
Texas students fake GPS signals and take control of an $80 million yacht - antitrust
http://blog.chron.com/sciguy/2013/07/texas-students-fake-gps-signals-and-take-control-of-an-80-million-yacht/?cmpid=hpfc
======
patrickas
That's cool! Reminds me of the way the Iranian most likely got control over a
US drone a couple of years back.

They jammed communication signals and faked GPS data when automatic "go back
to home base" landing procedure kicked in.

[http://www.informationweek.com/security/attacks/iran-
hacked-...](http://www.informationweek.com/security/attacks/iran-hacked-gps-
signals-to-capture-us-dr/232300666)

~~~
jug6ernaut
How can they fake the gps signal, the military uses encrypted GPS?

~~~
mapt
The military _possesses control_ over encrypted GPS.

The military doesn't actually use it, though, for the most part - the keys are
sensitive state secrets, and distributing them apparently requires the
proverbial man chained to a suitcase level of paperwork.

The encrypted channels are sufficiently underused that _drones whose very
design is secret that we fly down the Iran-Afghanistan border_ aren't equipped
with them, and so are vulnerable to Iran spoofing a landing-capture course.

~~~
jordanthoms
Is this symmetric or asymmetric? Seems the keys would only be sensitive if
it's the former, given that there (AFAIK) isn't much difference in accuracy
between the encrypted and civilian signals anymore. Although, given the very
old hardware in the GPS sattelites maybe asymmetric would require too much
processing power.

------
yread
Yeah if they just used their paper charts, logged the position and compared
GPS with the dead reckoning (or depth lines, radar shore returns,..) the
attackers would have a much harder time... My sailing instructor always
stressed that GPS is unreliable and especially when close to danger one should
cross check what it says with other methods. Came in handy when my plotter
failed.

~~~
zackbloom
There is more to it than that though. Aircraft often fly instrument approaches
using GPS alone, getting to within 500 feet of the ground while still in
clouds. If someone could make the aircraft think it was just a couple extra
miles in the wrong direction it could be disastrous.

~~~
blhack
No they don't, they land with something called ILS

[https://en.wikipedia.org/wiki/Instrument_landing_system](https://en.wikipedia.org/wiki/Instrument_landing_system)

~~~
hedgie13
There is more airports in US that have GPS only approaches than airports that
have ILS approaches. For example:
[http://155.178.201.160/d-tpp/1308/05879R25.PDF](http://155.178.201.160/d-tpp/1308/05879R25.PDF)

500 ft altitude with GPS only (without vertical guidance). LPV minimum is 300
ft.

Category III ILS minimum is 200 ft, Cat II -- 100 ft. But there are a lot of
airports where ILS is not available.

~~~
mikeash
A lot of small airports with very little traffic.

Counting airports doesn't give you an accurate picture, because just about any
airport can have a GPS approach, since the whole point is that it doesn't
require any ground equipment. That doesn't mean those approaches get much use,
because people don't fly into those airports all that much, especially not on
instrument approaches.

I fly out of an airport with a published GPS approach and no ILS, and people
use the GPS approach on well under 1% of the total landings there. Any
reasonably busy airport will have ILS.

~~~
hedgie13
True, they are less busy, but it does not mean GPS is not used for instrument
approaches (as parent implied).

I fly airplane without IFR GPS (IFR student), but ATC is trying to assign us
GPS approach all the time (when coming into airport with ILS). As far as I
understand, GPS approaches are used, even if they are less critical in busier
airports. Besides, sometimes ILS is not available in bigger airports as well.

~~~
toomuchtodo
ILS was not available on the SFO runway the Asiana aircraft crashed on ~2
weeks back:

[http://en.wikipedia.org/wiki/Asiana_Airlines_Flight_214](http://en.wikipedia.org/wiki/Asiana_Airlines_Flight_214)

~~~
hedgie13
Yes, but the weather was clear. No need for ILS in such weather.

~~~
toomuchtodo
Unless of course you've never landed at SFO before in an aircraft you're
barely type-rated on.

~~~
mikeash
Neither should matter. A visual landing at any airport is pretty much the
same, and the basics don't change for different aircraft. There's nothing at
all tricky about a visual approach into SFO.

------
jug6ernaut
Click bait title(same as the article, for what its worth). $80mil yacht uses
same GPS as a $80 sell phone, the 6 zeros dont change that.

To the actual issue, i wonder how practical this is? In that i mean what level
of power output is required to override the correct signal and at what
distance? Is this something that could be a real issue, impractical? What?

~~~
hawkharris
_" $80mil yacht uses same GPS as a $80 sell phone, the 6 zeros dont change
that."_

When gauging the newsworthy-ness of a problem, the scope of its impact is
always one of the first factors that journalists consider.

~~~
beat
Or the appearance of scope. An $80M yacht sounds impressive, but widespread
hacking of a million $80 phones would be far more potentially awful.

~~~
manarth
An $80M yacht sounds impressive…but if it were a tanker full of crude, the
outcome could be rather more newsworthy.

------
forgottenpaswrd
So a $80 million yatch can't afford an $3000 high quality gyroscope?

Now you could buy amazing laser gyroscopes, for planes the Inertial navigation
system error could be great, but for ships(that move more than 20X slower) is
not.

