A large-scale analysis of global positioning data has discovered widespread Russian spoofing over the past three years of the global navigation satellite system (GNSS) used by ships and autonomous vehicle systems to find their positions and safely chart courses, according to a new report.
The report — published by the Center for Advanced Defense (C4ADS), a nonprofit intelligence firm focused on worldwide security issues — found that at least 9,883 instances of spoofing occurred near sensitive areas in Russia and Crimea and during times when high-ranking officials, such as President Vladamir Putin, were present. In addition, the data showed that spoofing regularly occurred near Khmeimim Airbase in Syria during Russian operations there.
The findings underscore the dangers of relying on global positioning data, such as that provided by the global positioning system and similar technology across the globe, because the service can be disrupted or co-opted to deliver false data, says one author of the C4ADS report, who asked not to be named because of the sensitivity of the topic.
"Having Russia exemplify the operational use of these technologies in a defensive and power-projecting capacity could serve as a guideline for illicit nonstate actors who are looking to profit off these vulnerabilities in GNSS systems," the author says. "Or it could also be used as a guideline for other nation-states to conduct these operations."
The attacks highlight the vulnerability of satellite navigation systems and the fact that their disruption is far more widespread than originally thought. For at least a decade, a smattering of media reports covered the problems of ships near Russia having navigational difficulties. Ship crews have found that their navigational systems placed, for example, their position parked at an airport. In reality, such measures were designed to foil the GPS on autonomous drones, which typically are not allowed to fly near airports.
In 2011, Iran reportedly used GPS spoofing to capture a US drone. And in 2013, researchers at the University of Texas at Austin were able to build a device for less than $1,000 to spoof the position of a ship and cause it to change course.
"The ship actually turned, and we could all feel it, but the chart display and the crew saw only a straight line," said Todd Humphreys, assistant professor of the department of aerospace engineering and engineering mechanics, at the time.
The C4ADS report is based on a year-long analysis of marine-vessel location data provided through the Automatic Identification System (AIS). The analysts found 9,883 instances of GNSS spoofing affecting more than 1,300 vessels since February 2016. While the analysis did not explicit focus on the activities of the Russian Federation, the trend quickly became clear once the C4ADS analysts started their analysis.
"As we went along with the research project and found these large case of GNSS spoofing and disruption in Russia, Crimea, and Syria, it was hard to ignore what the common thread there was," the author says.
The analysts identified several trends in the ways that the GNSS, which encompasses all satellite-based positioning systems, was being attacked. Many of the victims of spoofing near Russia found their locations reported to be a single Russian airport; in other cases, especially near Crimea, two or more other airports were used as destinations.
In addition, the researchers also found significant activity around military and security areas. Overall, the spoofing activity appears indiscriminate — it did not target specific ships, drones, or receivers, but every device in a specific area.
C4ADS hopes that the research will cause private technology firms and navigation-system manufacturers to prepare for such attacks in the future and develop countermeasures. The low cost of GPS spoofing equipment — less than $350, according to C4ADS — could lead to regular denial-of-service and spoofing attacks against civilian targets, the firm said.
"The Russian Federation has a comparative advantage in the targeted use and development of GNSS spoofing capabilities," C4ADS states. "However, the low cost, commercial availability, and ease of deployment of these technologies will empower not only states, but also insurgents, terrorists and criminals in a wide range of destabilizing state-sponsored and non-state illicit networks."
Moreover, the analyst firm likely only detected a fraction of the activity and impact of GNSS spoofing, the report states. Recent news reports suggests that independent groups already are developing their own capabilities. Just this month, at least seven car manufacturers at the Geneva Motor Show found their navigation systems showing the wrong position and time.
"These technologies could be a blueprint for other actors or nation-states to conduct these activities," C4ADS's author says.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.