It is worth noting that there are two different ways to attack GPS: jamming and spoofing. Jamming is when you broadcast a noise signal at the GPS frequency, which prevents affected receivers from receiving the GPS signal. The result is that the GPS doesn't know where it is. Spoofing is when you send out a fake GPS signal that appears genuine but has the wrong timing. The result is that the GPS thinks it knows where it is, but it's wrong. Spoofing is more difficult -- and far more serious -- than jamming. What is reported here appears to be (an attempt at) jamming, but spoofing attacks have also been reported in the past.
This is what keeps my awake at night sometimes... that one of US drones flying over Afghanistan will be eventually fooled into thinking the target it has to drop a bomb on is actually somewhere else over the Europe.
They aren't. A spoofer doesn't need to know what the signal means/be able to decrypt it. Just retransmit signal received from a different place at higher power. Only way to distinguish it from a real one is timing, but that requires an atomic clock, which is $15,000 and too expensive for most applications.
But, military grade GPS receivers use virtual beam forming to achieve a very high attenuation of spoofing signal so they are extremely hard to spoof, they always get the real signal as stronger.
They arn't very easy to avoid, say you capture the signal from a satellite that is not visible to the receiver, or being jammed out, unless you have an extremely high precision clock, you can just delay the signal rebroadcast and spoof away.
Everything involved in GPS requires all the nodes (both the senders and the receivers) to have "extremely high precision clocks."
That's the whole idea, really: you, the receiver, have a clock, and a map of where the various GPS satellites will be around the earth at given times. You "hear" the current time announced from three satellites (along with their station IDs), and compare those times to your clock to figure out the flight time of the data, and thus the distance to the satellites. Then you take the satellites' known positions on the map at the current time, plus the flight times, and triangulate your own position.
If one of the three times you've received is a "lie", then its relative time will correspond to an impossible distance for that GPS satellite to be relative to where the map says it should be (e.g. over the horizon relative to you), and relative to where the other two satellites that you heard from are. (Theoretically you could receive such signals—using reflectors, like HAMs do—but GPS discounts this possibility and just considers it invalid data.)
The vast majority of consumer GPS receivers take their clock from a quartz crystal. The accuracy will be somewhere between 10 parts per million (ppm) and 30 ppm. 5-15 minutes per year of drift - sounds pretty precise, right?
Except when you're measuring the time of flight of signals going close to the speed of light, 10ppm of clock slew gives you 3,000 m/s of clock slew.
That's why GPS receivers actually need to see 4 satellites to get an accurate fix; receivers actually calculate position in four dimensions - x, y, z and time.
Anyway, consequences:
1. The GPS receiver in your phone doesn't have an 'extremely high precision clock' by the standards of high precision clocks.
2. You could mount a replay attack against a receiver introducing error at up to 3km per second in such a way that it won't be readily detectable over other errors in the system.
3. Due to practical issues involved with such a replay attack, it'd probably be possible to crash a drone or misdirect it by a few hundred meters; but incredibly difficult to misdirect it to a distant country or anything like that.
GPS receivers do not have clocks. Atomic clocks are expensive and large; there is no way you get one every device.
Only the satellites have atomic clocks. The receiver get the time from the satellites. It basically compares the time delay between the satellites to determine position and time.
I didn't say they have atomic clocks. They do have clocks, though. Like most computers do. And they are high-precision, and are low-drift enough to predict the locations of satellites as long as they have been re-synchronized within the last few days or so.
Which, as you say, also happens by just observing the time signatures from the satellites. You need four visible satellites to determine your own time, though, whereas you only need three for position, so time isn't re-synched as often as position is calculated. The internal clock in the receiver allows the receiver to carry on tracking with only three time sources for a while.
But, to be clear on the topic of the parent discussion: I believe JDAM missiles (the ones that actually do use GPS) do have either an atomic clock source [more recently], or [formerly] have at least a high-precision monotonic clock source with low drift that is synchronized at point-of-launch by the clock on the bomber, which also has an HPC that was calibrated at its launch by a real atomic clock. They don't need to rely on external time-sync.
