In 1492, under a charter from the monarchs of Spain, an Italian man named Christopher Columbus severely underestimated the Earth\u2019s circumference, sailing three ships into what he would reportedly die believing was the East Indies, but which was in actuality an Archipelago thousands of miles away, now known as the Bahamas.<\/p>\n
Mistakes of this nature may seem impossible today, with multiple GPS satellites sending their signals to anyone who wants to figure out his or her exact position on Earth\u2019s surface. Born as a navigation system for military ships, Global Positioning System (GPS) slowly became a mainstream tool for sailors, tourists, everyday people and semi-autonomous robots.\u00a0 To make this\u00a0 location tracking<\/a> system available for everyone, GPS creators avoided using encryption of any kind in the civilian variety of the satellite signal, thus eventually making this attack and conceptually similar ones possible.<\/p>\n A few months back, a rather large luxury yacht deviated from its intended course<\/a> somewhere in the Mediterranean Sea after a team of radio navigation researchers built a device capable of overriding the ship\u2019s GPS receivers with spoofed signals.<\/p>\n The project was carried out by researchers from the University of Texas at Austin. According to them, spoofing is a process whereby an attacker creates a false civil GPS signal more local and stronger than the satellites that transmit real civil GPS signals. In this way, the attacker can compromise GPS receivers, making them believe that the false GPS signal is the legitimate one.<\/p>\n Holding a first-of-its-kind blue box roughly the size of a suitcase and standing onboard the White Rose of Drachs super-yacht as it travelled through international waters from Monaco to Rhodes Greece, researchers aimed the spoofing device in the direction of the vessel\u2019s two GPS antennae. The blue box transmitted a subtle collection of fake civil GPS signals that eventually overwhelmed the ships GPS systems and gained complete control of its navigational course.<\/p>\n The process did not trigger any alarms nor were the fake signals in any way distinguishable from the real ones. In other words, a potential attack of this kind would be completely unnoticeable to the crew of a modern ship.<\/p>\n The way this attack works is slightly counter-intuitive: the researchers didn\u2019t use fake GPS to directly alter the ships course. They used the fake GPS signals to trick the crew into altering the course on their own. So, the researchers spoof the GPS \u2013 causing the crew to think the boat has moved slightly off course. The crew then redirects the boat to what it believes is the correct course. In reality, the crew is over-compensating and sending the boat on what could become a wildly different course depending on how for it has to go.<\/p>\n \u201cThe ship actually turned and we could all feel it, but the chart display and the crew saw only a straight line,\u201d Project leader Todd Humphreys said.<\/p>\n The researchers claim that their spoofing device has implications that reach far beyond altering the navigation course of a privately-owned, $80 million super-yacht. In fact, just last year Humphreys led a team of researchers who managed to perform a similar GPS hijack on an unmanned aerial vehicle. The implications of the research could implicate the entire transportation industry<\/a> as the trend toward autonomous navigation continues.<\/p>\n \u201cThis experiment is applicable to other semi-autonomous vehicles, such as aircraft, which are now operated, in part, by autopilot systems,\u201d Humphreys said. \u201cWe\u2019ve got to put on our thinking caps and see what we can do to solve this threat quickly.\u201d<\/p>\n In fact, in late 2011, reports surfaced<\/a> that the Iranian military may have exploited similar vulnerabilities in order to safely land a U.S. drone within their borders.<\/p>\n The problem we\u2019re facing here is clear \u2013 it\u2019s easy to patch a webserver, it\u2019s more complicated to patch a browser installed hundreds of millions of computers, but it\u2019s almost impossible to patch billions of microchips with embedded GPS functionality. It\u2019s not that complicated to patch the software on GPS satellites. The problem emerges when it turns out that new hardware is required, thus introducing the need to spend many years and billions of dollars on lifting new hardware into space \u2013 basically, manufacturing and launching next-generation GPS satellites.<\/p>\n Hard to say what you can do to protect yourself on this one. Pray? Really though, the transportation industry is just going to have to stay on top of this and try to be proactive about fixing the underlying problems that lead to these sorts of attacks. As of right now, take solace in the fact that this attack was launched by a group of super-intelligent academics from UT Austin, but also be wary of the fact that we are rapidly entering a world where smart people can hack all the things<\/a>. And as USA Today Journalist Byron Acohido more-or-less said at the Visa Global Security Summit two weeks ago: what the really smart guys can do today, everyone can do in the future.<\/p>\n","protected":false},"excerpt":{"rendered":" In 1492, under a charter from the monarchs of Spain, an Italian man named Christopher Columbus severely underestimated the Earth\u2019s circumference, sailing three ships into what he would reportedly die<\/p>\n","protected":false},"author":42,"featured_media":2914,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[93,385],"class_list":{"0":"post-2912","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cybercriminals","9":"tag-gps"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hacking-gps-on-columbus-day\/2912\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hacking-gps-on-columbus-day\/2692\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hacking-gps-on-columbus-day\/2912\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hacking-gps-on-columbus-day\/1773\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hacking-gps-on-columbus-day\/2912\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=2912"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2912\/revisions"}],"predecessor-version":[{"id":26119,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/2912\/revisions\/26119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/2914"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=2912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=2912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=2912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}