'Spoofed' GPS signals can be countered, researchers show

Jul 24, 2012 By Anne Ju

(Phys.org) -- From cars to commercial airplanes to military drones, global positioning system (GPS) technology is everywhere -- and Cornell researchers have known for years that it can be hacked, or as they call it, "spoofed." The best defense, they say, is to create countermeasures that unscrupulous GPS spoofers can't deceive.

Researchers led by Mark Psiaki, professor of mechanical and aerospace engineering, got to test their latest protections against GPS spoofing during a -sponsored demonstration last month in the New Mexico desert at the White Sands Missile Range.

The much-publicized June 19 demo of a mini helicopter's being spoofed was led by Todd Humphreys, Ph.D. '08, now an assistant professor at the University of Texas, Austin. Humphreys, who designed a sophisticated GPS spoofing system as an outgrowth of his Cornell Ph.D. and postdoctoral studies, also testified before Congress July 19 on the threat of GPS spoofing.

GPS is a navigation and timing system of satellites that circle Earth and transmit signals to receivers on land, sea and air to provide precise information on the receivers' locations and clock offsets. Lesser known is its ubiquitous presence in, for example, commercial and military aircraft navigation, control of the power grid, and even automated .

Spoofing is the transmission of false GPS signals that receivers accept as authentic ones, theoretically allowing hackers to gain control over planes, vehicles or other devices that rely on GPS for navigation or timing.

On June 19, Humphreys and colleagues set out to demonstrate how a spoofing attack works, using live "on-air" transmissions, with permission from the Department of Homeland Security, to confuse real GPS signals in a remote area in New Mexico. Using fake GPS transmissions from about half a kilometer (0.3 miles) away, they hijacked a mini drone, causing it to dip violently because it assumed it was inadvertently climbing when, in reality, it had been hovering at its desired altitude.

On the sidelines were Cornell researchers Psiaki, senior engineer Steve Powell and graduate students Brady O'Hanlon and Ryan Mitch. They were testing a receiver modification that can differentiate spoofed GPS signals from real ones.

"The idea is not just for us to make spoofers so we can show bad things can happen, but also to gain insight into countermeasures in typical GPS receivers so they can be less vulnerable to attack," Powell said.

Psiaki said their latest countermeasure allowed the Cornell group to correctly detect spoofing in three cases during the demo. "This is strong confirmation that our system can successfully detect spoofing in an autonomous mode using short segments of GPS receiver data. It is the first known detection of this type of attack from a live, on-air spoofer," Psiaki said.

An earlier, less sophisticated spoofing detector developed at Cornell is patent pending. Data from this latest demonstration will form the basis of a scientific paper, and a decision to apply for patent protection is forthcoming, according to Psiaki.

GPS spoofing isn't exactly on the collective consciousness, but it is a growing threat: Last year, Iran claimed to have spoofed -- and downed -- a GPS-guided American drone. Such an attack, Psiaki said, might have been carried out using techniques similar to those demonstrated at White Sands if the drone had been using civilian GPS signals. It is not unimaginable, he continued, that the Iranians (possibly with outside help) could have conducted a spoofing-like attack that used encrypted military GPS signals.

Psiaki also said that currently available GPS anti-spoofing technology, called Receiver Autonomous Integrity Monitoring, would not work with the smarter spoofers that Humphreys began developing in 2008 in collaboration with the Cornell GPS group.

"[Humphreys] has developed the baddest known spoofer there is," Psiaki said. "It's a great 'war games' tool that provides realistic attack scenarios for testing improved spoofing defenses. We're happy that our ongoing collaboration has produced several strong defenses that, taken together, may lay this national threat to rest."

Explore further: For top broadband policy, look no further than Canada

Related Stories

Protect privacy from drones at home, lawmakers say

Jul 19, 2012

Before thousands of civilian drones begin flying in U.S. skies, Congress should take steps to protect the public's privacy and prevent terrorists from hacking or jamming signals that control the aircraft, lawmakers said Thursday.

RQ-170 drone's ambush facts spilled by Iranian engineer

Dec 17, 2011

(PhysOrg.com) -- In the aftermath of the Iran capture of a US military drone earlier this month now come arguments over how Iran managed to pull it off. An Iranian engineer’s exclusive interview with The Christian Science Monitor has been published, which details how the Iranians captured the drone through ...

Study confirms that road users are jamming GPS signals

Feb 21, 2012

The first direct evidence of GPS jammers in use on British roads will be presented today alongside predictions of a major incident involving ships in the English Channel over the next decade caused by disruption to navigation ...

GPS Jamming Devices Pose Many Threats (w/ Video)

Feb 25, 2010

(PhysOrg.com) -- The latest GPS jamming devices are now being used by car thieves in the UK to render stolen cars and trucks undetectable by law enforcement. These devices also pose a threat to airlines and ...

Air Force: Tests didn't include troubled GPS unit

May 17, 2010

(AP) -- The Air Force says it performed no advance testing on the specific type of military GPS receiver that had problems picking up locator signals after a change in ground-control software.

Recommended for you

Facebook awards 'Internet Defense Prize'

52 minutes ago

Facebook awarded a $50,000 Internet Defense Prize to a pair of German researchers with a seemingly viable approach to detecting vulnerabilities in Web applications.

HP revenue inches up after years of decline

10 hours ago

Hewlett-Packard on Wednesday reported that its quarterly revenue rose for the first time in three years, nudged by improved computer sales everywhere except Russia and China.

Giant tablets aimed at families

11 hours ago

Costing a little more than an iPad but standing more than twice as tall, a new pair of giant tablets wants families to share cozier group experiences with technology.

Restaurants experimenting with pay-in-advance tickets

13 hours ago

With restaurant patrons increasingly jumping on the Internet to make reservations, some high-end eateries here and across the country are adding a new tech wrinkle: having their clientele pay for their meal in advance using ...

User comments : 4

Adjust slider to filter visible comments by rank

Display comments: newest first

Squirrel
not rated yet Jul 24, 2012
"correctly detect spoofing in three cases during the demo"--three out of three or three out of hundreds?
dewilso4
not rated yet Jul 24, 2012
Seems to me there's already a couple of companies which build such spoofers, or simulators as they might be called. Pretty sure these companies also have "spoofer-resistant" receivers. I'm curious what their "patent-pending" integrity-monitoring methods include.
rwinners
not rated yet Jul 24, 2012
I must be missing something. How does something spoof a satellite the is in geo orbit.
alfie_null
not rated yet Jul 25, 2012
Next step for the bad guys is to get some of these radios and then figure out how to outwit them. Consider the extraordinary amount of resources that can be brought to bear by potential antagonists (e.g. governments of other countries).

I imagine for high reliability, other sorts of backup navigation systems will be employed alongside GPS. Maybe as simple as a camera that can view the terrain and compare it to what it should be.