And modern ICBMs? Well, unless your jammer/spoofer can keep up with them, or is itself a satellite, you're only going to be able to affect them when they're on their descent course and making final adjustments. And, like this article says (https://www.technologyreview.com/s/423363/how-cruise-missile...), ICBMs have redundant aiming systems based on computer vision applied to either visual-spectrum or radar-based sensors.
Yeah, I'm not terribly worried about military drones. But as a civilian pilot I worry a lot about whether the non-military-grade GPS in my airplane is telling me the truth.
Hopefully GPS isn't your sole source of information.
When I'm out scrambling I make sure that I carry multiple navigational aids so that I can cross-check. I also pay attention to terrain features before trips as well as during so that I can locate myself, or in the worst case make my way to the handrails that I've identified on my map.
> Hopefully GPS isn't your sole source of information.
Nowadays, in modern airplanes, it often is your only source of positional information when you're in instrument conditions (which is, of course, when it matters most).
Compass, Altimeter, topographic maps, notes about the route that I've made. Even a watch can aid navigation if you can calculate your speed and see any terrain features.
If anything doesn't jive with what I expect or what I'm seeing I try to understand why.
Would commodity six axis sensors have enough precision to do a reasonable job at INS?. Buy a pack of iPhones and use some kind of quorum protocol to reduce the risks associated with one going bad?
Great! That is a big difference. Cheap enough for every jet aircraft, most turboprops, and some of the most expensive guided munitions (cruise missiles, or nukes like B.61 Mod 12 for sure).
So, what your saying is that you're okay with it dropping bombs at all, as long as it's over there, but not on Europe, because Europe is special. (if not for this imagined hazard, would everything suddenly be okay?)
Meanwhile, political undertones aside, I think your idea is a little contrived, considering the realities of fuel capacity and range, nevermind time to travel, lack of stealth capabilities, and the fact that drones are piloted and engage weaponry mostly by a video feed (and using visual flight rules [0]) which would provide major clues that the GPS information has become unreliable.
I experienced a very odd GPS failures about a week later (September 24) in south-eastern Sweden. At one point I was driving for about an hour (in quite isolated areas - around https://www.google.com/maps/@58.0381615,16.2094966,13.37z) without my iphone being able to get a gps fix. It's never happened before, or since.
The phone was fixed to the car's front window with plenty of sight towards the sky. I rebooted the device twice but it didn't help.
Our natural instinct here is to blame the russians for these kinds of things. At this time our biggest military exercise since the 90s was taking place in this region, with a lot of US involvement: https://en.wikipedia.org/wiki/Aurora_17
(One random theory: the russians were trying out some kind of remote, localized target GPS jamming tech. The GPS outage stopped once I got closer to the largest city in the region (150k people).
Additional rationale: If they unleashed GPS jamming signals that made hundreds of thousands of people lose GPS it would probably have made news. By localizing it to just affecting a couple of hundred people in isolated areas they would avoid that kind of mess.)
According to Washington Post, NATO officials said that at least one Russian ship with electronic warfare capabilities was in the Baltic sea during Aurora. American troops was stationed on Öland, close to where you were. Apparently it affected Latvian telephone networks as well.
There were plenty of signals intelligence planes in the air during the exercise, so it's a good bet that the jamming signals where both recorded and located, and that the information is secret.
You are quite correct, notification of exercise-related jamming is published in NOTAMs at least here in the UK. For example for Exercise Joint Warrior 171 this year:
Q) EGPX/QWELW/IV/BO/W/000/400/5836N00447W135
B) FROM: 17/04/02 07:00C) TO: 17/04/02 17:00
E) GPS JAMMING WI 135NM RADIUS 583600N 0044630W (FARAID HEAD). USERS MAY EXPERIENCE ERRONEOUS PSN INFO OR DEFAULT DEAD RECKONING MODE. PERIODS OF GPS JAMMING WILL NOT LAST LONGER THAN 40 MINUTES AT ANY ONE TIME.
