GPS Interference Now a Major Flight Safety Concern For Airline Industry

An anonymous reader quotes a report from The Register: Europe's aviation safety body is working with the airline industry to counter a danger posed by interference with GPS signals -- now seen as a growing threat to the safety of air travel. The European Union Aviation Safety Agency (EASA) and the International Air Transport Association (IATA) held a recent workshop on incidents where people spoofed and jammed satellite navigation systems, and concluded these pose a "significant challenge" to safety. Mitigating the risks posed by such actions will require measures to be enacted in the short term as well as medium and long term timescales, the two bodies said. They want to start by sharing information about the incidents and any potential remedies.

In Europe, this information sharing will occur through the European Occurrence Reporting scheme and EASA's Data4Safety program. Given the global nature of the problem, a broader solution would be better, but this would have to be pursued at a later date, EASA said. Inevitably, another of the measures involves retaining traditional navigation aids to ensure there is a conventional backup for GNSS navigation, while a third calls for guidance from aircraft manufacturers to airlines and other aircraft operators to ensure they know how to manage jamming and spoofing situations. As a further measure, EASA said it will inform all relevant stakeholders, which includes airlines, air navigation service providers, airports and the air industry, about recorded incidents.

Interference with global navigation systems can take one of two forms: jamming requires nothing more than transmitting a radio signal strong enough to drown out those from GPS satellites, while spoofing is more insidious and involves transmitting fake signals that fool the receiver into calculating its position incorrectly. According to EASA, jamming and spoofing incidents have increasingly threatened the integrity of location services across Eastern Europe and the Middle East in recent years. [...] The IATA said that coordinated action is needed, including sharing of safety data and a commitment from nations to retain traditional navigation systems as backup.

They didn't think of this?

[mamba-mamba]

It's actually a little bit surprising that they didn't anticipate this. Like with signed packets or something. Wouldn't help with jamming but it would help with spoofing. At least when the signal is jammed you will know you lost signal.

Re:They didn't think of this?

[lordlod]

GPS Spoofing has been a known issue in both the GPS and flight safety industries for a long time. There were debates around it when ADS-B was rolled out but they weren't taken seriously because it has never been a significant practical issue.

The military GPS bands have a code that encrypts the signal, this prevents spoofing for military users. The catch the military has is that the military equipment is rare and fairly shit compared to the civilian equipment. In desert storm soldiers were relying on civilian equipment procured personally and by the military. My understanding is that this is still the case, soldiers carrying Garmin watches for example. So the military is still impacted by spoofing, despite the military band.

My understanding is that most of the current spoof attacks are fairly crude and can be detected by looking for discrepancies between the signal over time, signal strength or between the multiple bands and systems now available. However once detected you've still lost GPS and it's now a critical component for many industries.

Re:They didn't think of this?

[tlhIngan]

So the military is still impacted by spoofing, despite the military band.

Spoofing affects the P-code as well. In order for a military GPS to decode P-code (precision) it needs to acquire the C/A (coarse acquisition) code, aka "regular GPS" to us civilians. Thus, if in a spoofed environment, if you haven't already got a lock on P-code, you can't get a lock at all. Military GPS need to lock on successfully to the C/A code before they can start to decrypt the P-code data.

Re:

[Bomazi]

You are wrong. Satellites do not transmit the P code directly, but the Y code, which is an encrypted version of the P code. Advanced military receivers can lock on the Y code directly. They don't need the C/A code and you cannot spoof the Y code, thus they are not affected by spoofing. Advanced civilian receivers cannot lock on the Y code, but if they can lock on the C/A code, then they can use it even without decryption. Thus they are affected by spoofing of the C/A code. Regular civilian receivers, like t

Re:

[sinkskinkshrieks]

That's a legacy way of P/Y/W. M-code is the new way.

Unencrypted global infrastructure comms will inevitably be disrupted by adversaries. The way forward for civy users must solve the "http:" spoofing problem by using public key cryptography.

Once upon a time in old civy GPS gear, fancy PLLs in 12+ channel receivers did pseudoranging of L1.

Re:

[sinkskinkshrieks]

2/ GPS and other GNSS systems will need to either improve jam-resistance for everyone, or issue another form of keyed receivers to commercial users. Iran and other actors are hostile to global trade and safety.

Re: They didn't think of this?

[crackerjack155]

It looks like that's only on the older ones.

Modern ones can directly acquire the y code signal.

With the newest M code, it's even more jam/spoof resistant

Re:They didn't think of this?

[Entrope]

Sure, except that the signals are meant to be broadcast, so everybody would see the same signature -- and someone who re-broadcasts the signal (which is one common way to spoof the signal) is not ready to detect. Also, most of the relevant information is in the timing of the signals, not in the message bits. The timing is different for each user, and changes as the user and satellite move (that's how the while system works), so you can't create a signature that covers the timing.

