Hackers are taking over planes’ GPS — experts are lost on how to fix it

Oxman

Oxman

Well-Known Member
nypost.com

Hackers are taking over planes’ GPS — experts are lost on how to fix it

There have been over 50 recent reports of frightening cyberattacks that have altered planes’ in-flight GPS, leading to what experts described as “critical navigation failures” onb…
nypost.com nypost.com

It’s one of the most terrifying events imaginable.

There have been over 50 recent reports of frightening cyberattacks that have altered planes’ in-flight GPS, leading to what experts described as “critical navigation failures” onboard the aircraft.

More frightening still, industry leaders thought that this type of hacking was not possible and are at a loss over how to fix the now glaring security failure. Since late August, they have been observed throughout the Middle East, particularly over Israel, neighboring Egypt, and Iraq.

In September, the FAA issued a warning on the “safety of flight risk to civil aviation operations” over the spate of attacks, according to OpsGroup, an international collection of pilots and technicians who first brought attention to the terror.

The attack, called GPS spoofing — when a navigation system is given counterfeit coordinates — isn’t new and applies to all modes of transportation. Ten years ago, a group of college students at the University of Texas bragged that they moved an $80M yacht off its course as a school project. In 2015, a security researcher also hacked a United Airlines flight and modified its course as a warning over security flaws.

1700522618539.png


But the tactic has now become so sophisticated that nefarious hackers, still at large, have recently learned how to override an airplane’s critical Inertial Reference Systems (IRS). That crucial piece of technology is commonly called the “brains” of a craft by manufacturers.

One flight, a Gulfstream G650 from Tel Aviv on October 25th, “experienced full nav[igation] failure” as its system had marked the plane 225 nautical miles from the actual course. And a Boeing 777 endured spoofing over Cairo airspace and was falsely thought to be stationary for a half hour on Oct. 16 as well, according to the group.

Before these rampant attacks began at the very end of August, spoofing the IRS was “previously thought to be impossible,” OpsGroup wrote in a November update, which added several more cases of spoofing to the already lengthy list.

The industry has been slow to come to terms with the issue, leaving flight crews alone to find ways of detecting and mitigating GPS spoofing…What will you do at 2 a.m. over the Middle East when the aircraft starts drifting off course and saying ‘Position Uncertain?’ With almost zero guidance, we’re largely on our own to figure things out.”

Another aviation expert and former flight operations captain, Patrick Veillette, warned that the current global climate — the pattern of attacks began shortly before Gaza’s October assault on Israel — is an added global risk. Israel also admitted that “GPS was restricted in active combat zones in accordance with various operational needs” in mid-October.

“Nefarious (though yet to be identified) forces are likely behind this,” Veillette wrote. “And the consequences could turn into an international crisis and possibly the loss of an innocent civilian aircraft in a region that is already a high-risk area near an active conflict zone.”

Adding more fuel to the tension, Professor Todd Humphreys, who led the yacht spoofing at UT a decade ago, believes he’s traced the source of these hacks back to Iran.

“Using raw GPS measurements from several spacecraft in low-Earth orbit, my student Zach Clements last week located the source of this spoofing to the eastern periphery of Tehran,” Humphreys, who warned congress about the dangerous potential of spoofing in 2012, told Vice’s Motherboard.

“GPS spoofing acts like a zero-day exploit against aviation systems…[aviators are] completely unprepared for it and powerless against it.”
 
Oxman said:
nypost.com

Hackers are taking over planes’ GPS — experts are lost on how to fix it

There have been over 50 recent reports of frightening cyberattacks that have altered planes’ in-flight GPS, leading to what experts described as “critical navigation failures” onb…
nypost.com nypost.com

It’s one of the most terrifying events imaginable.

There have been over 50 recent reports of frightening cyberattacks that have altered planes’ in-flight GPS, leading to what experts described as “critical navigation failures” onboard the aircraft.

More frightening still, industry leaders thought that this type of hacking was not possible and are at a loss over how to fix the now glaring security failure. Since late August, they have been observed throughout the Middle East, particularly over Israel, neighboring Egypt, and Iraq.

In September, the FAA issued a warning on the “safety of flight risk to civil aviation operations” over the spate of attacks, according to OpsGroup, an international collection of pilots and technicians who first brought attention to the terror.

The attack, called GPS spoofing — when a navigation system is given counterfeit coordinates — isn’t new and applies to all modes of transportation. Ten years ago, a group of college students at the University of Texas bragged that they moved an $80M yacht off its course as a school project. In 2015, a security researcher also hacked a United Airlines flight and modified its course as a warning over security flaws.

View attachment 75035

But the tactic has now become so sophisticated that nefarious hackers, still at large, have recently learned how to override an airplane’s critical Inertial Reference Systems (IRS). That crucial piece of technology is commonly called the “brains” of a craft by manufacturers.

One flight, a Gulfstream G650 from Tel Aviv on October 25th, “experienced full nav[igation] failure” as its system had marked the plane 225 nautical miles from the actual course. And a Boeing 777 endured spoofing over Cairo airspace and was falsely thought to be stationary for a half hour on Oct. 16 as well, according to the group.

Before these rampant attacks began at the very end of August, spoofing the IRS was “previously thought to be impossible,” OpsGroup wrote in a November update, which added several more cases of spoofing to the already lengthy list.

The industry has been slow to come to terms with the issue, leaving flight crews alone to find ways of detecting and mitigating GPS spoofing…What will you do at 2 a.m. over the Middle East when the aircraft starts drifting off course and saying ‘Position Uncertain?’ With almost zero guidance, we’re largely on our own to figure things out.”