Yeah, it's also possible that it was the Swedish armed forces/NATO doing the jamming as part of the exercise. In this case they would probably jam both GPS and GLONASS.
Seems politically quite risky though, what if some ambulance didn't reach their target or something like that? (Although I guess an easy workaround for that could have been tight coordination with the local rescue services - stop the jamming the moment there's an ambulance/fire emergency in the local area.)
There are well-known ways to improve GPS accuracy, such as dGPS [1], inertial guidance, and beam-riding [2].
I think it unlikely that the US military has a secret second constellation of GPS-like satellites, operating on an undetectable secret frequency. Firstly, it would be difficult to launch and operate such a constellation in secret, and secondly, because augmenting the GPS data with independent, secondary sources operating with a different approach provides more redundancy and is proven technique for increasing accuracy.
The capability to limit accuracy in the satellite signal already existed – the fact that it was shut off is a strong signal that the perceived benefit is no longer important.
Cell phones don't use only GPS signals, they use "aGPS" which uses signals from cell towers to make the GPS calculations easier / faster. It's so effective in environments that the overwhelming majority of people spend the overwhelming majority of their time in that I think manufacturers don't include the very best GPS antenna, since they don't need to.
You say you were in remote areas, how was your cell signal during the time you couldn't get a GPS fix?
aGPS doesn't provide any useful positioning capability, it just speeds up downloading of the Almanac and Ephemeris which means the receiver doesn't have to listen to the GPS satellites as long before computing a position. You still need a good GPS signal for positioning to work.
The iPhone 4S and newer models also use GLONASS along with GPS for positioning. I suppose they could also encrypt their own system with a different scheme in unique situations.
But after a few tens of meters in the air we see a noise signal. [...] The noise signal is on GPS L1 (1575.42 MHz) with 1 MHz bandwidth, see Figure 3-5.
So the signal is jammed by something sending a noise signal around the L1 frequency, whether intentionally or not.
Look at the screenshot from the spectrum analyzer. That's a very specific signal, uniform in power, centered on the L1 frequency, and contained to a 1MHz bandwidth. That's intentional, not some random event.
It surly looks like intentional jamming but I did not want to draw any conclusions that are not in the source. It certainly does not look like any random event but it could still be unintentional, e.g. someone just forgot to turn of his GPS jammer or accidentally broadcasts on that frequency, but that is admittedly not the most plausible explanation. I am also not sure how big a deal the whole thing is, I would assume that GPS jamming is not too uncommon to protect potential high profile target.
This time it was only blocking GPS signals. Previously this year Russia spoofed GPS signals over the black sea, sending false position data to ships in the area.
They are doing this in bigger Russian cities. GPSes often doesn't work in downtown Moscow or St. Petersburg. There's plenty of information available on the internet about this. Also, they have their own positioning system, that is also available worldwide - Glonass
Could just as well be the US. When selective availability was disabled they said they will come up with something new to deny hostile forces accurate GPS. [0]
> Develop measures to prevent the hostile use of GPS and its augmentations to ensure that the United States retains a military advantage without unduly disrupting or degrading civilian uses.
GPS only being jammed at higher altitudes, but not on the ground fits the above pretty well imo. We don't know how this jamming would affect US military GPS usage, but it's not impossible to think that it doesn't.
All current aviation GNSS systems only use GPS (US system) as far as I'm aware. There are some GLONASS dongles such as Garmin GLO, but they're not IFR approved.
It is the rare natural phenomenon that can make 1 MHz-wide bandstopped white noise, centered exactly on a human-chosen navigational frequency of import.
https://www.schneier.com/blog/archives/2017/09/gps_spoofing_...