Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Animats 2 hours ago

Ops.group published a report on GPS spoofing back in 2024.[1] It's bad. Ops.group is an organization for dispatchers and pilots, the people who decide the routes aircraft take and fly them. They are really angry about it. Key concerns:

- The greatest safety concern is the degraded functionality of the Ground Proximity Warning System (GPWS). The system does not operate correctly after spoofing, even if GPS coverage is restored. The number of false alerts is astounding. ...

- A similar concern is the significant possibility of the GPS Receiver appearing normal to flight crew after spoofing, but in reality being contaminated with false data. ...

- This year, a 500% increase in spoofing has been observed. On average 1500 flights per day are now spoofed, versus 300 in Q1/Q2 of 2024...

They included maps. Most of the Middle East and parts of Eastern Europe no longer have useful GPS coverage. It's not just jamming. There's active spoofing, which sends out false position info.

And this was before the Iran war.

Before this, everybody in the industry thought GPS solved the aerial navigation problem. In the US, the FAA wanted to shut down many of the old radionavigation aids. Now, there's a lot more interest in improving the other systems. The military wants to go mostly inertial and is working on better inertial systems.

[1] https://ops.group/dashboard/wp-content/uploads/2024/09/GPS-S...

_moof 2 hours ago | parent | next [-]

> Before this, everybody in the industry thought GPS solved the aerial navigation problem.

Many people in industry believed this but no one with a brain ever did. The vulnerability of GPS has been cause for concern for a long time, and the decimation of the VOR network has always had a lot of people up in arms.

bebe83939 an hour ago | parent | prev | next [-]

Bigger WTF is why critical systems still use unencrypted gps signal. It is like using plain SMTP emails for banking transactions, and relying on "sender" for authentification.

themafia 33 minutes ago | parent | next [-]

They're falling back to the C/A (coarse, civilian) signal. Part of the attack is to drown out the frequency where the P (fine, military) signal is so they can more easily attack the civilian signal.

There's another frequency they could be using that is higher power but hasn't been put into production yet.

stavros an hour ago | parent | prev [-]

An even bigger WTF is why GPS data isn't signed with some official key so spoofing is impossible.

tatjam 6 minutes ago | parent | next [-]

Galileo already contains this function for the navigation message via OSNMA, and GPS CHIMERA is soon to be operational, with the latter actually including crytographic "signatures" in the spreading code itself, so if you use these two constellations you become really harder to spoof.

Of course, they dont protect against jamming.

15155 an hour ago | parent | prev | next [-]

Because an attacker can just replay legitimate broadcasts with slightly skewed time and origin and introduce huge errors into the fix.

stavros an hour ago | parent [-]

Just because we can't solve all current problems doesn't mean we shouldn't solve any current problems.

If you want to prevent replaying as well, add a counter.

stinkbeetle 20 minutes ago | parent [-]

> Just because we can't solve all current problems doesn't mean we shouldn't solve any current problems.

Obviously not, but solving problems is always a cost benefit and we went from all spoofing is impossible to some spoofing is possible. What is the benefit of doing this and what is the cost?

> If you want to prevent replaying as well, add a counter.

It's not clear that would be able to prevent spoofing if the attacker could overwhelm and degrade the real signal.

stinkbeetle an hour ago | parent | prev [-]

Why would that make spoofing impossible?

stavros an hour ago | parent [-]

Because attackers wouldn't be able to send legitimate-looking data to GPS receivers any more.

stinkbeetle 34 minutes ago | parent [-]

Yes that's what spoofing is, but why wouldn't they be able to?

(EDIT: I see the other reply thread is already asking the same thing, didn't intend to ask about the same thing)

themafia 35 minutes ago | parent | prev [-]

> spoofing

I don't understand how "spoof-to" works. If you have to mimic a satellite then isn't everyone going to get a different location? Unless you're tracking a specific target how can you intentionally spoof them to a desired location? I'd assume the best you could do is create a fixed offset.

> The military wants to go mostly inertial and is working on better inertial systems.

Given the drift rate this is an idea for munitions but exceptionally difficult to actually operate in a vehicle.