[time-nuts] Ships fooled in GPS spoofing attack suggest Russian cyberweapon

Graham / KE9H ke9h.graham at gmail.com
Mon Aug 14 15:02:05 EDT 2017


Remember the military drone that the Iranians tricked into landing in Iran
a few years ago?

The best explanation I heard of how they did it was that they knew that if
it lost its command channel, that it would return to the airport where it
took off.

So, what they did was spoof the GPS with a signal that said it was 150
miles further east than it actually was, then jam the control channel, and
it set down nicely on the airport it came from, except that it was the
desert in IRAN with a few rocks that ripped up its landing gear, and not
its home runway.

Would this spoof be as easy as recording the real signal and playing it
back (louder) delayed by about 120 seconds? (Assuming you want to shift
things to the East.) (Also assume you have a relatively unsophisticated GPS
nav receiver.)

--- Graham

==

On Mon, Aug 14, 2017 at 1:41 PM, Bob kb8tq <kb8tq at n1k.org> wrote:

> Hi
>
> > On Aug 14, 2017, at 2:13 PM, Chris Albertson <albertson.chris at gmail.com>
> wrote:
> >
> > The trouble with spoofing location is that in theory every ship is using
> > more than one method of navigation.   They would notice their GPS is
> acting
> > up and turn it off.
>
> In most cases the “other method” is dead reckoning. That’s actually being
> generous. There are a *lot* of cases every year where the answer is that
> the vessel is on GPS autopilot with nobody at all on watch. Yes the
> results of
> breaking the law are fairly predictable. Actually having a competent
> navigator
> on duty all the time running “alternate” data, that costs money …..
>
> Bob
>
> >
> > I'm far from a professional but I've taken the  six week class and I'm
> > reasonably certain I could find a place on the other side of the pacific
> > ocean with no GPS.   The GPS is far easier to use and more accurate but
> no
> > one uses just GPS alone, they alway compare several methods.
> >
> > On Mon, Aug 14, 2017 at 10:12 AM, Clint Jay <cjaysharp at gmail.com> wrote:
> >
> >> I guess it would depend on the level of infrastructure available to the
> >> attacker, clock distribution is a reasonably well solved problem isn't
> it?
> >>
> >> There would, I suppose also be the issue of receiver swamping, you could
> >> monitor received signal levels as it's my understanding that the signals
> >> from the satellites are weak enough that they're indiscernible from
> noise
> >> floor without some rather complex processing?
> >>
> >> Authentication via signing could be another feasible way to prevent
> >> spoofing except we are potentially talking about interference from state
> >> actors who may even be the very people who run one of the satellite
> >> networks
> >>
> >> On 14 Aug 2017 5:51 pm, "Attila Kinali" <attila at kinali.ch> wrote:
> >>
> >>> On Mon, 14 Aug 2017 12:09:43 -0400
> >>> Tim Shoppa <tshoppa at gmail.com> wrote:
> >>>
> >>>> I think if you are only trying to spoof a single receiver it would be
> >>>> possible to walk a spoofed time/space code in a way that time moved
> >>> without
> >>>> so obvious of a discontinuity. I'm sure there would be effects a
> >> time-nut
> >>>> could notice still.
> >>>
> >>> Not really. Unless you have a multi-antenna setup (see jim's email),
> >>> you have nothing to compare the signal to. Even an ideal reference
> >>> clock in your GPS receiver does not help, as the attacker could be
> >>> tracking you in such a way that you will never see a discontinuity
> >>> in time or position and that all the other sanity checks you do
> >>> still don't show anything.
> >>>
> >>> With a two antenna setup, you can already check whether the phases
> >>> add up to what you expect them to be, given your position relative
> >>> to the satellites position. You do not need 3 antennas as a potential
> >>> attacker can spoof the phase of some satellites correctly, but not
> >>> of all at the same time. This at least gives you a spoof/no-spoof
> signal.
> >>>
> >>> With an antenna array you can do some masking of spoofers (ie placing
> >>> a null where the spoofer comes from). But this increases the cost and
> >>> complexity of the system super-linear with the number of antennas.
> >>> Maybe one way to do it, would be to use a single receiver with a stable
> >>> reference clock and switch between antennas in short succession. Ie
> >> similar
> >>> to how the early single channel GPS receivers worked, but for antennas
> >>> instead of SVs. But I have no idea how easy/difficult this would be
> >>> to do and how well it would work against spoofers.
> >>>
> >>>                                Attila Kinali
> >>> --
> >>> It is upon moral qualities that a society is ultimately founded. All
> >>> the prosperity and technological sophistication in the world is of no
> >>> use without that foundation.
> >>>                 -- Miss Matheson, The Diamond Age, Neil Stephenson
> >>> _______________________________________________
> >>> time-nuts mailing list -- time-nuts at febo.com
> >>> To unsubscribe, go to https://www.febo.com/cgi-bin/
> >>> mailman/listinfo/time-nuts
> >>> and follow the instructions there.
> >>>
> >> _______________________________________________
> >> time-nuts mailing list -- time-nuts at febo.com
> >> To unsubscribe, go to https://www.febo.com/cgi-bin/
> >> mailman/listinfo/time-nuts
> >> and follow the instructions there.
> >>
> >
> >
> >
> > --
> >
> > Chris Albertson
> > Redondo Beach, California
> > _______________________________________________
> > time-nuts mailing list -- time-nuts at febo.com
> > To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> > and follow the instructions there.
>
> _______________________________________________
> time-nuts mailing list -- time-nuts at febo.com
> To unsubscribe, go to https://www.febo.com/cgi-bin/
> mailman/listinfo/time-nuts
> and follow the instructions there.
>


More information about the time-nuts mailing list