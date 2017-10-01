Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Russia Suspected In GPS-Spoofing Attacks On Ships (wired.co.uk) 47

Posted by EditorDavid from the global-re-positioning-signal dept.
How did a 37-ton tanker suddenly vanish from GPS off the coast of Russia? AmiMoJo shares a report from Wired: The ship's systems located it 25 to 30 miles away -- at Gelendzhik airport... The Atria wasn't the only ship affected by the problem... At the time, Atria's AIS system showed around 20 to 25 large boats were also marooned at Gelendzhik airport. Worried about the situation, captain Le Meur radioed the ships. The responses all confirmed the same thing: something, or someone, was meddling with the their GPS...

After trawling through AIS data from recent years, evidence of spoofing becomes clear. GPS data has placed ships at three different airports and there have been other interesting anomalies. "We would find very large oil tankers who could travel at the maximum speed at 15 knots," said a former director for Marine Transportation Systems at the U.S. Coast Guard. "Their AIS, which is powered by GPS, would be saying they had sped up to 60 to 65 knots for an hour and then suddenly stopped. They had done that several times"...

"It looks like a sophisticated attack, by somebody who knew what they were doing and were just testing the system..." says Lukasz Bonenberg from the University of Nottingham's Geospatial Institute. "You basically need to have atomic level clocks."
The U.S. Maritime Administration confirms 20 ships have been affected -- all traveling in the Black Sea -- though a U.S. Coast Guard representative "refused to comment on the incident, saying any GPS disruption that warranted further investigation would be passed onto the Department of Defence." But the captain of the 37-ton tanker already has his own suspicions. "It looks like the Russians define an area where they don't want the GPS to apply."

  • It's all fun and games until a ship runs aground or collides with something, and an eye gets poked out

    • It's all fun and games until a ship runs aground or collides with something, and an eye gets poked out

      Don't some weapons use GPS for, at least, some navigation? If so, then now there's now an exclusion area.

  • Time to add encryption to civilian GPS? (Score:3)

    by Baron_Yam ( 643147 ) on Sunday October 01, 2017 @01:34PM (#55288075)

    The US military already encrypts GPS for themselves - it can still be jammed, but it can't be spoofed.

    Maybe it's time encryption was applied to civilian GPS as well. It's not like consumer electronics don't have the capability to handle the decryption, and it's not like you'd have to use the same keys as military GPS.

    • Re: (Score:3)

      by Nutria ( 679911 )

      it can still be jammed

      That's why the USN has started teaching Old School navigation methods again.

    • The US military is the only entity that can control GPS signals on such scale. If you did with a spoofed signal, you'd need a rather powerful antenna given the range and someone would notice and even able to calculate its position.

      The US military controls the satellites and have reduced accuracy or even blacked out signals in war zones like Iraq. Russians have their own "GPS" and thus no need to spoof it, especially not in Russian territory. The only people that have any benefit of black ops in Russian terr

      • Re: (Score:1)

        by Anonymous Coward

        Wrong. Russia already spoofs GPS signals around Moscow to make it look like you're at the airport - sounds a lot like this. You can google the Moscow GPS events if you want.

      • The capability doesn't seem to be beyond the Russians either, as they seem to have been rolling out this kind of electronic warfare tech in recent years:
        Borisoglebsk 2 [wikipedia.org]
        Drone and UAV defense in Ukraine [defenseone.com]

    • Encryption wouldn't be needed, but signing would be important. However, how does one offer this? An encrypted stream takes very little overhead to keep going with, because block and stream ciphers are very efficient. However, plaintext signing is a different ball game together. How do you sign a stream?

    • Re: (Score:2)

      by mbone ( 558574 )

      The US military already encrypts GPS for themselves - it can still be jammed, but it can't be spoofed.

      Of course it can be spoofed ("meaconned"), even if you assume that the encryption cannot be cracked. An attacker can receive the satellite signal and retransmit it. This signal will arrive at the target late, but it will still be valid - of course the attacker has to manipulate power / jamming etc to convince the receiver that the meacon signal is the valid one. You can be sure much thought has been given to this topic.

      The particular attacks in the original post appear to be related to protecting Putin [nrkbeta.no]. I d

    • There is indeed a separate higher resolution encrypted feed for the military. Encrypting for civilian channel use is very impractical as many many devices lack the ability to update keys (no network connection). Encryption also burn clocks and batteries. With billions of devices being made all over the world by thousands of manufacturers keeping the keys private is unrealistic. Further with only one global key to crack by state supported entities it would not last long. (yes, the old /. meme of "imagin

  • 37-ton tanker ? (Score:3)

    by tomhath ( 637240 ) on Sunday October 01, 2017 @01:35PM (#55288085)
    Nice proofreading. That's not even a big truck. The article says 37000 ton

  • sophistication (Score:4, Interesting)

    by phantomfive ( 622387 ) on Sunday October 01, 2017 @01:42PM (#55288119) Journal
    These attacks have been known for a while [utexas.edu], and are not hard at all. All you need is a radio that is stronger than the GPS signal. It's been demonstrated multiple times at DEFCON [youtube.com], and there are youtube videos that show you how to do it with a hackrf radio (for example, if you want to move to a particular place while playing Pokemon Go).

    Wikipedia suggests that Russia spoofs GPS whenever Putin is in the area.
  • or maybe there's a bug in the AIS software

  • About a year ago, this same thing was reported on land as well in Russia

    https://news.slashdot.org/stor... [slashdot.org]

  • You are too retarded to be reasoned with on any level.

    We are going to decide your reality by repeating the lies we want you to believe again and again and again, and these lies will become your reality, because indeed you are an unreasoning swine, and all that you hear you believe.

  • I thought all the satellites were too old to receive anything from earth, let alone from puny handheld units like as early smartphones were. Maybe that's why it's not called Wireless magazine?

  • To me it sounds like a system for confusing cruise missiles, making them drop out of the sky far from target.

  • AIS or GPS? (Score:3)

    by Known Nutter ( 988758 ) on Sunday October 01, 2017 @02:38PM (#55288387)
    Are we spoofing GPS here, or are we spoofing AIS? Just so we're clear... GPS is obviously GPS, but the summary seems to conflate GPS and AIS. AIS is a terrestrial based VHF system which takes GPS data from individual ships adds identifiers and transmits it to anyone who cares to listen, which usually means other ships and shore-side receivers. It sounds to me like it is AIS that is being spoofed -- which would be trivial compared to GPS.

    Keep in mind that AIS is just one of several redundant systems which ships use to navigate waterways and track positions of nearby vessels.

    No investigation has indicated suspicions that Russia did anything. The only one who suspects Russia is one captain of a tanker ship.

