GPS Spoofing

[maby]

Quite a few years ago, I was working with the GPS division of one of the big defence manufacturers. I asked them about spoofing and they told me it was very secret. When I left the office that evening, one of them told me to "enjoy Bucharest" - I started the car and found myself driving through the suburbs of that city ,��

 

[Blue Sunray]

The capability is exercised pretty frequently.

https://www.ofcom.org.uk/spectrum/information/gps-jamming-exercises

 

[elton]

The capability is exercised pretty frequently.

https://www.ofcom.org.uk/spectrum/information/gps-jamming-exercises

GPS jamming is fairly simple; spoofing is not so. In fact I'm highly sceptical, and I couldn't find any references to published research in that New Scientist article, or anything it linked to.

 

[grumpy_o_g]

GPS jamming is fairly simple; spoofing is not so. In fact I'm highly sceptical, and I couldn't find any references to published research in that New Scientist article, or anything it linked to.

I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

 

[Kerenza]

I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

Indeed, but a recognised threat.
http://mil-embedded.com/articles/securing-military-gps-spoofing-jamming-vulnerabilities/

 

[lw395]

I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.

 

[st599]

When you do the maths to look at signal strength when it reaches the receiver you will be amazed it ever works.

60W lightbulb at 30000km

 

[st599]

I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

Why would you need to spoof all 4? Looking at the maths, you only need to change 1.

 

[lw395]

Why would you need to spoof all 4? Looking at the maths, you only need to change 1.

You need 3 spoofed satellites to generate a spoofed position.
1 spoofed satellite would need to have a very short delay from the true satellites or the indicated position would be nowhere near the earth's surface and probably moving at ludicrous speed. The receiver would therefore discard the spoofed satellite and make a fix with genuine ones.

 

[dolabriform]

I saw mention somewhere that drones could be used so provide the spoofed signals.

Students from the University of Texas managed to spoof the signal and get a yacht to alter course in 2013:

https://www.itnews.com.au/news/students-hijack-luxury-yacht-with-gps-spoofing-351659

Research Paper here:
https://gps.mae.cornell.edu/humphreys_etal_iongnss2008.pdf

 

[maby]

Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.

I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.

 

[JumbleDuck]

I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.

Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.

 

[maby]

Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.

Twenty years ago, building a transmitter capable of generating a signal at over 1GHz was a bit of a dark art and that rather limited the hacker community - now you can pick up RF modules on eBay for a tenner that can be pressed into service.

 

[dolabriform]

There were presentations made at Defcon 2015 showing exactly how easy it was to do with off the shelf parts costing less than $500. A chinese hacker was selling kits for $300.

 

[lw395]

Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.

These days, you can buy one off the shelf from Spectracom.

 

[James Marinero]

James - I've never heard of calibrating your GPS before - how do you go about it?

Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!

 

[Prasutigus]

Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!

Interesting, got me thinking, this a very educational thread.

 

[Prasutigus]

A good tip, to register the chart to the GPS.. although in general, wouldn't the GPS be more likely to be spot-on than a paper chart?

 

[RichardS]

A good tip, to register the chart to the GPS.. although in general, wouldn't the GPS be more likely to be spot-on than a paper chart?

That's right. You just alter the offset on the chartplotter to match the position given by the GPS as per #19.

Richard

 

[JumbleDuck]

These days, you can buy one off the shelf from Spectracom.

Yes. It makes me wonder about gliding badges these days ...