Vessels from around the world report they are off Pt. Reyes and sailing in circles in newest location spoofing phenomena. Image: Skytruth

Blog Editor’s Note: This is a repost of Guy’s excellent article on Linkedin. We are reposting on all our social media to help distribute this interesting item as broadly as we can.

We found his three predictions for 2021 particularly interesting.

Our thanks to Guy for his on-going insights and excellet observations in this area.

Guy is a member of RNTF’s International Advisory Committee.

Full disclosure – Guy’s employer, Spirent, is a corporate supporter of the foundation.

 

 

Thousands of GNSS jamming and spoofing incidents reported in 2020

Guy Buesnel

PNT Security Technologist – with expertise in testing system robustness against GPS Interference and spoofing threats

Disruptions to GNSS signals have been rife throughout the year, caused by everything from embattled pig farmers to regional conflicts. Here are some of the most notable events of 2020.

2020 has been a remarkable year in many ways. But while the coronavirus pandemic has upended operations worldwide, some global trends have continued uninterrupted.

One of them is our increasing reliance on satellite positioning, navigation and timing (PNT) services, now an integral part of everything from smartphones to driverless vehicles.

Another is the continued rise in instances of GNSS signal interference that put those services – and those who rely on them – at risk.

Thousands of disruption incidents have been reported throughout 2020, from China to California, and from the Arctic Circle to New Zealand. Here’s my roundup of the most significant events of the year, together with a few predictions for 2021:

December 2019: Intermittent GPS signal loss experienced by aircraft landing at Harbin airport in north-eastern China is traced to a jammer installed at a nearby pig farm.

The South China Morning Post reports that the jammer was meant to deter drones operated by criminal gangs, whose aim was to drop packets infected with swine fever on to the herd – forcing the farmers to sell the infected meat to them at lower prices.

An extraordinary story, and one that illustrates once again how the use of illegal jammers can have unintended – and potentially serious – consequences for civil aviation.

January: Mexico passes an anti-jammer law, having discovered that GPS jammers are used in 85% of cargo vehicle thefts in the country.

The use of ‘personal privacy devices’ (small GPS jammers that plug into a vehicle’s cigarette lighter) to aid cargo theft is so widespread that the Mexican government has made it illegal to manufacture, sell, buy, own, install or use PPDs in the country.

In many countries today, only the use of such jammers is illegal – selling, buying and owning is OK. But with criminal use of jammers on the rise, will we see similar laws passed elsewhere?

February: An alarming report made by a light aircraft pilot to NASA’s Aviation Safety Reporting System suggests possible spoofing by a US Department of Defense (DoD) drone.

GPS World reports that the pilot noticed a DoD drone flying above them. At the same time, the aircraft’s Primary Flight Display (PFD) started to show a location in Utah, and then Montana, rather than its actual flight path to San Diego from Los Angeles.

Even more worryingly, the aircraft’s primary navigation system did not recover after the drone encounter, eventually forcing the pilot to make a visual landing in San Diego. If there had been poor visibility that day, this could have been a dangerous incident for the pilot.

While it’s unclear whether this incident was due to incidental jamming or deliberate spoofing, the wake-up call here is the lack of resilience on the part of the navigation system. As radio frequency (RF) interference becomes increasingly common, systems need to be able to recognise when they are being disrupted, and to recover after the disruption has occurred.

February: In France, a manufacturer of high-precision GNSS equipment complains of regular disruptions to GPS and Galileo signals at their factory.

The French Radio Frequency Agency (ANFR) investigates, and eventually tracks down the source of the interference… to a broadband router installed in the nearby apartment of an elderly lady. The defective router turns out to be emitting harmful interference centred on the 1581.15 MHz frequency, very close to GPS L1 and Galileo E1 signals centred on 1575.42 MHz.

It’s a clear illustration of the threat of in-band and adjacent-band interference to GNSS-dependent systems, though I do wonder what the lady in question must have thought when a team of ANFR investigators with a directional antenna turned up at her door!

March‘Circle-style’ GPS spoofing is reported in Iran’s capital, Tehran. A GPS user informs the US government that their (unspecified) device seems to be moving in a circle around the Iranian Army training college, when the device is in fact stationary.

GPS World follows up, finding that heatmaps from the Strava fitness app show the same circle pattern around the same building. It’s not the first time circle-style spoofing has been seen, but it’s the first outside of China, where similar patterns were observed in Shanghai in 2019.

