Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/26/2019
06:30 PM
100%
0%

Russia Regularly Spoofs Regional GPS

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

A large-scale analysis of global positioning data has discovered widespread Russian spoofing over the past three years of the global navigation satellite system (GNSS) used by ships and autonomous vehicle systems to find their positions and safely chart courses, according to a new report.

The report — published by the Center for Advanced Defense (C4ADS), a nonprofit intelligence firm focused on worldwide security issues — found that at least 9,883 instances of spoofing occurred near sensitive areas in Russia and Crimea and during times when high-ranking officials, such as President Vladamir Putin, were present. In addition, the data showed that spoofing regularly occurred near Khmeimim Airbase in Syria during Russian operations there. 

The findings underscore the dangers of relying on global positioning data, such as that provided by the global positioning system and similar technology across the globe, because the service can be disrupted or co-opted to deliver false data, says one author of the C4ADS report, who asked not to be named because of the sensitivity of the topic.

"Having Russia exemplify the operational use of these technologies in a defensive and power-projecting capacity could serve as a guideline for illicit nonstate actors who are looking to profit off these vulnerabilities in GNSS systems," the author says. "Or it could also be used as a guideline for other nation-states to conduct these operations." 

The attacks highlight the vulnerability of satellite navigation systems and the fact that their disruption is far more widespread than originally thought. For at least a decade, a smattering of media reports covered the problems of ships near Russia having navigational difficulties. Ship crews have found that their navigational systems placed, for example, their position parked at an airport. In reality, such measures were designed to foil the GPS on autonomous drones, which typically are not allowed to fly near airports.

In 2011, Iran reportedly used GPS spoofing to capture a US drone. And in 2013, researchers at the University of Texas at Austin were able to build a device for less than $1,000 to spoof the position of a ship and cause it to change course

"The ship actually turned, and we could all feel it, but the chart display and the crew saw only a straight line," said Todd Humphreys, assistant professor of the department of aerospace engineering and engineering mechanics, at the time.

The C4ADS report is based on a year-long analysis of marine-vessel location data provided through the Automatic Identification System (AIS). The analysts found 9,883 instances of GNSS spoofing affecting more than 1,300 vessels since February 2016. While the analysis did not explicit focus on the activities of the Russian Federation, the trend quickly became clear once the C4ADS analysts started their analysis. 

"As we went along with the research project and found these large case of GNSS spoofing and disruption in Russia, Crimea, and Syria, it was hard to ignore what the common thread there was," the author says.

The analysts identified several trends in the ways that the GNSS, which encompasses all satellite-based positioning systems, was being attacked. Many of the victims of spoofing near Russia found their locations reported to be a single Russian airport; in other cases, especially near Crimea, two or more other airports were used as destinations.

In addition, the researchers also found significant activity around military and security areas. Overall, the spoofing activity appears indiscriminate — it did not target specific ships, drones, or receivers, but every device in a specific area.

C4ADS hopes that the research will cause private technology firms and navigation-system manufacturers to prepare for such attacks in the future and develop countermeasures. The low cost of GPS spoofing equipment — less than $350, according to C4ADS — could lead to regular denial-of-service and spoofing attacks against civilian targets, the firm said. 

"The Russian Federation has a comparative advantage in the targeted use and development of GNSS spoofing capabilities," C4ADS states. "However, the low cost, commercial availability, and ease of deployment of these technologies will empower not only states, but also insurgents, terrorists and criminals in a wide range of destabilizing state-sponsored and non-state illicit networks." 

Moreover, the analyst firm likely only detected a fraction of the activity and impact of GNSS spoofing, the report states. Recent news reports suggests that independent groups already are developing their own capabilities. Just this month, at least seven car manufacturers at the Geneva Motor Show found their navigation systems showing the wrong position and time.

"These technologies could be a blueprint for other actors or nation-states to conduct these activities," C4ADS's author says.

Related Content

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
BrianN060
100%
0%
BrianN060,
User Rank: Ninja
3/27/2019 | 1:56:27 AM
Lead us not into temptation
Thank you Robert, for the fine article.  Had not heard several of the GPS spoofing examples you site.  As with so many things, we have been persuaded to trust automated systems to our peril.  Part of the danger is that the skill sets which could be used to verify or override suspect automated system indications or actions are no longer considered worthwhile; so are no longer taught or sought, or thought necessary.  

What really scares me is the idea that many of the examples of GPS spoofing, and other attempts to compromise automated systems, are just proof of concept experimentation - so that they can extrapolate to the effectiveness of a full scale assault.  
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 10:12:49 AM
Re: Lead us not into temptation
Reached popular thought some years ago when used as plot device for two Bond films - FOR YOUR EYES ONLY and more significantly in TOMORROW NEVER DIES which centered on a GPS - alteration device used by the villain and initiate a war.  
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 10:39:30 AM
One more thing to fix in an automated world
Well, GPS is now a potential target for shipping, airplanes, and probably driverless cars. The Russians appear to be using it to defend military installations from attack or field testing it for an attack against the west. The equipment and presumably the knowledge of how to do it will become easily acquired by anyone interested in using it. GPS systems will likely be hardened against this kind of spoofing, but until then add GPS spoofing to the list of threats to living in the 21st century where the "blessings" of technology are widely deployed with insufficient security by the people who make them. When the "Internet" was being invented back in the 1970s, no one thought about security because they were trying to make it work among a small network of nodes. We can see how the lack of an Internet with "baked in" security now requires people to spend billions of dollars annually to keep bad things from happening because they are connected to the Internet.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/27/2019 | 12:29:45 PM
Re: One more thing to fix in an automated world
If I remember correctly, the Internet grew out of HTML coding applied to the Darpanet - a connection service between military systems (mainframes) in bases to guard against nuclear attack.  Now in the book THE CUCKOOs EGG, it was documented that hackers, even then, were breaking into the mainframe systems through, of all things, MITRE in Virginia.  Talk about history turning on it's head!!!!!
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 2:05:28 PM
Re: One more thing to fix in an automated world
Yes, Clifford Stoll is an astronomer who was working as a systems administrator at Lawrence Berkeley National Laboratory (LBNL) when he noticed a small accounting error on someone's computer account. This intrusion into LBNL's systems led to a lengthy investigation of how it happened, which eventually resulted in the arrest of a German national who was a KGB agent. They were using modems back then, and the LBNL systems were likely running BSD Unix. Clifford Stoll wrote the book "The Cuckoo's Egg" in 1986 which I read many years ago. The book is the story of his investigation of the intrusion and how the intruder was tracked down. Tim Berners-Lee is credited with the "invention" of the World Wide Web. He wrote a Web client and server in 1990 when he was working at CERN in Switzerland. He also developed specifications for URLs, HTTP, and HTML.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 3:49:42 PM
Re: One more thing to fix in an automated world
Spot on - and it was a $0.75 accounting error.  The story of his research and search for the hacker, who turned out in Germany, is a great read but also a security fable of epic size.  
EdwardThirlwall
50%
50%
EdwardThirlwall,
User Rank: Moderator
4/24/2019 | 2:33:00 AM
Spoof to protect
I think it is indeed necessary for spoofing of satellite positioning to be done especially when world leaders are concerned. Anyone could be spying on them to undertake even the most fatal of a mission like an assasination for instance. Thus, a spoof might help protect the leader.
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.