The Global Navigation Satellite System (GNSS) is critical for modern life. It can be hacked. Here’s what that means for the average person.
The GNSS is a constellation of artificial satellites from several different countries: The Global Positioning System (US), Galileo (EU), Beidou (China) and GLOSNASS (Russia). This system provides positioning, navigation and time information to everything from super-tankers and airplanes down to your smartphone.
Starting in at least 2016, it’s been hacked several times.
There have been close to ten-thousand incidents, affecting over 1,100 ships, in the Black Sea and Syria. One freighter captain reported that while his ship was on the open sea, the ship's positioning system placed it 27km away… in the middle of an airport.
"But wait," you say, "I don't pilot my superyacht anywhere near the Black Sea. And I haven't angered any organization with a government-sized budget. Surely this doesn't affect me?"
Not so, unfortunately. In 2013, students at the University of Texas at Austin successfully hijacked a superyacht using a device the size of a briefcase. It cost $2000.
The purpose of the attack was to detect how easily the yacht's sensors could identify the threat.
According to the Center for Advanced Defense Studies, similar devices could be made for under $300 today. One that can override navigation apps on your smartphone is small enough to fit in a jacket pocket.
How hackers attack
A report by cybersecurity analyst group Digital Shadows details the type of hacking in these incidents and discusses three widespread methods.
1. GNSS jamming: also known as brute-force jamming, this uses arbitrary signals, transmitted at the same frequency as GNSS signals, to prevent GNSS receivers from transmitting or receiving legitimate frequencies.
2. Denial of service (DoS) GNSS spoofing: an attacker overrides the signal between the victim and the receiver to transmit their own false information; this was the tactic most used in the Black Sea incidents.
3. Deception GNSS spoofing: an attacker hijacks receivers by mimicking GNSS signals to feed false data to the victim.
Relying on GNSS
In 2017, the United Kingdom published a study on the impact of even a temporary disruption of global navigation services. On page two of the showcase report, they wrote ‘a day in the UK with GNSS’, detailing all the ways we use the service in our daily lives.
The result is sobering.
There's the obvious disruption to in-car navigation, but public transit tracking would disappear, as would ride-hailing services. The modern supply chain is dependent on just-in-time shipping, which relies on GNSS as a pillar of the logistics.
Even the alarm clock on your phone uses precision time information from GNSS.
Ocean shipping could literally be held for ransom.
We've previously discussed how drones could represent the future of last-mile delivery. They, too, are vulnerable to GNSS attacks, as are autonomous vehicles.
Reducing the risk of hacking
GNSS is such an integral part of our lives that there's no quick fix. However, there are a few options that can lessen the risks.
One method is already in place thanks to the inherent limitations of GNSS: WiFi, cell and network positioning.
By the end of 2020, it's anticipated that up to 140 satellites will offer positioning services, which will all be automatically added to HERE positioning technology.
Global navigation satellite systems have always had difficulty with urban canyons and indoor area and have long been supplemented by Assisted GNSS (A-GNSS) that use the internet to fill in the gaps. At HERE we further positioning services that use both WiFi and cell data.
A large body of historical traffic data, like HERE provides, could be used to cross-check GNSS data or be used independently.
The GNSS is dangerously vulnerable to bad actors and the results would impact every aspect of our lives, down to our ability to use digital maps or call a Lyft. Thankfully, technology exists that can help to protect ourselves so that we can adapt, quickly and safely, to any disruption.