GPS Spoofing

[Tom Gorzenski]

Considering recent multiple cases of GPS spoofing affecting civil aviation:
https://ops.group/blog/gps-spoof-attacks-irs/
https://ops.group/blog/faa-warning-navigation-failures/
https://www.ainonline.com/aviation-news/air-transport/2023-09-26/ops-security-experts-alert-gps-spoofing-near-iran
https://nbaa.org/aircraft-operations/international/middle-east-asia/faa-industry-caution-middle-east-operators-after-reports-of-possible-gps-spoofing/
https://gpsjam.org/

"OpsGroup further noted that most reports cited loss of IRS (internal reference system) and VOR/DME capabilities on affected aircraft, as well as failure of onboard UTC clocks. "We're seeing large shifts in aircraft position displayed, with false track positions of around 60nm reported," said founder Mark Zee. "This is the first time that we've seen anything like this.""

I was wondering if it would be possible to add "GPS Spoofing" to the list of possible failures or external hazardous phenomena (like thunderstorms, volcanic ash, solar activity, etc., which, at least in real life, affect NDB nav, HF comm, engines, etc.). And the same about simple GPS loss of signal/interference/jamming, so GNSS is unable to provide nav solution, even though the GNSS receivers remain airworthy all the time.

Both regular (easy-to-detect omnidirectional area spoofing not targeting any specific aircraft, that causes sudden jump of your GPS coordinates to a fake location and this new fake location usually is constant) and severe (difficult-to-detect spoofing targeting a specific aircraft with, for example, a drone flying nearby with directional antennas, where the false location is initially identical to the real location, and slowly moves away from it over time) versions. These are interesting scenarios. Unlike in the case of signal loss, both GNSS receivers will report perfectly normal ANP, and if terrestrial radio navaids are available the matter is rather quite easy to cope with, worse -  if they are not available and in such case as long as all three IRSes and their drifts look normal pilot need to deselect GPS updates as soon as possible and use IRS only (or IRS+terrestrial radio navaids if available). The thing is the longer time the pilot waits, the FMC location will drfit further away the true position and then it would need some time to come back to the true one (as measured by IRS or IRS+terrestrial radio navaids). Also there will be some alerts due to loss of GPS sources, for example associated with TAWS or ADS-B.

I have experienced loss of GPS signal many times in my bizjet pilot career (over Turkey, near St. Petersburg or Moscov) in some non-IRS- and IRS-equipped bizjets, but never experienced a GPS spoofing incident.

[Jeroen Hoppenbrouwers]

Ever cruised 100 miles North of Vegas yet?    :-)

[Jeroen Hoppenbrouwers]

Seriously, in my job I have noticed these things as well, but indirectly. I monitor a hundred of my Iridium SATCOM installations on heavies and there are certain geographic areas where they basically stop working. Iridium uses 66 low Earth orbit satellites so it is not a matter of (spot) beams. It's something external, and Iridium tells me it's not them. My guess still is that "something" in this area wants to jam GPS, and the GPS L1 frequency is close enough to Iridum to also impact Iridium. It's a guess, and it may also be that the L-band in general (Iridium, Inmarsat, many navigation services, ...) is a target there. It also may be something completely different. I don't know.

Here the one-degree raster plot of a month of flying there with many airframes. Draw your own conclusions.

Hoppie



Size of the dot is number of SATCOM ACARS block transfer attempts seen there.
Colour is percentage of failed block relay attempts.

[Tom Gorzenski]

Interesting... However jamming or interference is different from spoofing. This last case cause some serious concerns.
A friend of mine, B787 captain, has recently experienced GPS spoofing case near Iranian border (and spoofing is being reported more and more often in his airline). The thing is that, as opposed to A350 with three standard IRSes (like B744), 787 has only two of them and the third IRS is actually some kind of IRS substitute (AHRS+GPS = synthetic/hybrid IRS... or so). See more:
https://www.linkedin.com/feed/update/activity:7124467278602985472/
Please note that it was issued in January 2020 when GPS spoofing was more of a theoretical than real life issue.

[Jeroen Hoppenbrouwers]

Yes of course that is different.

In general it feels like the industry should be a bit less reliant on magic systems that are considered to be over reliable.

[Tom Gorzenski]

Exactly!

[Hardy Heinlin]

Is "spoofing" an intentional sabotage or a bug?