Another aviation expert and former flight operations captain, Patrick Veillette, warned that the current global climate — the pattern of attacks began shortly before Gaza’s October assault on Israel — is an added global risk. Israel also admitted that “GPS was restricted in active combat zones in accordance with various operational needs” in mid-October.

“Nefarious (though yet to be identified) forces are likely behind this,” Veillette wrote. “And the consequences could turn into an international crisis and possibly the loss of an innocent civilian aircraft in a region that is already a high-risk area near an active conflict zone.”

Adding more fuel to the tension, Professor Todd Humphreys, who led the yacht spoofing at UT a decade ago, believes he’s traced the source of these hacks back to Iran.

“Using raw GPS measurements from several spacecraft in low-Earth orbit, my student Zach Clements last week located the source of this spoofing to the eastern periphery of Tehran,” Humphreys, who warned congress about the dangerous potential of spoofing in 2012, told Vice’s Motherboard.

“GPS spoofing acts like a zero-day exploit against aviation systems…[aviators are] completely unprepared for it and powerless against it.”
Click to expand...
It would be illegal as hell, and I'm incredibly reticent to say how it could be done on a public forum, but spoofing GPS signals inflight doesn't intrinsically seem very hard to me... if your model was subtle enough too it could be disastrous...
 
Isn't this why most jets have three IRUs and GPS as almost an accessory backup? That's how it used to work.
 
I was actually just thinking about this the other day, especially with regard for "alternative" navigation techniques after reading about this Muon stuff a friend sent me:

physicsworld.com

Positioning system uses cosmic muons to navigate underground – Physics World

System can be used where satellite navigation systems fail
physicsworld.com

might be cool to see some applications, but it might be neat if we indirectly go back to using the stars for navigation
 
ppragman said:
theaviationgeekclub.com

SR-71 Astroinertial Navigation System was crucial in Blackbird mission.

The SR-71 Astroinertial Navigation System, aka R2-D2, was crucial in Blackbird reconnaissance mission. Here’s why.
theaviationgeekclub.com theaviationgeekclub.com

ok - I'm a giant nerd, but I love this sort of thing, now that we have the technology to do this digitally, we should, it's kind of unjammable.
Click to expand...
Someone's going to have to clean those windows before every flight. The SR-71 might be the pinnacle of analog human engineering, but they finally got so expensive they had to retire them. I've seen and been around some legendary airplanes but that one stands out. Just remember someone had to clean R2D2s window before every flight.
 
This is a very simple statement to a complex situation, but you'd have lose all situational awareness (GPS, dead reckoning, or other) if you didn't notice being 225nm off course. That's just about 30 minutes in the average jet.
 
CFI A&P said:
This is a very simple statement to a complex situation, but you'd have lose all situational awareness (GPS, dead reckoning, or other) if you didn't notice being 225nm off course. That's just about 30 minutes in the average jet.
Click to expand...
Unless they can spoof the poles and barometric pressure I'm unsure why this isn't just a nuisance. Just fly the airplane, that's what you're paid to do.
 
knot4u said:
Unless they can spoof the poles and barometric pressure I'm unsure why this isn't just a nuisance. Just fly the airplane, that's what you're paid to do.
Click to expand...

Are you aware of transition altitude? Barometric pressure would impact vertical separation, not lateral.
 
mikecweb said:
Ahhhhh the number of times i wish a mechanic would just fix a plane, that's what you're paid to do.
Click to expand...
I'd love to if you'd just do one of two things (or maybe three things), write it up with something other than a vague description that something didn't work, if possible have a face to face conversation with MX (despite your supreme gladiatorness you might be wrong), and if you ground an airplane with a vague description of the issue at least answer the phone so we can try to fix it. I know you're the Captain of the ship, sucks when your ship won't run. At that point you're just an angry pedestrian. And I sleep in my own bed every night.
 
CFI A&P said:
Are you aware of transition altitude? Barometric pressure would impact vertical separation, not lateral.
Click to expand...
I don't know what that is, please explain how actual barometric pressure can be sabotaged. What are you talking about?
 
CFI A&P said:
Are you aware of transition altitude? Barometric pressure would impact vertical separation, not lateral.
Click to expand...

GPS would also have the potential to effect verticals separation with a host of air vehicles.

Most of the drones we operate fly GPS altitude not Baro. So if you were flying somewhere over say Greece/Romania/Moldova right now transitioning in altitudes below the Flight Levels there is some fudge factor on altitude with those drone orbits.


Sent from my iPad using Tapatalk
 
knot4u said:
I'd love to if you'd just do one of two things (or maybe three things), write it up with something other than a vague description that something didn't work, if possible have a face to face conversation with MX (despite your supreme gladiatorness you might be wrong), and if you ground an airplane with a vague description of the issue at least answer the phone so we can try to fix it. I know you're the Captain of the ship, sucks when your ship won't run. At that point you're just an angry pedestrian. And I sleep in my own bed every night.
Click to expand...
Thanks to you, I'm never quite sure where I'm going to sleep some nights.
 
You must log in or register to reply here.

Similar threads

Space Monkey
The "good" ol' days...
Replies
6
Views
4K
///AMG
///AMG
ChasenSFO
AT-SA exam gouge(what to expect/how to prepare)
2 3
Replies
51
Views
37K
ChasenSFO
ChasenSFO
ppragman
Airbus Official talks about pilot training
2 3 4
Replies
69
Views
7K
Hacker15e
Hacker15e
typhoonpilot
Pilot shortage - an article
2 3 4
Replies
67
Views
7K
Richman
Richman
derg
"The truth about the luxury of Qatar Airways"
3 4 5
Replies
91
Views
13K
Alanna
Alanna
Back
Top