Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/26/2019
06:30 PM
100%
0%

Russia Regularly Spoofs Regional GPS

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

A large-scale analysis of global positioning data has discovered widespread Russian spoofing over the past three years of the global navigation satellite system (GNSS) used by ships and autonomous vehicle systems to find their positions and safely chart courses, according to a new report.

The report — published by the Center for Advanced Defense (C4ADS), a nonprofit intelligence firm focused on worldwide security issues — found that at least 9,883 instances of spoofing occurred near sensitive areas in Russia and Crimea and during times when high-ranking officials, such as President Vladamir Putin, were present. In addition, the data showed that spoofing regularly occurred near Khmeimim Airbase in Syria during Russian operations there. 

The findings underscore the dangers of relying on global positioning data, such as that provided by the global positioning system and similar technology across the globe, because the service can be disrupted or co-opted to deliver false data, says one author of the C4ADS report, who asked not to be named because of the sensitivity of the topic.

"Having Russia exemplify the operational use of these technologies in a defensive and power-projecting capacity could serve as a guideline for illicit nonstate actors who are looking to profit off these vulnerabilities in GNSS systems," the author says. "Or it could also be used as a guideline for other nation-states to conduct these operations." 

The attacks highlight the vulnerability of satellite navigation systems and the fact that their disruption is far more widespread than originally thought. For at least a decade, a smattering of media reports covered the problems of ships near Russia having navigational difficulties. Ship crews have found that their navigational systems placed, for example, their position parked at an airport. In reality, such measures were designed to foil the GPS on autonomous drones, which typically are not allowed to fly near airports.

In 2011, Iran reportedly used GPS spoofing to capture a US drone. And in 2013, researchers at the University of Texas at Austin were able to build a device for less than $1,000 to spoof the position of a ship and cause it to change course

"The ship actually turned, and we could all feel it, but the chart display and the crew saw only a straight line," said Todd Humphreys, assistant professor of the department of aerospace engineering and engineering mechanics, at the time.

The C4ADS report is based on a year-long analysis of marine-vessel location data provided through the Automatic Identification System (AIS). The analysts found 9,883 instances of GNSS spoofing affecting more than 1,300 vessels since February 2016. While the analysis did not explicit focus on the activities of the Russian Federation, the trend quickly became clear once the C4ADS analysts started their analysis. 

"As we went along with the research project and found these large case of GNSS spoofing and disruption in Russia, Crimea, and Syria, it was hard to ignore what the common thread there was," the author says.

The analysts identified several trends in the ways that the GNSS, which encompasses all satellite-based positioning systems, was being attacked. Many of the victims of spoofing near Russia found their locations reported to be a single Russian airport; in other cases, especially near Crimea, two or more other airports were used as destinations.

In addition, the researchers also found significant activity around military and security areas. Overall, the spoofing activity appears indiscriminate — it did not target specific ships, drones, or receivers, but every device in a specific area.

C4ADS hopes that the research will cause private technology firms and navigation-system manufacturers to prepare for such attacks in the future and develop countermeasures. The low cost of GPS spoofing equipment — less than $350, according to C4ADS — could lead to regular denial-of-service and spoofing attacks against civilian targets, the firm said. 

"The Russian Federation has a comparative advantage in the targeted use and development of GNSS spoofing capabilities," C4ADS states. "However, the low cost, commercial availability, and ease of deployment of these technologies will empower not only states, but also insurgents, terrorists and criminals in a wide range of destabilizing state-sponsored and non-state illicit networks." 

Moreover, the analyst firm likely only detected a fraction of the activity and impact of GNSS spoofing, the report states. Recent news reports suggests that independent groups already are developing their own capabilities. Just this month, at least seven car manufacturers at the Geneva Motor Show found their navigation systems showing the wrong position and time.

"These technologies could be a blueprint for other actors or nation-states to conduct these activities," C4ADS's author says.

Related Content

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
EdwardThirlwall
50%
50%
EdwardThirlwall,
User Rank: Moderator
4/24/2019 | 2:33:00 AM
Spoof to protect
I think it is indeed necessary for spoofing of satellite positioning to be done especially when world leaders are concerned. Anyone could be spying on them to undertake even the most fatal of a mission like an assasination for instance. Thus, a spoof might help protect the leader.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 3:49:42 PM
Re: One more thing to fix in an automated world
Spot on - and it was a $0.75 accounting error.  The story of his research and search for the hacker, who turned out in Germany, is a great read but also a security fable of epic size.  
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 2:05:28 PM
Re: One more thing to fix in an automated world
Yes, Clifford Stoll is an astronomer who was working as a systems administrator at Lawrence Berkeley National Laboratory (LBNL) when he noticed a small accounting error on someone's computer account. This intrusion into LBNL's systems led to a lengthy investigation of how it happened, which eventually resulted in the arrest of a German national who was a KGB agent. They were using modems back then, and the LBNL systems were likely running BSD Unix. Clifford Stoll wrote the book "The Cuckoo's Egg" in 1986 which I read many years ago. The book is the story of his investigation of the intrusion and how the intruder was tracked down. Tim Berners-Lee is credited with the "invention" of the World Wide Web. He wrote a Web client and server in 1990 when he was working at CERN in Switzerland. He also developed specifications for URLs, HTTP, and HTML.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/27/2019 | 12:29:45 PM
Re: One more thing to fix in an automated world
If I remember correctly, the Internet grew out of HTML coding applied to the Darpanet - a connection service between military systems (mainframes) in bases to guard against nuclear attack.  Now in the book THE CUCKOOs EGG, it was documented that hackers, even then, were breaking into the mainframe systems through, of all things, MITRE in Virginia.  Talk about history turning on it's head!!!!!
timwessels
100%
0%
timwessels,
User Rank: Strategist
3/27/2019 | 10:39:30 AM
One more thing to fix in an automated world
Well, GPS is now a potential target for shipping, airplanes, and probably driverless cars. The Russians appear to be using it to defend military installations from attack or field testing it for an attack against the west. The equipment and presumably the knowledge of how to do it will become easily acquired by anyone interested in using it. GPS systems will likely be hardened against this kind of spoofing, but until then add GPS spoofing to the list of threats to living in the 21st century where the "blessings" of technology are widely deployed with insufficient security by the people who make them. When the "Internet" was being invented back in the 1970s, no one thought about security because they were trying to make it work among a small network of nodes. We can see how the lack of an Internet with "baked in" security now requires people to spend billions of dollars annually to keep bad things from happening because they are connected to the Internet.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
3/27/2019 | 10:12:49 AM
Re: Lead us not into temptation
Reached popular thought some years ago when used as plot device for two Bond films - FOR YOUR EYES ONLY and more significantly in TOMORROW NEVER DIES which centered on a GPS - alteration device used by the villain and initiate a war.  
BrianN060
100%
0%
BrianN060,
User Rank: Ninja
3/27/2019 | 1:56:27 AM
Lead us not into temptation
Thank you Robert, for the fine article.  Had not heard several of the GPS spoofing examples you site.  As with so many things, we have been persuaded to trust automated systems to our peril.  Part of the danger is that the skill sets which could be used to verify or override suspect automated system indications or actions are no longer considered worthwhile; so are no longer taught or sought, or thought necessary.  

What really scares me is the idea that many of the examples of GPS spoofing, and other attempts to compromise automated systems, are just proof of concept experimentation - so that they can extrapolate to the effectiveness of a full scale assault.  
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...