A Strava heatmap from Tehran suggests a circle spoofing incident (Screenshot: Dana Goward)

The jury is still out as to what kind of spoofing equipment produces these circle effects (not to mention who’s doing it and why), but Spirent has had some limited success in attempting to replicate the effect in the lab, as this blog explains.

June: GPS jamming once again causes problems in the far north of Norway, close to the Russian border.

Local police have been reporting jamming incidents since 2017, affecting everything from ambulances to personal safety alarms. Norwegian authorities have identified Russia as the source of the jamming, but the attacks seem to be both unpredictable and unpreventable.

As Finnmark police chief Ellen Katrine Hætta told the High North News: “There is not much they can do about it. We as a society need to improve our systems.” It’s a reminder that as civil reliance on GNSS grows, receivers must be protected against the effects of RF interference.

August: A drone crash in the UK highlights the safety risks posed by jamming and spoofing interference to uncrewed aerial vehicles (UAVs).

The 25lb survey drone lost GPS reception due to RF interference at the survey site. Although programmed to hover in place, it drifted with the wind, eventually crashing into a house and falling to the ground. Fortunately nobody was hurt, but serious injury could have resulted.

As drones are used for more tasks, manufacturers will need to ensure their receivers are robust and resilient, and that action taken by the drone on encountering RF interference doesn’t have unintended consequences.

August: A fleet of Chinese fishing vessels are accused of misreporting their location to mask illegal fishing activity.

The ships were reporting a location off New Zealand via the Automatic Identification System (AIS), an onboard system that reports a ship’s GPS co-ordinates. However, the Ecuador government said the ships were actually near the Galápagos Islands, where illegal fishing has occurred before.

This type of AIS ‘cloaking’ is just one of many ways that criminals use location spoofing of a GPS-dependent system to aid their nefarious activities.

September: The US Maritime Administration (MARAD) renews its advice to the maritime industry to be vigilant for GNSS disruptions worldwide.

It notes there have been multiple instances of interference in the Central and Eastern Mediterranean region, as well as the Persian Gulf and some Chinese ports, and encourages crews to report new instances to the US Coast Guard.

November: Echoing September’s MARAD warning, Fortune reports that GPS outages are now standard occurrences on commercial flight routes between the US, Europe and the Middle East.

Aviation association Eurocontrol says it received 3,500 reports of GPS disruption in 2019, an all-time high. Jamming is widespread across the central and Eastern Mediterranean, likely due to electronic warfare between conflicting factions in Syria, Libya and elsewhere in the region.

These reports are another reminder that RF interference is now commonly encountered in geopolitically sensitive hotspots, creating major disruption for commercial shipping and aviation.

Three predictions for 2021

The events of 2020 show that satellite-based PNT is becoming ever more central to our lives – and consequently, that countering the many threats to GNSS has never been more critical.

Having closely observed the evolution of GNSS threats over many years, I’d like to make three predictions for the year ahead:

#1 Spoofing will become a greater threat to commercial users

GNSS Spoofing (broadcasting of a fake or delayed GNSS signal) has been a concern in the defence domain for many years, but it’s now starting to impact commercial and civilian users too. As more devices and autonomous systems rely on GNSS, and as spoofing know-how and equipment are now relatively easy to acquire, we’ll see more unprotected systems fall victim to spoofing attacks.

#2 Assured PNT testing will move off the laboratory bench and into the field

From drones to driverless cars, autonomous systems need assured PNT services to operate reliably. Manufacturers will need to assess the real-world performance, reliability and resilience of multi-sensor systems to check they’re functioning adequately for both safety- and liability-critical operations. For that reason, we’ll see performance and integrity testing of platforms expand from the laboratory and into the field.

#3 PNT vulnerabilities will be integrated into cybersecurity frameworks

Historically, GNSS receivers have been developed and tested as standalone systems. But today they’re increasingly one subsystem in a complex device with multiple ports, sensors and connections. To a hacker, the RF interface is just another attack vector, which means that increasingly, we are likely to see that the specific GNSS vulnerabilities in the RF domain are dealt with as part of an integrated cybersecurity framework, rather than treated in isolation.

Stay up to date with GNSS vulnerabilities

Threats to GPS/GNSS are evolving all the time. To stay up to date with the latest news, events and incidents, join over 1,300 industry professionals in the GNSS Vulnerabilities LinkedIn group.