There are lots of straightforward ways to authenticated the data bits (Navigation Message Authentication) but they don't protect against replay attacks. They're a little bit more complicated once you consider that the total bit rate for one signal is often on the order of 50 bits per second, so a traditional digital signature takes s long time to transmit.

There are techniques to watermark the transmitted signal, such as TESLA (Timed Efficient Stream Loss-tolerant Authentication), that do let a compatible receiver detect spoofing. But most GNSS satellites don't support that, and neither do receivers.

The combination of watermarking difficulties, and significance of timing are fundamentally why it's hard to fix the problem.

Re:

[mamba-mamba]

Do they also spoof the Doppler shift? If not, that might be a way to detect the spoofing. If the expected Doppler is substantially different from the actual Doppler, something is wrong. But I do get your point about the delays. Delaying the signals would allow you to do a fair amount of spoofing. Enough for disruption. It wouldn't be enough to turn a drone around and fly it back to its point of origin or anything. But it could definitely cause a lot of disruption and maybe make it crash into something.

Re:

[Entrope]

Yes, spoofers also include the Doppler shift. That's one of the things that GNSS receivers normally track, and they would behave oddly if the Doppler was off.

https://bigthink.com/strange-m... [bigthink.com] describes one current form of GPS spoofing ("circle spoofing") as well as giving a few examples of claimed or believed GPS spoofing incidents in the past.

Re:

[AmiMoJo]

The EU did anticipate spoofing, and the Galileo system uses public key crypto and strict timing requirements to prevent it from working.

Currently the only known attack on Galileo requires the spoofing to start before the receiver does.

Increase the cost of the avionics by 0.01%.

[AlanObject]

Why not install an INS system to corroborate the GPS reading? I think the military does that don't they?

Re:

[znrt]

this is a cat and mouse game. whatever one devises, another will exploit.

you can't have both war and peace, war inevitably spills over. the only solution is to end the war. that's a really, really hard pr problem now because so many lies have been told that it will be excruciatingly painful to reckon the cold truth now. it ain't gonna happen, and it will get harder with every new lie, so ... keep looking for band-aids, but get used to it.

Re:Increase the cost of the avionics by 0.01%.

[Patent Lover]

All commercial aircraft have an INS updated by GPS.

Re:

[ceoyoyo]

They do. Three of them on most airliners. Commercial aviation is about backups for the backups.

Re:

[geekmux]

And yet commercial airliners can still become lost in the 21st Century?

I grow tired of the enshitification of common terms and their degraded warped definitionstake “backup” for example

Re:

[ceoyoyo]

No airliners have gotten lost. Again, commercial aviation is about backups for the backups. When one method of navigation is potentially compromised, everyone involved needs to know about that possibility, and ideally it would be mitigated somehow.

Old hat

[TigerPlish]

https://en.wikipedia.org/wiki/... [wikipedia.org]

This has been done before. This was a big deal. I don't know when this was de-classified, but I kinda expect the people who invented GPS had to know about this - and assume theirs was equally vulnerable to spoofing and jamming.

That they didn't, and let GPS be spoofable is perplexing.

Re:

[AmiMoJo]

I think the issue was that when GPS was first developed and the first satellites put up (first launch in 1978), it was barely possible to handle the computing needed to determine location on available hardware. Receivers were large and power hungry.

Additionally, public key crypto was fairly new, at least in the US. The British discovered it a decade earlier, but kept it quiet.

Basically the tech needed to prevent spoofing was just not available. They could potentially add it now, but are probably waiting to

Re:

[geekmux]

That they didn't, and let GPS be spoofable is perplexing.

Full auto sears to convert a semi auto to a machine gun have been known for decades to machinists. Doesn’t mean we are suddenly long overdue for metal lathe regulation and background checks. GPS spoofing is like any other risk; measurable. If the risk has been minimal, then perhaps it’s not a problem worth breaking to fix.

Re:

[coofercat]

> That they didn't, and let GPS be spoofable is perplexing.

The military band has some spoof/jamming protections, and I believe has been updated a couple of times since the original sats went up.

The civilian band does have some protections too, but those are no longer technologically sound enough to work properly. Hence the rise in spoofing/jamming. The point being that these sorts of protections *were* designed in from the start - and actually worked very well for probably 20-30 years. They're not as sop

They scrapped the vor systems

[Revek]

Getting rid of the vor beacons was really stupid. I know gps is cheaper but in the end redundancy should be a priority. I'm unsure if they had systems like that in Europe. They had it in the US and UK for sure. I'm also pretty sure they are all gone now.

