A team of researchers used a custom-built GPS device to send counterfeit signals to a 213-foot yacht, forcing the US$80 million vessel off its course without triggering any alarms.
The spoofed yacht was part of the experiment, so no harm was inflicted on the vehicle or its passengers. However, the test highlights the need for a broader understanding of navigational attacks, said University of Texas at Austin researchers.
The team conducted its experiment about 30 miles off the coast of Italy in June. Researchers boarded the yacht, and two students sat atop the upper deck posing as the attackers. Armed with a briefcase-sized GPS spoofing device, the students began to send faint civil GPS signals toward the ship’s two GPS antennas. They slowly increased the signals until their counterfeit waves overtook the authentic GPS signals, gaining control of the yacht’s navigational system.
Once they took over, the students coerced the vessel into a new course that ultimately veered three degrees off its intended path. The passengers could feel the yacht turn and saw a curve in its wake, but the yacht’s electronic charts showed that it was proceeding along a fixed line.
Unlike some of the more high-profile cases involving jammed or blocked GPS signals, this attack did not trigger any alarms on the yacht’s navigational equipment.
That vulnerability might not be limited to yachts, said team leader Todd Humphreys, an assistant professor at UT.
Navigators of other semi-autonomous vehicles — like airplanes — have come to place full trust in autopilot systems or, in the case of the yacht experiment, electronic charts, he noted.
That advanced technology has made life easier for pilots and helped improve navigational accuracy, but it could also make it easier for hackers to conduct stealth attacks, suggested Humphreys.
The researchers’ ease of entry to the ship is cause for concern, said Lea Shanley, director of the Commons Lab of the Science and Technology Innovation Program at the Woodrow Wilson International Center for Scholars.
“These results are significant,” she told TechNewsWorld. “Consumers and vehicle manufacturers need to be aware of the cybersecurity risks. Navigation technologies should be developed and used in a way that maximizes benefits while reducing risks and unintended consequences.”
Preventing Future GPS Spoofs
There are already some ways to prevent those unintended consequences, said Vince DiNoto, director and principal investigator at the National GeoTech Center.
The U.S. military has encrypted GPS codes differently from the way civilian GPS signals are encrypted, which makes its equipment much less vulnerable to attack. Other researchers are also working on ways to strengthen GPS signals to the point that other signals wouldn’t be able to overpower them, and to improve the algorithms that identify spoofing attempts. That way, even if an attack weren’t prevented, navigational systems might at least be notified when they became the target of an attack, DiNoto noted.
On a smaller scale, mainstream consumers who use GPS signals in their everyday lives could do a lot to prevent hacks simply by gaining a better understanding of the way the technology works, he added.
“There are so many users of this technology that it’s very critical that we are giving people sound information,” DiNoto told TechNewsWorld. “A greater understanding among the average person of how GPS works can go a long way in figuring out the levels of information that are being received and sent through these signals.”