[Jeroen Hoppenbrouwers]

Spoofing is intentional. Like you getting mail from emusk@x.com

[Tom Gorzenski]

BOEING COMMERCIAL AIRPLANES
FLIGHT OPERATIONS TECHNICAL BULLETIN
NUMBER: 787-21
DATE: January 31, 2020
SUBJECT: Global Positioning System (GPS) Signal Interference

https://www.linkedin.com/feed/update/activity:7124467278602985472/

Please note that it was issued in January 2020 when GPS spoofing was more of a theoretical than real life issue.

"The GPS receivers on Boeing airplanes have receiver autonomous integrity monitoring
(RAIM) algorithms to detect and mitigate erroneous GPS signals. These algorithms offer
some protection against errors from interference. For example, RAIM detects smart
jamming where the receiver tracks both real and fake satellite signals that cause inconsistent measurement data. The RAIM horizontal integrity limit (HIL) must be valid before the GPS output is used for most other functions."

Well, what if the state with its capabilities is behind the spoofing, and the fake GPS signals are much stronger and drown out the real GPS signal? Then not only will no alert appear, the ANP will be perfect, but the GPS location will be false.
Commercial, serious marine GPS receivers on large ships >500t have been fooled by Russian spoofing in the Black Sea, generating no alerts, even though they too have their RAIM equivalent.

[Tom Gorzenski]

https://www.linkedin.com/pulse/gps-receivers-computers-radios-jim-burton/

https://rntfnd.org/2017/07/12/mass-gps-spoofing-attack-in-the-black-sea-maritime-executive/

https://www.cisa.gov/sites/default/files/documents/Improving_the_Operation_and_Development_of_Global_Positioning_System_%28GPS%29_Equipment_Used_by_Critical_Infrastructure_S508C.pdf

[Tom Gorzenski]

This is not going to happen to a manned airliner, but...
https://www.darkreading.com/attacks-breaches/iran-hacked-gps-signals-to-capture-u-s-drone
https://www.wired.com/2011/12/iran-drone-hack-gps/

[Tom Gorzenski]

""This is the most sustained and clear indication of spoofing I've ever seen" and affects potentially hundreds of large commercial airplanes, said Todd Humphreys, a professor at UTexas. His graduate student, Zach Clements, first discovered the spoofing pattern."

https://www.politico.com/news/2023/10/23/israels-gps-tampering-deter-hezbollahs-missiles-00123026

[Tom Gorzenski]

Is "spoofing" an intentional sabotage or a bug?

To answer your question Hardy - yes, yamming and spoofing is an intentional sabotage from the outside, not a bug. Jamming is actually no different from the failure of both GPS sensors, except that it is transient in nature. Spoofing is also of this nature, except that it can be a much more serious problem and, if not identified quickly, can lead to a situation where the FMC's position drifting behind a fake GPS position (presumably having from a GPS sensor with good ANP,  when the strength of the spoofing signals is significant and drowns out the original GPS signal, with worse ANP values for IRS and for DME/DME or VOR/DME if they are available) will move significantly away from the true position. More importantly, from the pilot's point of view, both jamming and spoofing are similar to the effects of external forces of nature such as thunderstorms, lightning, electrified atmosphere affecting navigation using NDBs and ADF (as I found out early in my piloting career flying an old aircraft equipped only with ADF when it comes to navigation), or solar activity negatively affecting HF communications, as well as sometimes GPS. Just as volcanic ash can adversely affect the operation of jet engines.
BTW, we should have upgraded LORAN C to eLORAN, as we were warned. Because with its great transmitting power and completely different operating frequency, it is much more resilient.

[Will]

We can see the GPS position compared to the IRU positions when selecting the POS key on the ND (and we can see raw data from VORs and ADFs).

But is there an alert for a large position disagree? What would happen if the GPS receivers were "spoofed" to locate the aircraft 50nm to the left of where it really is?

[JRBarrett]

Ever cruised 100 miles North of Vegas yet?    :-)

One our company aircraft, a Dassault Falcon 900 EASy, experienced this on a westbound flight to KSFO. It was a military GPS "interference" exercise being conducted at the Dugway army base in Utah. It was announced in a NOTAM, with the caution that GPS might be unreliable within 300 miles of the test site south of Salt Lake City.