~~~
trebor
Humans, like water, take the easiest route. Unless someone is particularly
vigilant and routinely checks the gyroscope to verify the course the GPS is
using you wouldn't notice the "hijack" till it was too late. Most people I
know wouldn't be paranoid enough to verify their own course against a
gyroscope, or any other means of determining coordinates.

~~~
mikeash
That "someone" could simply be the computer.

~~~
trebor
True, it could be. If they went to the trouble to integrate the two and
develop the solution. But that begs the question: why use GPS? Use the same
map information with the non-GPS location calculations that could be
automated. GPS is just too convenient...

~~~
mikeash
GPS is convenient, but it has other advantages as well. It's almost always
available, it's highly accurate, has a quick time-to-fix, etc.

Inertial navigation systems require finicky setup and drift over time. (Ask
the passengers of KAL 007 about that one.) However, the setup can easily be
automated using GPS inputs, and the drift can also be corrected that way. This
way, you have two systems which help keep tabs on each other. The INS can't be
spoofed, and so can tell you when your GPS goes out of whack. The GPS won't
drift, and so can keep your INS up to date when it's not being spoofed. Cost
aside, two systems are better than one.

------
jsumrall
Seems like an experiment contrived to take a trip to the Mediterranean. I can
see this being a good bachelors experiment, but if its grad student work, it
seems pretty obvious that if you set up a fake GPS satellite, it will skew the
coordinates on someones GPS device.

------
ksrm
As mentioned in the paper, a simple solution if there is internet connectivity
is to verify that the ephemeris is correct. This is how assisted GPS works in
mobile phones and the like anyway (the ephemeris and almanac data are
downloaded over the network to increase acquisition times).

------
albertsun
Sounds like the plot to this 1997 Bond movie.
[http://en.wikipedia.org/wiki/Tomorrow_never_dies](http://en.wikipedia.org/wiki/Tomorrow_never_dies)

~~~
perlgeek
Except that the "bad guys" had to put serious effort/money into acquiring a
stolen private key to do that.

~~~
TheAnimus
Even with the mil spec transmissions (which by my understanding have un-broken
encryption) you could theoretically somehow block 100% data to a receiver, and
forward data with timings you want. So long as you are controlling all of the
information you don't need to truly understand the cypher text, you are just
interfering with the latency.

However this is based on what I can remember from 12 years ago, before I'd had
any formal electronics/signals education so I might have some massive miss-
conceptions.

------
zbyszek
I wonder how this compares with previous 'pseudolite' ideas? The University of
New South Wales (et al.) were active here but I think the point was more an
augemtation to provide better positioning at GPS-unfriendly latitudes or
topographies.

These ran into all sorts of problems, largely to do with the proximity of the
pseudolites to the receivers such as synchronisation and signal strength
issues. Locatanets ([http://locata.com/](http://locata.com/)) are the in thing
nowadays.

------
doomicon
I own a sailboat, thank goodness my sextant isn't affected by this security
vulnerability :-)

------
pikewood
Do GPS signals not correlate themselves with a compass reading? I would think
that comparing the change in coordinates to the external fact would prevent
spoofing.

------
jevinskie
I discussed this with my friend yesterday and wondered about key management
with the military GPS channels. Is there a single key that, if extracted* from
just one military GPS receiver, could spoof all military signals? Or are there
multiple keys, possibly with a revocation scheme? GPS is getting old, what was
the state of the art key management back then?

* I'm sure the anti-tamper technology is pretty great.

------
douglasfshearer
The economist is today covering GPS outages near the London Stock Exchange.
[https://news.ycombinator.com/item?id=6123535](https://news.ycombinator.com/item?id=6123535)

Perhaps interference happens a lot more often that we think.

------
jevinskie
The lab's website has some interesting information. Looks like they are
researching ways to add integrity to the civilian signals.

[http://radionavlab.ae.utexas.edu/](http://radionavlab.ae.utexas.edu/)

------
mrt0mat0
I am seeing this more and more. I've seen the ability to have a phone take
over an airplane, a laptop control a car, now a laptop taking over a ship...
where are all the security guys at when this stuff is implemented?

~~~
forgottenpass
>where are all the security guys at when this stuff is implemented?

It doesn't matter where they are, because where they're not is in management.
During development, if attacks like this are even considered at all, its a
very low probability incident, isolated to a very small number of targeted
units and requires people doing things that can be dismissed by rhetorically
asking "why would anyone ever do X?"

Computer security in general is abysmal. It's not for a lack of security guys
trying. Good security costs time and money, but the return is practically
invisible. The only reason the little bit we have exists at all is either that
people have lost money, regulation, or an easy to spot practice has become
trendy enough that people will chide others for not following them.

~~~
mrt0mat0
that's sad. I wonder if anyone has done a case study on companies that listen
to their IT and implement as much as possible compared to the "let's just make
it pass inspection" guys. I know in every cartoon I've seen, the first group
wins, but in reality it may truly be worth it to skimp

~~~
rjsw
You would first have to find a company that listened to the IT people.

