The global positioning system (GPS) was much more vulnerable to cyber attacks than previously thought. If hackers can forge a satellite signal, any device with a GPS receiver can be under threat – from simple ATMs to self-managed cars.
The GPS satellite navigation system was developed by the US military in the 1980s. In operation it was introduced in 1993, when the last of the 24 satellites (today their 31), which are necessary for the complete coverage of the earth’s surface, was put into orbit. In addition to the American one, there are other regional global positioning systems, for example, Russian GLONASS, European Galileo, Chinese BeiDou and Japanese QZSS – together they are called GNSS (Global Navigation Satellite Systems).
In addition to calculating coordinates and distance, GPS also measures time: each satellite has a super-accurate quantum clock that synchronizes the time between instruments in the US Naval Observatory on the basis of vibrations of atoms or molecules. Those, in turn, transmit these values to all devices with GPS receivers.
On the GPSS indicators, almost all the important digital infrastructure is based, writes Quartz. And for the financial industry, the accuracy of calculations of satellites – American or any other – is of critical importance. ATMs rely on time stamps for GNSS, giving out cash, brokers, buying securities on the stock exchange, and also terminals in stores: in the event of a delay in payment for at least a microsecond, the entire transaction can be perceived as fraudulent. In this case, to build a clock, for example, directly into the bank card is impossible, because even the most accurate “earth” time tracking system will someday start to be late or rush.
In reality, the GNSS system is very vulnerable. According to Dana Howard, the president of the non-profit foundation Resilient Navigation and Timing Foundation (RNTF), a satellite that overhangs the Earth at an altitude of about 19 thousand km., Is a huge “40-watt light bulb that was turned on in New York and visible from California” .
The first idea about the possibility of “slowing down” the satellite signal came to the warehouse worker in the US, whose location is tracked from the sky. Instead of working, the stevedores, who possessed more or less technical skills, could deceive the employer by making a GNSS jammer from the components bought in the radio market for several hundred dollars.
The case took a large turn in the late 2000s, when the controllers of the international airport of Newark (near New York) began to service arriving and departing aircraft using GPS. Almost immediately after that, the airport systems began to receive interference, as it was then thought, from cars passing through the interstate I-95 highway. As it turned out in 2012, the satellite signal was substituted for its own, more powerful one of the airport’s contractors, who used a GPS “jammer”. The culprit was fined $ 32,000.
The substitution of GPS signals, however, is of a local nature and does not do much harm because of the limited range of action. The biggest threat is the spoofing of the GPS receiver – sending false signals to the device in order to cause it to issue incorrect information about the location or time. This method, for example, can be used by hackers to steal a self-governing car. If you do not protect the GPS signal coming from a satellite in a near-earth orbit, cybercriminals can forge coordinates, knock down an intelligent machine from the initial course or send it to an ambush site.
Such scenarios are not just conjectures. Earlier, researchers from the University of Texas at Austin (USA) managed to transfer false coordinates to a yacht worth $ 80 million, sending the vessel along a potentially dangerous route. According to experts, the risks can be reduced if you combine GPS with other positioning methods – for example, by calculating the path or cross-checking with Wi-Fi networks.
The fake GPS signal, according to RNTF, can lead to multi-billion losses and even loss of life. A potential attack on the satellite system, says Howard, will lead to the fact that “cellular networks will begin to fall apart, the IT sector, financial exchanges will have to close, as they can not agree on transactions, ATMs will stop working, because banks can not check if there are any money, in the long run the attack will affect even the power grid.The Lord knows how quickly this will come back to normal. ” In order to resist attacks, experts propose first of all to strengthen the critical infrastructure – only in the US this will require about $ 500. This amount, however, is incomparable with the cost of launching a new-generation GPS satellite ($ 547).