Scroll Top

World’s first GPS Spoofing attack puts 20 ships 32km inland at an airport



  • New technology keeps lowering the bar for criminals and nation states that want to cause mischief and harm, and now the makers of autonomous vehicles have something new to worry about


Recently there have been reports of satellite navigation problems in the Black Sea that suggests that someone, and people are pointing fingers at Russia, might be testing a new GPS spoofing system, and if they are then it could be the first hint of a new form of electronic warfare that could one day be made available to everyone from rogue nation states to petty criminals. And it could also spell bad news for anything and everything that’s autonomous, like cars, trucks and cargo ships, and relies on GPS, which in today’s world is alot…


See also
China launches worlds first unhackable Quantum communications satellite


On 25th August, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32km inland, at Gelendzhik Airport. And let’s face it, the last place you’d expect to find a giant container ship would be at an airport – after all, if that was a real thing then UPS and FedEx would be having kittens – what next flying ships?

Anyway, after checking the navigation equipment was working properly the captain of the ship in question contacted other nearby ships and found that their Automatic Identification System (AIS) traces, the signals from the used to track vessels, placed them all at the same airport.

Overall, at least twenty ships reported they were all at the same airport…


See also
In a first a hacker is demanding full control of a major company


While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.

Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect because GPS receivers sound an alarm when they lose the signal due to jamming.

Spoofing though is more insidious – a false signal from a ground station simply confuses a satellite receiver.

“Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former president of the UK’s Royal Institute of Navigation.


See also
In a world first Chinese hackers spoofed biometric authentication systems to steal $76 Million


Todd Humphreys, of the University of Texas at Austin, is one of those who has been warning of the coming danger of GPS spoofing for many years, and in 2013, he showed how a super yacht with state-of-the-art navigation could be lured off-course by GPS spoofing.

“The receiver’s behaviour in the Black Sea incident was much like during the controlled attacks my team conducted,” says Humphreys.

Humphreys thinks this is Russia experimenting with a new form of electronic warfare. Over the past year, GPS spoofing has been causing chaos for the receivers on phone apps in central Moscow to misbehave, and the scale of the problem did not become apparent until people began trying to play Pokemon Go.

The fake signal, which seems to centre on the Kremlin, relocates anyone nearby to Vnukovo Airport, 32 km away. This is probably for defensive reasons, after all many f NATO’s guided bombs, missiles and drones rely on GPS navigation, and successful spoofing would make it impossible for them to hit their targets.


See also
DARPA selects Gryphon to build world's first ever nuclear rocket engine


But now the geolocation interference is being used far away from the Kremlin some worry that this means that spoofing is getting easier because GPS spoofing previously required considerable technical expertise.

Humphreys, for example, had to build his first spoofer from scratch in 2008, but notes that it can now be done with commercial hardware and software downloaded from the internet. Nor does it require much power. Satellite signals are very weak, about 20 watts from 20,000 miles away, so a one-watt transmitter on a hilltop, plane or drone is enough to spoof everything out to the horizon.

If the hardware and software is, as people think, becoming more accessible then soon it won’t just be nation states using it to do mischief, and while there haven’t yet been any reports of criminals using the technology, yet, one day we could find them using it to divert driverless cars and trucks, autonomous drones and even hijack autonomous ships.

While spoofing will give everyone affected the same location, so a hijacker would just need a short-ranged system to affect one vehicle, Humphreys believes that spoofing by a state operator is the more serious threat.


See also
China's hybrid supersonic weapon flies like a missile and swims like a torpedo


“It affects safety-of-life operations over a large area,” he says, “in congested waters with poor weather, such as the English Channel, it would likely cause great confusion, and probably collisions.”

Meanwhile Last says that the Black Sea incident suggests a new device capable of causing widespread disruption, for example, if used in the ongoing dispute with Ukraine.

“My gut feeling is that this is a test of a system which will be used in anger at some other time,” he said.

Related Posts

Leave a comment


Awesome! You're now subscribed.

Pin It on Pinterest

Share This