It didn't compromise IRS or DME/DME updating. In fact, the aircraft reverted to pure IRS Nav and DME/DME updating when GPS was lost. The flight crew first noticed that they were being affected when the GPS-based synthetic vision terrain display on their PFDs suddenly disappeared.

I don't think this was a "spoofing" exercise as much as an out-and-out GPS "denial of service" exercise through deliberate jamming.

The Iridium sat phone became inop at the same time.

True "spoofing" would be more nefarious I assume, in which the GPS receivers continue working, but are being fed compromised position data.

[Jeroen Hoppenbrouwers]

The Iridium sat phone became inop at the same time.

Ok, this is the first time I get confirmation that Iridium indeed suffers when somebody aims to jam GPS. This I expected already as the frequency bands are so close that no powerful equipment out there would be able to only hit the GPS L1 and nothing else.


Hoppie

[Hardy Heinlin]

Does the Iridium system itself not require GPS to fine-tune the satellite positions? (Do they use electric propulsion?) Is there any automatic deactivation when an Iridium satellite doesn't know its exact position?

[Jeroen Hoppenbrouwers]

I don't think that satellites can rely on GPS. The Doppler shifts are too large. As far as I know there are other technologies in use, such as a handful of star trackers. Their orbits change only tiny bits over time so they don't need the kind of permanent accurate monitoring as aircraft.

The satellites themselves have hydrazine thrusters for corrections. When empty, they need to be deorbited in a controlled way to burn up and dump at Point Nemo (well, before being empty, of course). This is a hard requirement from most western governments.


Hoppie


-- edit ---
There is a limited application for GPS:

Iridium-NEXT will employ a combination of things to provide stability, attitude, and telemetry. First, the satellite will employ three-axis stabilization by using precise pointing technology from data received from Star Trackers, Earth & Sun Sensors along with an inertial measurement unit. Other satellite momentum stabilization will be accomplished using a combination of torque rods and reaction wheels. GPS will be used to determine its orbit position allowing for pass geometry calculations as it passes over ground terminals. The AA-STR Star Tracker System by Selex Galileo will provide the primary means of attitude determination to keep Iridium-Next in the correct orientation. This tracker system can make orientation calculations autonomously using a pre-programed catalog of the known star constellations without having to ground station input to make attitude corrections (Spacecraft & Satellites, 2018).

 The satellite bus will be outfitted with a 141kg propellant load of Hydrazine monopropellant propulsion system. This will provide propulsion to the eight 1-Newton thrusters. These thrusters will provide orbit adjustments for maintenance and attitude control in all modes. The fuel load is designed to provide the required fuel for the expected 12.5 years of service and should have enough reserve fuel that satellite service life can be extended to 15 years (Spacecraft & Satellites, 2018).

[Mawea]

The easa people must be following this conversation at least they published a safety bulletin yesterday. I can confirm these areas from daily ops with GPS unavailable and up to fms postion shifts in these areas, Black Sea, Caspian Sea, Turkey/Iran border, arctic area along the russian border japan-> norway.

Here's the link:
https://ad.easa.europa.eu/blob/EASA_SIB_2022_02R2.pdf/SIB_2022-02R2_1

Take care

[Balt]

GPS, Galileo, and QZSS share the L1/E1 frequency band 1562 - 1587 MHz (bandwidth varies between systems), while GLONASS L1 is at 1598 - 1609 MHz. I doubt the Russians would want to disable their own system, so a broadband jammer is unlikely to be the cause of the Iridium (1618 - 1626.5 MHz) outage. They're more likely to jam the iridium band separately as a bonus.

Spoofing is insiduous though, especially when time is involved. Some opsec reports were talking about aircraft system clocks on the Iranian border being fast or slow by a month. As if the position offset wasn't cause for alarm on its own, time offsets could have all sorts of onflow effects nobody probably ever thought to check.

Presumably the spoofing on the position data happens in such a way that it is a slow drift, and not a sudden offset, so you wouldn't be alerted by an "IRS POSITION DISAGREE" message. The safest ops method in those areas might just be to revert to FMC radio navigation based position updates to the IRSs.

I just learnt in this thread that Boeing did another dirty with the 787 - removing the third IRS. I never liked that airplane for all its manufacturing flaws, insufficient lightning protection, and a heap more issues. But removing redundancy from critical navigation systems, that really sounds like the new Boeing in full swing again, MCAS style. It's what happens when accountants are in charge of engineering decisions.