What’s New: Increasing discussion of GPS/GNSS receivers as computers and vulnerable to software attacks.
Why It’s Important: This is yet another vulnerability for equipment and users that access weak, easily imitated GNSS signals.
What Could, Should Be Done: Recognize PNT security as part of every cyber portfolio, especially within the federal government.
- GPS/GNSS signals are routinely used by federal and other networks for operation (especially timing and synchronization) and as data elements (time stamps and location data).
- Use of signals without authentication introduces vulnerabilities into networks.
- At the moment, PNT is not led and managed as a coherent program or capability within the U.S. federal government.
- Incorporating PNT leadership and coordination into the eGov structure could help address this shortcoming.
- The RNT Foundation and the U.S. President’s National Space-base Positioning, Navigation, and Timing Advisory Board have recommended making PNT a part of federal cyber security.
GhostSec hackers target satellite receivers, as threats toward satellite communication networks gradually rise
CRIL researchers believe that the GNSS receivers that are targeted by GhostSec might be ‘CTI operation and maintenance management system software, a product of Shanghai Huace Navigation Technology,’ which is a high-precision navigation technology that combines multiple satellite constellations including GPS, GLONASS, BeiDou, and Galileo to provide accurate and reliable positioning information for a wide range of applications. As per the news articles published by the vendor, they seem to have a presence in Russia.
The researchers said that if GNSS receivers are corrupted or manipulated by unauthorized personnel, several potential consequences could occur, including loss of Positioning, Navigation, and Timing (PNT) accuracy, disruption of communications, safety risks, financial losses, and cybersecurity risks.
READ MORE [The above discussion begins about halfway through the posted article]