many segments missing
Post by Ron Bean
Post by Chris Albertson
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-15 16:44:11 UTC
Permalink
Hi

In the case of a spoof, the target is likely one specific vehicle. You care about the
armored car with the big pile of gold bars in it. The objective is not to get him to
drive into a bridge abutment. It’s to get him to turn left on the wrong road. You tailor
the spoof so everything “makes sense”. Likely you spend a *lot* of time planning
just how the spoof will happen and what is down that road he turned on. This isn’t
a random process ….

In the same sense, if you are going to spoof time, you do it for a specific reason and
with a specific target. You want the bank vault to open early. You want the stock trade
to get time stamped “just right”. There’s no need to throw off every clock everywhere if
you can identify autonomous GPS based time islands. Finding those time islands takes
work. So does tracking down the armored car with the gold in it ….

Bob
Post by Chris Albertson
I think that even with a rudimentary and incomplete knowledge of the road
network one could detect spoofing a car navigation system. The car would
show up inside buildings and farm fields and lakes. You'd see this even
on a very poor map.
If the spoofer moved the signal even 200 yards the match to the roads would
be total rubbish and non sense. It would be detectable even using very old
maps with many segments missing
Post by Ron Bean
Post by Chris Albertson
In a car it is even easier. The car nav system KNOWS it must be on a
roadway. The car's ground track (positional history) must be on a road.
That's assuming the GPS company keeps their maps up to date (it doesn't
matter how often you update the maps in the device if the company's maps
don't keep up with reality). New roads appear, old ones occasionally get
moved.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
--
Chris Albertson
Redondo Beach, California
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Ken Winterling
2017-08-15 16:58:17 UTC
Permalink
Hmmm.... Bob,

It seems you have given a considerable amount of thought to armored cars,
gold bars, bank vaults, and stock trades... Is there anything you want to
tell us LOL

Ken
WA2LBI
Post by Bob kb8tq
Hi
In the case of a spoof, the target is likely one specific vehicle. You care about the
armored car with the big pile of gold bars in it. The objective is not to get him to
drive into a bridge abutment. It’s to get him to turn left on the wrong road. You tailor
the spoof so everything “makes sense”. Likely you spend a *lot* of time planning
just how the spoof will happen and what is down that road he turned on. This isn’t
a random process ….
In the same sense, if you are going to spoof time, you do it for a specific reason and
with a specific target. You want the bank vault to open early. You want the stock trade
to get time stamped “just right”. There’s no need to throw off every clock
everywhere if
you can identify autonomous GPS based time islands. Finding those time islands takes
work. So does tracking down the armored car with the gold in it ….
Bob
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
jimlux
2017-08-15 17:03:12 UTC
Permalink
Post by Ken Winterling
Hmmm.... Bob,
It seems you have given a considerable amount of thought to armored cars,
gold bars, bank vaults, and stock trades... Is there anything you want to
tell us LOL
There's a lot of really neat time-nuts gear out there that's expensive.
Building your own H-maser might be more of a challenge than a clever
bank robbery (leaving aside the legal, moral, and ethical implications).

Or maybe Bob's writing a book

_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Bob kb8tq
2017-08-15 17:46:04 UTC
Permalink
Hi

One has to finance retirement somehow :)

It’s also a pretty simple way to demonstrate the what and why of
a spoof without getting into anything so obscure that it can’t be
understood. A secondary point *might* be that indeed, the stuff
we are talking about is mainly useful to “bad guys”.

Bob
Post by Ken Winterling
Hmmm.... Bob,
It seems you have given a considerable amount of thought to armored cars,
gold bars, bank vaults, and stock trades... Is there anything you want to
tell us LOL
Ken
WA2LBI
Post by Bob kb8tq
Hi
In the case of a spoof, the target is likely one specific vehicle. You care about the
armored car with the big pile of gold bars in it. The objective is not to get him to
drive into a bridge abutment. It’s to get him to turn left on the wrong
road. You tailor
the spoof so everything “makes sense”. Likely you spend a *lot* of time planning
just how the spoof will happen and what is down that road he turned on. This isn’t
a random process ….
In the same sense, if you are going to spoof time, you do it for a specific reason and
with a specific target. You want the bank vault to open early. You want the stock trade
to get time stamped “just right”. There’s no need to throw off every clock
everywhere if
you can identify autonomous GPS based time islands. Finding those time islands takes
work. So does tracking down the armored car with the gold in it ….
Bob
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Tom Van Baak
2017-08-15 19:15:49 UTC
Permalink
Please remember this is time nuts. This thread is straying far from timing and also becoming speculative instead of informative.

/tvb


_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.

Tim Shoppa
2017-08-14 17:42:03 UTC
Permalink
In some sense the "jump everyone to the airport 32km away" is a
too-simplistic case because it's too easy to detect.

Let's just arbitrarily place 100nanoseconds as the threshold for detectable
time jump indicating that you're being spoofed. Yes modern timing receivers
do better than that all the time but navigation receivers are not timing
receivers.

