Bogus GPS data leading airliners astray

The spoofing can confuse flight crews and distract them, raising potential safety concerns. Most incidents so far have been in war zones. (c) ConsumerAffairs

Most incidents so far have occurred in Ukraine and the Middle East

You probably shouldn't read this if you're a nervous flyer. Airline pilots report that fake GPS signals are sending them bogus location information, including faulty altitude reports. For now, it appears to be happening mostly to aircraft overflying hot spots in the Middle East, Ukraine and elsewhere. 

Pilots call it "GPS spoofing" and say they encounter it almost everyday in some areas. It's usually generated by warring militaries hoping to ward off attacking drones and enemy aircraft, according to a report in The Wall Street Journal. 

Airline officials say the spoofed data increases crew fatigue and can divert pilots' attention when it's needed most, posing a potential safety risk.

The attacks started about a year ago and grew to 1,100 in August, SkAI Data Services told the Journal.

Attacks cause confusion

Pilots are trained to use non-GPS systems as a backup but the spoofed signals cause confusion not only to airline crews but to air traffic control and other agencies receiving automated signals.

Aviation sources say new systems are being developed that will detect the phony readings but it may be a year or more before they're ready.

Besides giving misleading information about location, spoofed signals can also disrupt timekeeping, sometimes resetting clocks aboard aircraft. That can be a serious problem, a British cybersecurity expert told a recent convention.

“We think too much about GPS being a source of position, but it's actually a source of time,” said Ken Munro, founder of Pen Test Partners, a British cybersecurity firm, a Reuters report said. 
“We're starting to see reports of the clocks on board airplanes during spoofing events start to do weird things."
In one case, Munro said an airliner's time system was reset to a date several years in the future, causing it to lose contact with encrypted communications systems.

What is GPS spoofing?

GPS spoofing is a malicious cyberattack that involves manipulating or tricking a GPS receiver by broadcasting false GPS signals. Essentially, it misleads the receiver into believing it is located somewhere it is not, thereby providing inaccurate location data.  

How it works:

  1. Understanding the Victim's GPS Setup: The attacker gains knowledge about the target's GPS system, including the types of signals used and how they are processed.  

  2. Generating Counterfeit Signals: The attacker uses a device, such as a signal generator, to create fake GPS signals that mimic the real ones. These fake signals are carefully crafted to match the format and structure of genuine GPS signals.  

  3. Overpowering Legitimate Signals: The fake signals are transmitted with a stronger power than the actual GPS signals from satellites. This makes the receiver prioritize the fake signals over the weaker, real ones.  

  4. Misleading the Receiver: The receiver, now tricked into believing the fake signals are real, processes the false data and calculates an incorrect position. This leads to the device displaying inaccurate location information.  

GPS spoofing can have serious implications not only in aviation but also in ground-based systems:

  • Navigation Disruption: It can mislead navigation systems, causing drivers or pilots to take wrong turns or deviate from their intended course.  

  • Misdirected Deliveries: It can misguide delivery vehicles, leading to packages being delivered to the wrong addresses.  

  • Security Risks: It can compromise location-based security systems or create opportunities for physical attacks by manipulating location data.

  • Financial Fraud: It can be used in fraudulent activities like insurance scams or location-based fraud.    

Looking to protect what matters most? Get matched with your best security system.