The document discusses vulnerabilities of Global Navigation Satellite Systems (GNSS), particularly GPS, highlighting issues of jamming and spoofing that have resulted in documented real-world incidents affecting transportation and maritime operations. It emphasizes the ease with which GNSS signals can be disrupted and the cybersecurity implications of such vulnerabilities. The author calls for greater awareness and proactive measures in managing GNSS security to mitigate risks associated with these navigational technologies.

1. GPS Behaving Badly? A Lightning Introduction to
Security for Position Navigation and Timing
Systems
Guy Buesnel, CPhys, MInstP, FRIN, Spirent Communications

2. 2Spirent Communications
Synthetic Simulation Of PNT Signals
GPS
GLONASS
BeiDou
Galileo
QZSS
IRNSS
Earth
WAAS
EGNOS
IMU
Wi-Fi
BT
Cellular
Positioning

3. How much do you trust your sat-nav?

4. 4Spirent Communications
Real world threats to GNSS

5. 5Spirent Communications
GNSS – Why is it vulnerable?
 GNSS signal power equivalent to that radiated by weak light bulb (40W)
 Weak signal strength received on Earth’s surface – below thermal noise floor
 Low power interference can cause problems to receivers… Jamming and spoofing
of the signals is relatively easy
Image courtesy what-when-how.com

6. The spread of GNSS jamming
Adjacent band interferers

7. GPS jamming – real world reports
• 2018: ICAO publish investigation of multiple reports of GPS interference on approach to
Runway 24 at Manila International Airport, More than 50 reports in the 2nd quarter of 2016
• Loss of on-board GNSS functionality
• [GPS-L INVALID] and/or [GPS-R INVALID] messages appear
• Decrease in navigation performance leading to RNP alert
• Loss of Autoland and ADS-B capability
• 2018: Multiple maritime incidents reported in the Eastern Mediterranean Sea. The nature
of the incident is reported to be GPS interference. Five vessels and one aircraft operating
between Cyprus and Port Said, Egypt have reported GPS disruptions/interference
occurring over extended periods and resulting in either inaccurate positions or no position
• 2015: Multiple outbound vessels from a non-U.S. port lost GPS signal reception. Impacts
included loss of collision avoidance capabilities on the radar display.
• 2014: US Coast Guard reported that U.S. port (East Coast ) suffered a seven-hour GPS
signal disruption that crippled operations at one berth - Port cranes were disabled.
Significant delays to port operations ensued
• 2014: FBI aware of 46 reported incidents of luxury car theft where the thieves placed one
or more GPS jammers in cargo containers with stolen automobiles.
• 2014: Cargo thieves in North Florida used GPS jammers to steal a refrigerated trailer
containing a temperature controlled shipment

8. 8Spirent Communications
Real examples of GPS Spoofing

9. 9Spirent Communications
GPS Spoofing – emergence as real threat
“all your GPS are belong to us…”
A $225 home-built GPS spoofer for attacking car sat-nav
systems
A GPS spoofer designed for Pokemon Go users –
available online for only $1000

10. 10Spirent Communications
ION GNSS+ 2017 – the last place to have your smart phone fail due to
GNSS spoofing
The World’s Satellite Navigation Experts congregate for the Institute of Navigation’s prestigious annual conference in
Portland, Oregon, US
 Thursday 28th September - Multiple incidents of smart phones erroneously indicating incorrect time and position as reported by
numerous users (Date and Time in the past, position showing as somewhere in Europe )
 Some types of phones recovered in minutes after the anomaly – other phones took several hours to recover
 Some users had to ask for assistance from retailer or service provider
 Incident traced to inadvertent leak of RF radiation from an exhibitor’s stand -
 In general the affected users who had most trouble recovering their smart phones were the GPS Experts…
This Photo by Unknown Author is licensed under CC BY-NC-SA
The spoofing incident happened inside the expo hall - this meant that the phones were not receiving any other GNSS signals – they
acquired and locked onto the false signal as though it were authentic

11. 11Spirent Communications
Real GNSS Spoofing
Press Story 27 December 2016
 Reports that Car drivers experienced “strange problems” in St Petersburg
 Car Sat navigation systems show location near Pulkovo airport when they are actually in city centre
 Possible GNSS spoofing?
Sep 2017: US Maritime Advisory (MARAD) issued
 GPS disruption in Black Sea region – interference and evidence of an “incorrect signal”
 20+ ships affected – complaints of GPS interference and several false positions being reported by
on-board navigation systems during June.
 Maritime Advisory subsequently issued by U.S.
Image courtesy of RNTF
Reported in press 17th December 2015
 Highlighted attempts to jam and spoof drones patrolling US/Mexico border
 Attempted GPS spoofing in the real world reported for the very first time
 Criminals using technology to attempt to disrupt GNSS

12. 12Spirent Communications
Cyber-Security Considerations for GNSS
“Attack Surface”
 GNSS solutions utilise existing computing technologies
 Many GNSS receivers run embedded operating systems (VxWorks, Linux etc.)
 User interface, logging & alerting components run on “off the shelf” hardware & operating systems
(embedded computers & processors, mobile devices, Windows, Android etc.)
 Communication protocols such as TCP/IP, USB and RS232 move data between devices.
 The Internet, Local & Wide Area Networks provide access to remote systems & data sources.
Image Courtesy of Pakwheels
Image Courtesy of Adaptek Automation Technology
Image Courtesy of Logical Genetics

13. 13Spirent Communications
Some Personal insights
 “GPS is more computer than radio”; “GPS Receivers lack cyber resilience. This is a National Issue.” - Harold
(“Stormy”) Martin, National Co-ordination office for Space based PNT, US PNT Advisory Board meeting,
Redondo Beach CA, 15 Nov 2017
 Risk Assessment and knowledge of the operating environment is essential – Does your business use GPS
anywhere? How do you obtain precise time? - Don’t be caught out….
 Spirent have seen many different issues with user equipment - all of them unexpected – often not enough testing
is conducted up-front and with many scenarios, live sky testing is not sufficient..
 Maintaining good Cyber-hygiene is vital – GNSS has its own specific vulnerabilities but fixing those means nothing
if a back-door is left unguarded elsewhere. Don’t let security become an after-thought
 There is a need to responsibly create awareness in many application segments

14. Join the GNSS Vulnerabilities group on Linked In to find out more about GNSS jamming and spoofing the
Trust but Verify
guy.buesnel@spirent.com
http://www.spirent.com/Solutions/Robust-PNT
Acknowledgements: Thanks to my colleague David Smith for providing his valuable cyber-security insights…
Image courtesy MAIB