'Spoofed' GPS signals can be countered, researchers show

Jul 24, 2012 By Anne Ju

(Phys.org) -- From cars to commercial airplanes to military drones, global positioning system (GPS) technology is everywhere -- and Cornell researchers have known for years that it can be hacked, or as they call it, "spoofed." The best defense, they say, is to create countermeasures that unscrupulous GPS spoofers can't deceive.

Researchers led by Mark Psiaki, professor of mechanical and aerospace engineering, got to test their latest protections against GPS spoofing during a -sponsored demonstration last month in the New Mexico desert at the White Sands Missile Range.

The much-publicized June 19 demo of a mini helicopter's being spoofed was led by Todd Humphreys, Ph.D. '08, now an assistant professor at the University of Texas, Austin. Humphreys, who designed a sophisticated GPS spoofing system as an outgrowth of his Cornell Ph.D. and postdoctoral studies, also testified before Congress July 19 on the threat of GPS spoofing.

GPS is a navigation and timing system of satellites that circle Earth and transmit signals to receivers on land, sea and air to provide precise information on the receivers' locations and clock offsets. Lesser known is its ubiquitous presence in, for example, commercial and military aircraft navigation, control of the power grid, and even automated .

Spoofing is the transmission of false GPS signals that receivers accept as authentic ones, theoretically allowing hackers to gain control over planes, vehicles or other devices that rely on GPS for navigation or timing.

On June 19, Humphreys and colleagues set out to demonstrate how a spoofing attack works, using live "on-air" transmissions, with permission from the Department of Homeland Security, to confuse real GPS signals in a remote area in New Mexico. Using fake GPS transmissions from about half a kilometer (0.3 miles) away, they hijacked a mini drone, causing it to dip violently because it assumed it was inadvertently climbing when, in reality, it had been hovering at its desired altitude.

On the sidelines were Cornell researchers Psiaki, senior engineer Steve Powell and graduate students Brady O'Hanlon and Ryan Mitch. They were testing a receiver modification that can differentiate spoofed GPS signals from real ones.

"The idea is not just for us to make spoofers so we can show bad things can happen, but also to gain insight into countermeasures in typical GPS receivers so they can be less vulnerable to attack," Powell said.

Psiaki said their latest countermeasure allowed the Cornell group to correctly detect spoofing in three cases during the demo. "This is strong confirmation that our system can successfully detect spoofing in an autonomous mode using short segments of GPS receiver data. It is the first known detection of this type of attack from a live, on-air spoofer," Psiaki said.

An earlier, less sophisticated spoofing detector developed at Cornell is patent pending. Data from this latest demonstration will form the basis of a scientific paper, and a decision to apply for patent protection is forthcoming, according to Psiaki.

GPS spoofing isn't exactly on the collective consciousness, but it is a growing threat: Last year, Iran claimed to have spoofed -- and downed -- a GPS-guided American drone. Such an attack, Psiaki said, might have been carried out using techniques similar to those demonstrated at White Sands if the drone had been using civilian GPS signals. It is not unimaginable, he continued, that the Iranians (possibly with outside help) could have conducted a spoofing-like attack that used encrypted military GPS signals.

Psiaki also said that currently available GPS anti-spoofing technology, called Receiver Autonomous Integrity Monitoring, would not work with the smarter spoofers that Humphreys began developing in 2008 in collaboration with the Cornell GPS group.

"[Humphreys] has developed the baddest known spoofer there is," Psiaki said. "It's a great 'war games' tool that provides realistic attack scenarios for testing improved spoofing defenses. We're happy that our ongoing collaboration has produced several strong defenses that, taken together, may lay this national threat to rest."

Explore further: Creating the fastest outdoor wireless Internet connection in the world

Related Stories

Protect privacy from drones at home, lawmakers say

Jul 19, 2012

Before thousands of civilian drones begin flying in U.S. skies, Congress should take steps to protect the public's privacy and prevent terrorists from hacking or jamming signals that control the aircraft, lawmakers said Thursday.

RQ-170 drone's ambush facts spilled by Iranian engineer

Dec 17, 2011

(PhysOrg.com) -- In the aftermath of the Iran capture of a US military drone earlier this month now come arguments over how Iran managed to pull it off. An Iranian engineer’s exclusive interview with The Christian Science Monitor has been published, which details how the Iranians captured the drone through ...

Study confirms that road users are jamming GPS signals

Feb 21, 2012

The first direct evidence of GPS jammers in use on British roads will be presented today alongside predictions of a major incident involving ships in the English Channel over the next decade caused by disruption to navigation ...

GPS Jamming Devices Pose Many Threats (w/ Video)

Feb 25, 2010

(PhysOrg.com) -- The latest GPS jamming devices are now being used by car thieves in the UK to render stolen cars and trucks undetectable by law enforcement. These devices also pose a threat to airlines and ...

Air Force: Tests didn't include troubled GPS unit

May 17, 2010

(AP) -- The Air Force says it performed no advance testing on the specific type of military GPS receiver that had problems picking up locator signals after a change in ground-control software.

Recommended for you

Impoverished North Korea falls back on cyber weapons

8 hours ago

As one of the world's most impoverished powers, North Korea would struggle to match America's military or economic might, but appears to have settled on a relatively cheap method to torment its foe.

Five ways to make your email safer in case of a hack attack

8 hours ago

The Sony hack, the latest in a wave of company security breaches, exposed months of employee emails. Other hacks have given attackers access to sensitive information about a company and its customers, such as credit-card ...

2012 movie massacre hung over 'Interview' decision

9 hours ago

When a group claiming credit for the hacking of Sony Pictures Entertainment threated violence against theaters showing "The Interview" earlier this week, the fate of the movie's big-screen life was all but ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Squirrel
not rated yet Jul 24, 2012
"correctly detect spoofing in three cases during the demo"--three out of three or three out of hundreds?
dewilso4
not rated yet Jul 24, 2012
Seems to me there's already a couple of companies which build such spoofers, or simulators as they might be called. Pretty sure these companies also have "spoofer-resistant" receivers. I'm curious what their "patent-pending" integrity-monitoring methods include.
rwinners
not rated yet Jul 24, 2012
I must be missing something. How does something spoof a satellite the is in geo orbit.
alfie_null
not rated yet Jul 25, 2012
Next step for the bad guys is to get some of these radios and then figure out how to outwit them. Consider the extraordinary amount of resources that can be brought to bear by potential antagonists (e.g. governments of other countries).

I imagine for high reliability, other sorts of backup navigation systems will be employed alongside GPS. Maybe as simple as a camera that can view the terrain and compare it to what it should be.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.