A GPS vulnerability could allow hackers and terrorists to hijack ships, drones and commercial airliners, the news represents a motivation of the greatest concerns for responsible for the national security of every country.
The GPS expert Todd Humphreys, professors at the University of Texas, demonstrated that just using a cheap apparatus composed of a small antenna, an electronic GPS “spoofer” built in $3,000 and a laptop he is able to take total control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea.
We already mentioned Humphreys when we have spoken of drones hacking just one year ago, the Assistant Professor of the University of Texas with his team has created the world’s most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters.
The government is aware of this critical GPS vulnerability, Humphreys was called before Congress to speak with officials from the FAA, CIA, and Pentagon, but according to the researcher the Department of Homeland Security still been “fumbling around in the dark” on GPS security, doing little to address the threat.
Humphreys commented the GPS vulnerability to the Foxnews explaining how his team exploited it:
“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” ‘Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we’re worried about.”
The professor Humphreys speaking of the possible consequences of a similar hack said:
“For maritime traffic, there are big implications,” “You’ve got 90 percent of the world’s cargo going across the seas. Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we’re worried about.”
The concept is simple, the researchers provided counterfeit GPS signals to the yacht providing inaccurate information on its position to hijack it, potentially the attack could be used to disorient any vessel with serious consequences without victims will note it.
Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht “White Rose of Drachs” commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack.
“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” “I was gobsmacked — but my entire deck team was similarly gobsmacked,” Schofield he told Fox News.
The hijacking, with relative collision, a cruise ship or an oil tanker would lead to devastating consequences in terms of loss of human lives and environmental impact. Cases such as the Costa Concordia and the Exxon Valdez was the most clamorous example of the effect of maritime incidents.
We cannot limit the analysis to the maritime environment, the same kind of attack could be conducted against aircrafts or any other system that uses GPS technology:
“You’re actually moving about a kilometer off of your intended track in a parallel line and you could be running aground instead of going through the proper channel,” “Going after an expensive vessel on the seas and going after a commercial airliner has a lot of parallels,” Humphreys said.
What’s new in this attack respect previous ones?
The latest experiment conducted by Humphreys demonstrated the possibility to control victim’s GPS system exploiting the GPS vulnerability, not only to interfere with it.
“Before we couldn’t control the UAV. We could only push it off course. This time my students have designed a closed loop controller such that they can dictate the heading of this vessel even when the vessel wants to go a different direction,” Humphreys said.
Texas Congressman Mike McCaul, chairman of the Homeland Security Committee expressed its concerns on the GPS security issues and remarked with Senators Coburn and Collins the necessity to address these critical threats.
“It’s a very serious homeland security issue that we’ve asked the secretary to review and look at and she’s never responded to my requests,” “The department seems to be thumbing its nose at it, saying it has no jurisdiction over this issue and not really showing any interest in this issue at all.”
I believe that people must be aware of the risks related to an attack against any GPS system, the hackers with a low cost appliance could cause serious damage, Schofield commented the results of the experiment with the following eloquent statements:
“People need to know this kind of thing is possible with a relatively small budget and they can with a very simple system steer the ship off-course — without the Captain knowing
(Security Affairs – hacking, GPS vulnerability)