The spoofing transmitter would need to know the single target's
3-dimensional location to 100 feet, to avoid detection of a spoofing
attempt, then. This seems possible or even likely, especially in the case
of a spoofing demonstration with slow seagoing vessels, or maybe even road
vehicles known to be traveling on a given highway combined with other
roadside sensors.

After the spoofer had acquired the spoofing target that way, giving it a
false (but not inconceivable) course to the wrong location seems possible.
If you know something about the craft's ability for inertial guidance you
would keep your fake course within those parameters.

So it all gets much easier ifyou can set up the local detection net at key
locations that a spoofing target is likely to travel through. A narrow
strait or a highway intersection. It all gets much harder when you have
multiple targets in your field of view that you want to spoof especially if
you can't follow them closely.

But maybe as long as all the GPS manufacturers are focusing on low
time-to-first-fix, the target GPS will always be too willing to believe a
completely arbitrary location. Us time-nuts don't mind surveying for days.
Real GPS positioining users want the answer much more quickly!

Tim N3QE
Post by Attila Kinali
On Mon, 14 Aug 2017 12:09:43 -0400
Post by Tim Shoppa
I think if you are only trying to spoof a single receiver it would be
possible to walk a spoofed time/space code in a way that time moved
without
Post by Tim Shoppa
so obvious of a discontinuity. I'm sure there would be effects a time-nut
could notice still.
Not really. Unless you have a multi-antenna setup (see jim's email),
you have nothing to compare the signal to. Even an ideal reference
clock in your GPS receiver does not help, as the attacker could be
tracking you in such a way that you will never see a discontinuity
in time or position and that all the other sanity checks you do
still don't show anything.
With a two antenna setup, you can already check whether the phases
add up to what you expect them to be, given your position relative
to the satellites position. You do not need 3 antennas as a potential
attacker can spoof the phase of some satellites correctly, but not
of all at the same time. This at least gives you a spoof/no-spoof signal.
With an antenna array you can do some masking of spoofers (ie placing
a null where the spoofer comes from). But this increases the cost and
complexity of the system super-linear with the number of antennas.
Maybe one way to do it, would be to use a single receiver with a stable
reference clock and switch between antennas in short succession. Ie similar
to how the early single channel GPS receivers worked, but for antennas
instead of SVs. But I have no idea how easy/difficult this would be
to do and how well it would work against spoofers.
Attila Kinali
--
It is upon moral qualities that a society is ultimately founded. All
the prosperity and technological sophistication in the world is of no
use without that foundation.
-- Miss Matheson, The Diamond Age, Neil Stephenson
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/
mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
REEVES Paul
2017-08-15 07:06:49 UTC
Permalink
This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news item in 'Inside GNSS' and other journals before that. Didn't get many comments on my post :-(
Must have used the wrong subject!!!!

Paul G8GJA

-----Original Message-----
From: time-nuts [mailto:time-nuts-***@febo.com] On Behalf Of John Allen
Sent: 12 August 2017 22:23
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

FYI, John K1AE

-----Original Message-----
From: YCCC [mailto:yccc-***@contesting.com] On Behalf Of ROBERT DOHERTY
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

As if there were not enough problems in the world .....

Whitey K1VV
Date: August 12, 2017 at 7:37 AM
Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing
attack suggest Russian cyberweapon
Ships fooled in GPS spoofing attack suggest Russian cyberweapon
News from: New Scientis (article reported by R/O Luca Milone – IZ7GEG)
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
are
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh
are
On date: 10 August 2017
By David Hambling
Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.
On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.
After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea .
While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ a spoofing attack that has long been warned of but never been seen in the wild.
Until now, the biggest worry for GPS has been it can be jammed https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/ by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last http://www.professordavidlast.co.uk/ , former president of the UK’s Royal Institute of Navigation.
Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/humphreys , of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. “The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full my team conducted,” says Humphreys.
Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 . The scale of the problem did not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/ , 32 km away. This is probably for defensive reasons; many NATO guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets.
But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build his first spoofer from scratch in 2008, but notes that it can now be done with commercial hardware and software downloaded from the Internet.
Nor does it require much power. Satellite signals are very weak – about 20 watts from 20,000 miles away – so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon.
If the hardware and software are becoming more accessible, nation states soon won’t be the only ones using the technology. This is within the scope of any competent hacker http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning . There have not yet been any authenticated reports of criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ or drone delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle.
But Humphreys believes that spoofing by a state operator is the more serious threat. “It affects safety-of-life operations over a large area,” he says. “In congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions.”
Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine. “My gut feeling is that this is a test of a system which will be used in anger at some other time.”
73’s
webmaster
_______________________________________________
YCCC Reflector mailto:***@contesting.com Yankee Clipper Contest Club http://www.yccc.org Reflector Info: http://lists.contesting.com/mailman/listinfo/yccc



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

_______________________________________________
time-nuts mailing list -- time-***@febo.com To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
s***@microafrica.co.za
2017-08-15 07:25:02 UTC
Permalink
This article from 2009:
http://web.stanford.edu/group/scpnt/gpslab/website_files/anti-spoofing/insideGNSS_rasd-montgomery.pdf