Re: They scrapped the VOR systems

[DoubleJ1024]

Up until about six months ago I worked for a major commercial avionics manufacturering company that was still building VOR units for Boeing and Airbus. EOL for the VOR product line was still a few years away when I left. That was mainly due to the part obsolescence issues and a high cost of redesign.

Re:

[joab_son_of_zeruiah]

In the continental US the "Minimum Operational Network" (MON) is alive and well. The issue is globally over war zones, which can be anywhere. https://www.faa.gov/about/offi... [faa.gov]

Just put GBAS Everywhere

[laughingskeptic]

Move the GPS transmitters for flying things to the ground and rather than having one GBAS in line-of-site, have 4. Then the weak, easily interfered with signals from space will not be so important. If we put a GBAS at every airport, even the rinky-dink ones, this would probably do it. Right now we have less than 10 of these GBAS GPS Augmentation transmitters operating in the US.

For an extra check, these systems could include laser range finder reflectors between their antennas that could be checked against when in range.

Re:Just put GBAS Everywhere

[Entrope]

GBAS is also used because it's very expensive for each airport. It's also a GPS augmentation system: if it sees the same spoofed signal, it will tell receivers not to use those signals -- but the plane will need another means of navigation to land. If GBAS doesn't see the spoof, the plane would need another way to detect it. Using GBAS signals for ranging will (a) not work well because the antennas are usually on top of the plane, (b) not work well because you really want more than four signals to deal with obstructed lines of sight and signal glitches, and (c) make the system a lot more expensive because you now need high-quality (cesium or AHM) atomic clocks at each transmitter along with a way to synchronize those clocks.

One plausible way to detect spoofing is to look for improbable correlations between the signals received at two different points on the plane. https://navisp.esa.int/uploads... [esa.int] describes this for a boat; good receivers can use differential baselines of just a few meters, so it's practical on commercial airlines. But that doesn't solve the problem of needing another means of navigation.

Re:

[Entrope]

Sigh. That should be "GBAS is SELDOM used". SBAS costs amortize a lot better over a given area.

Boom, boom, dam, boom, another dupe bites the dust

[ls671]

Boom, boom, dam, boom, another dupe bites the dust!
https://tech.slashdot.org/stor... [slashdot.org]

Re:

[Shag]

I must admit I was shocked that the problem hadn't been solved in the last three days.

Time for GPS over SSL - GPS^2?

[kiviQr]

amazing that this industry works on GPS (think HTTP) for that long.

Re:

[geekmux]

amazing that this industry works on GPS (think HTTP) for that long.

Amazing that people automatically assume HTTP means broken, along with forgetting the encrypted features in military GPS systems did not create a magical fix.

Re:Time for GPS over SSL - GPS^2?

[lordlod]

GPS is not ethernet, attempting to use ethernet based techniques for GPS is naive.

As a simple illustration GPS is a one way broadcast, the receiver has no return channel. This means that there can't be any kind of handshake process, and you are completely vulnerable to a replay attack. As a very basic attack a spoofer could transmit low level noise across the frequency preventing the normal GPS signal from being received. They could listen to the real signal, and then retransmit it at significantly higher power levels a fraction of a second later. The delay would significantly impact the pseudorange for that signal and the computed position, time shifting multiple signals would allow you to alter the position in a predictable way.

Re:

[kiviQr]

You could distribute certificates beforehand (like CA in browsers does), then sign it. Spoofing would be impossible unless you got CA cert.

Re:

[Entrope]

Mobile phone signals are often at different frequencies -- some much closer to other signals used on the airplane for communications or navigation -- and at higher peak power than Wi-Fi. Those increase the possibility of harmful interference relative to using onboard Wi-Fi. It's not a huge increase, but aviation (apparently excepting a certain plane manufacturer) is extremely conservative about safety and they spend a lot of time worrying about one-in-a-billion and one-in-ten-million risks. (1e-9 for cat

Reap what you sow

[VeryFluffyBunny]

Why would anyone want to jam or spoof aircraft navigation systems? Western military powers have been turning the world into never-ending war zones for decades & now they're complaining that it isn't safe to fly aircraft in them?

Don't shutdown traditional navaids

[chipperdog]

Reason we should keep VORs and NDBs running and not decommissioning them. Relying solely on satellite navigation is leaving us vulnerable.

Why not use a directional antenna?

[schweini]

I'm quite ignorant on RF engineering, but I always wonder why important GPS receivers aren't simply RF shielded in a way so that only signals from the sky reach the antenna?
AFAIK, almost all GPS spoofing is done using ground-based equipment.
Genuine question: why would it not be sufficient to put the GPS receiver in a metal bowl with its opening towards the sky? Shouldn't this block all ground-based interference?