The insecurity of global navigation satellite systems is proving to be major problem
May 4 2020
by Aaron Sherrill
As our world becomes more automated, devices, applications, services and entire industries are becoming increasingly dependent on positioning and timing data provided by global navigation satellite systems (GNSS). Global positioning data is not just limited to auto-navigation and mapping, it is vital data for first responders, the shipping industry, the transportation industry and the manufacturing industry. It is used by supply chains, for telecommunications, by electrical grids to route power to homes and businesses, for resource exploration and extraction, for fleet management, by military operations, to track and monitor parolees or those under house-arrest, and even by stock exchanges to regulate trades and time financial transactions. It is estimated there are over eight billion GNSS receivers in use today. It is difficult to comprehend just how dependent the global economy has become on GNSS. Unfortunately, global navigation satellite systems are more vulnerable to attack and disruption than most realize.
The 451 Take
GNSS attacks exploit a significant weakness in the security posture of many organizations. While most organizations have invested time and resources to prevent and detect attacks targeting the information technology infrastructure, few have considered the profound and damaging effects that attacks against GPS or other GNSS systems can have. As organizations adopt a wide range of emerging technologies and capabilities, they must also consider the impact of these systems from a security aspect. GNSS security, just like cloud security, AI security and IoT security, should become a part of the cybersecurity realm, especially as positioning, navigation and timing data becomes an increasingly critical component of enterprise systems and infrastructure.
While the acronyms GPS and GNSS are often used interchangeably, GNSS is an umbrella term for five global system constellations: GPS (US), QZSS (Japan), BEIDOU (China), GALILEO (EU) and GLONASS (Russia). Each constellation comprises dozens of satellites operating in multiple orbital planes. Modern systems and applications are able to take advantage of multiple GNSS constellations at the same time to improve the reliability and availability of signals, increase accuracy and provide redundancy.
Like most mainstream technology, GNSS is often taken for granted, yet it has become a central part of life for many across the globe. Global navigation systems provide positioning, navigation and timing services free for the entire world to use. However, that was not always the case. For example, GPS was originally built for military use and wasn't opened to worldwide public use until 1983. However, even then, GPS only provided accuracy to about 100 meters for the general public, limiting high-accuracy GPS data for military use only. Recognizing the potential benefits of highly accurate GPS signals to both businesses and civilians, US President Bill Clinton signed a bill in 2000 making accurate GPS signals available to everyone.
GNSS is an integral component of the global economy. The European Commission estimated that about 7% of Europe's GDP is now dependent on GNSS data. A study by the National Institute of Standards and Technology recently determined that GPS had generated over $1.4 trillion in US economic benefits since the system became publicly available in 1983, with about 90% of GPS's economic benefits only realized since 2010. The study also concluded that a GNSS outage would impact the US GDP by over $1bn per day. GPS has been widely adopted by many industries, including 14 of the 16 industries deemed to be critical infrastructure by the US government.
GNSS disruption, spoofing and attacks
The global dependency on weak, unencrypted signals from satellites orbiting more than 12,000 miles above the earth has made GNSS a target for disruption and malicious attacks. Unfortunately, it is fairly easy to block GNSS signals (jamming or denial of service) or manipulate them (spoofing) to create specific results and fool the target to believe it is in a different position. GNSS spoofing is not a new threat, it has been around for decades. But in recent years it has received increased attention from attackers and defenders as a viable exploit.
Just a few years ago, spoofing GNSS signals required an investment of over a quarter of a million dollars to purchase a device capable of generating GNSS signals on earth. Now, for as little as $100, anyone can purchase a software-defined radio (SDR) and, with the help of online forums and videos, spoof GNSS signals with relative ease. GNSS receivers, like those found in cell phones, automobiles and IoT devices, typically lock on to the strongest GNSS signals they can find. Signals coming from an SDR can easily overcome signals that originate from satellites and give false positioning, navigation and timing data to their targets.
Thousands of GNSS attacks have reportedly occurred over the last few years, ranging from the benign to alarming nation-state attacks:
In 2016 Pokémon GO fans (a video game for mobile devices) used cheap SDRs to cheat the game. By spoofing their GPS position and making it appear as though they were traveling to new locations, players were able to trick the game into offering new Pokémon and other in-game offers that were only available in a specific location.
GNSS spoofing has been a problem for ride-sharing services like Uber and Lyft, allowing dishonest drivers to cheat the ride-sharing system that pairs potential riders with the closest available cars.
In 2013, an engineering firm worker in New Jersey placed a GPS jammer inside his company's vehicle to hide his location from his employer. However, while he was performing contract work at Newark's airport, the jamming signals emanating from the vehicle also blocked the reception of GPS signals used by the airport's air traffic control system. The worker was reportedly fired and fined by the FCC.
In 2015, the US Department of Homeland Security reported that drug cartels were taking advantage of GNSS spoofing to divert surveillance drones along the US-Mexico border.
In October 2018, Russia accused the US of spoofing a drone and redirecting it to attack a Russian airbase in Syria.
In 2019, Russian efforts to protect an important military base in Syria through GNSS manipulation impacted flights as far away as Tel Aviv when it overpowered legitimate GNSS signals.
Ships sailing through the Strait of Hormuz and the Persian Gulf have been experiencing GPS interference and various other problems that US defense officials suspect is the work of Iran. Officials believe that Iran is disrupting the GPS navigation systems on ships and aircraft so that they might wander into Iranian waters or airspace, justifying a seizure.
Shipping companies often use GNSS-based geo-fencing for physical locks on shipping containers, preventing the container from being opened until it reaches its location. Hijackers are using GNSS spoofing to steal the contents of containers by opening them while they are still en route to their destination.
In February, US President Donald Trump signed an executive order encouraging the development of a resilient positioning, navigation and timing infrastructure that is not exclusively reliant on GNSS. The European Union and the UK are working on similar regulations.
The growing global dependency on GNSS demands secure, reliable and precise positioning and timing signals – resistant to spoofing, denial of service and other attacks. That is easier said than done. However, a new generation of navigation satellites promising secure, authenticated and encrypted signaling is on the horizon. European Galileo is the first satellite system to introduce an anti-spoofing service directly on a civilian GNSS signal, allowing users to verify that signals are originating from a Galileo satellite and not a potentially malicious source. The service is expected to be publicly available for use some time in 2020. However, GNSS receivers will need to be upgraded or replaced to take advantage of the new capabilities.
Controlled-reception pattern antennas (CRPAs) are another option to combat GNSS spoofing and jamming. Conventional, fixed-reception pattern antennas (FRPAs) have full hemispherical coverage, listening to many satellites at once to determine the best signal to use, making them highly susceptible to spoofing and jamming. CRPAs, or 'smart' antennas, are capable of focusing directly at GNSS satellites, improving signal reception, especially in the presence of jamming attacks. However, smart antennas are typically much larger and more expensive than conventional antennas.
Firms like Telit and Septentrio are offering smart antennas as well as multi-constellation positioning and timing modules to take advantage of multiple GNSS constellations at once. Combining multiple satellite systems improves the availability of signals and increases accuracy and reliability compared to only leveraging signals from a single satellite system. Other firms, like Orolia, offer inline devices that provide jamming and spoofing data detection and protection.
Last year, Israeli firm Regulus introduced technology to detect the spoofing of GNSS signals. The solution, targeted for OEMs, is packaged into a small device that can be integrated into existing receivers for drones, ships, autonomous vehicles and cell phones. The firm also has developed a software version of the technology that can be used to upgrade existing receivers.