It talks about spoofing and preventing Spoofing.
Post by REEVES Paul
This was referred to in my post (subject: 'Loran') on 8/8/17 and was a news item in 'Inside GNSS' and other journals before that. Didn't get many comments on my post :-(
Must have used the wrong subject!!!!
Paul G8GJA
-----Original Message-----
Sent: 12 August 2017 22:23
To: Discussion of precise time and frequency measurement
Subject: [time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
FYI, John K1AE
-----Original Message-----
Sent: Saturday, August 12, 2017 9:26 AM
To: YCCC Reflector
Subject: [YCCC] Fwd: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon
As if there were not enough problems in the world .....
Whitey K1VV
Date: August 12, 2017 at 7:37 AM Subject: Re: [Radio Officers, &c] Ships fooled in GPS spoofing attack suggest Russian cyberweapon Ships fooled in GPS spoofing attack suggest Russian cyberweapon News from: New Scientis (article reported by R/O Luca Milone - IZ7GEG) https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof [1] ing-attack-suggest-russian-cyberweapon/#.WY6zNfZq1VA.google_plusone_sh are On date: 10 August 2017 By David Hambling Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals. On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship
off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot - more than 32 kilometres inland, at Gelendzhik Airport. After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces - signals from the automatic identification system used to track vessels - placed them all at the same airport. At least 20 ships were affected http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea [2] . While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection - https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/ [3] a spoofing attack that has long been warned of but never been seen in the wild. Until now, the biggest worry for GPS has been it can be jammed https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/ [4] by masking the GPS satellite signal with noise. While this can cause chaos,
it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. "Jamming just causes the receiver to die, spoofing causes the receiver to lie," says consultant David Last http://www.professordavidlast.co.uk/ [5] , former president of the UK's Royal Institute of Navigation. Todd Humphreys http://www.ae.utexas.edu/faculty/faculty-directory/humphreys [6] , of the University of Texas at Austin, has been warning of the coming danger of GPS spoofing for many years. In 2013, he showed how a superyacht with state-of-the-art navigation could be lured off-course by GPS spoofing. "The receiver's behaviour in the Black Sea incident was much like during the controlled attacks http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full [7] my team conducted," says Humphreys. Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over
the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823 [8] . The scale of the problem did not become apparent until people began trying to play Pokemon Go. The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/ [9] , 32 km away. This is probably for defensive reasons; many NATO guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets. But now the geolocation interference is being used far away from the Kremlin. Some worry that this means that spoofing is getting easier. GPS spoofing previously required considerable technical expertise. Humphreys had to build his first spoofer from scratch in 2008, but notes that it can now be
done with commercial hardware and software downloaded from the Internet. Nor does it require much power. Satellite signals are very weak - about 20 watts from 20,000 miles away - so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon. If the hardware and software are becoming more accessible, nation states soon won't be the only ones using the technology. This is within the scope of any competent hacker http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning [10] . There have not yet been any authenticated reports of criminal spoofing, but it should not be difficult for criminals to use it to divert a driverless vehicle https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/ [11] or drone delivery, or to hijack an autonomous ship. Spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle. But
Humphreys believes that spoofing by a state operator is the more serious threat. "It affects safety-of-life operations over a large area," he says. "In congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions." Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine. "My gut feeling is that this is a test of a system which will be used in anger at some other time." 73's webmaster
Post by REEVES Paul
_______________________________________________
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus [14]
_______________________________________________
and follow the instructions there.
_______________________________________________
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts [15]
and follow the instructions there.
Links:
------
[1]
https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoof
[2]
http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea
[3]
https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/
[4]
https://www.newscientist.com/article/dn20202-gps-chaos-how-a-30-box-can-jam-your-life/
[5] http://www.professordavidlast.co.uk/
[6] http://www.ae.utexas.edu/faculty/faculty-directory/humphreys
[7] http://onlinelibrary.wiley.com/doi/10.1002/navi.183/full
[8]
https://themoscowtimes.com/articles/the-kremlin-eats-gps-for-breakfast-55823
[9]
http://www.thetruthaboutcars.com/2017/01/bizarre-gps-spoofing-means-drivers-near-kremlin-always-airport/
[10]
http://www.comsoc.org/ctn/lost-space-how-secure-future-mobile-positioning
[11]
https://www.newscientist.com/article/2142059-sneaky-attacks-trick-ais-into-seeing-or-hearing-whats-not-there/
[12] http://www.yccc.org
[13] http://lists.contesting.com/mailman/listinfo/yccc
[14] https://www.avast.com/antivirus
[15] https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Mark Sims
2017-08-14 22:38:23 UTC
Permalink
The US has artillery shells, mortar rounds, etc that can home in on GPS spoofers and, uhh, "turn them off".
_______________________________________________
time-nuts mailing list -- time-***@febo.com
To unsubscribe, go to https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Loading...