Researchers in the U.S. have managed to spoof GPS (Global Positioning System) signals to send a yacht hundreds of meters off course, while fooling the crew into thinking the yacht was remaining perfectly on course.
The test, conducted last month off the coast of Italy, is one of the most sophisticated ever reported against GPS and represents several years of work by the team at the University of Texas at Austin.
GPS works by measuring signals received from satellites that orbit about 20,000 kilometers above the Earth. By knowing the location of each satellite and very accurately timing when the signals arrive, it's possible to determine a receiver's location to within a few meters.
To fool the yacht's GPS system, the researchers needed to generate fake signals that were slightly different from the legitimate ones. In theory, the navigation system would accept the signals, but the result would be a location that wasn't completely accurate.
A typical GPS receiver relies on signals from at least four satellites, but accuracy is improved with more satellites. On the ocean, it's possible to receive signals from about 10 satellites at any one time.
If only one satellite signal was faked, it might get discarded by the receiver as erroneous because it was out of character with all the others. And if half were faked, the system might sense it was being attacked or fed fake information.
"We mimicked the entire GPS constellation," said Todd Humphreys, a researcher at the university's department of aerospace engineering and engineering mechanics.
"We had a counterpart for each signal coming down from every satellite in the sky. When they mixed together with legitimate signals in the receiver, ours were slightly stronger," he said in an interview.
Humphreys was on the yacht's bridge when the experiment took place, and graduate students Jahshan Bhatti and Ken Pesyna were on an upper deck with the spoofing device.
He said that once the yacht's GPS system was being fed the spoofed data, the researchers began to manipulate the fake GPS signals so the yacht would think it was heading off course. In reality, it hadn't deviated from its course -- yet. But once the erroneous position was fed to the yacht's computer it issued a course correction that resulted in the yacht actually turning.
Because the navigation computer was basing its movements on fake signals, the computer chart on the bridge showed the yacht moving in a perfectly straight line.
"I saw the reactions of the captain and his first mate," said Humphreys. "They have come to trust their electronic chart displays so much over the years, so when it came to that, they were very surprised."
Once the team had tried their trick several times, the yacht was several hundred meters off course, said Humphreys. To demonstrate how it worked, the team posted a YouTube video.
To conduct their GPS spoofing attack, the researchers used a custom-built device on the upper deck of the yacht, close to the GPS antennas, but Humphreys said it could have been done from miles away.
Developing the spoofing device took several years of work, and it's thought to be the first that has been publicly acknowledged.
"If it was to get out, it would be a real problem for transportation systems," he said.
GPS sits at the heart of modern logistical systems that route trucks, ships and aircraft around the world. It's considered to be such an important aid to global commerce that China and the European Union are building their own satellite navigation systems so they don't have to rely on the U.S.-controlled GPS. So anything that could undermine confidence in the system is potentially serious.
Groups at universities around the world are looking at improvements that can make GPS more secure, but they face the constraints of working with an installed base of billions of receivers that need to continue to function.
"All of the most practical things we can do are the weakest," said Humphreys. "All of the most impractical are the strongest. In the short term, all we can do is apply Band-Aids. It will be five or 10 years before we can do something stronger."
Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.