iStockphoto / Franco Ercolino
A recent string of GPS spoofing hacks has cybersecurity experts on edge as they are pulling off something that was believed to be impossible by industry insiders.
About two months ago, the FAA issued a warning of “safety of flight risk to civil aviation operations” after over 20 reports of hackers spoofing the GPS on aircrafts. In one instance, a Embraer Legacy 650 jet almost entered Iranian airspace without clearance because of scrambled GPS signals.
OPS Group reports that was on a flight from Europe to Dubai and suddenly the plane’s autopilot started turning erratically to the left and right. In another instance, a Challenger 604 jet reported what they could only assume was GPS signal spoofing/hijacking.
According to Flieger News, they reported as they were “Nearing north of Baghdad something happened where we must have been spoofed.” The report wen ton to say they “lost anything related to Nav and the IRS suggested we had drifted by 70-90 miles. We had a ground speed of zero and the aircraft calculated 250kts of wind. The FMSs reverted to DR (Dead Reckoning) and had no idea where they were.”
In the later instance, GPS on the jet was never restored and they required vectors to navigate all the way from Iraq to Doha and the jet’s GPS wasn’t recovered until the plane was restarted two days later for the return trip.
As a form of hacking, GPS Spoofing isn’t anything new. It can lead to devastating consequences, of course, when vehicles are involved. But on planes and jets, is wasn’t believed to be possible due to the planes’ internal Inertial Reference Systems (IRS) which the NYPost describes as the ‘brains’ of an aircraft’s technology.
By gaining access to the Inertial Reference Systems (IRS), something that wasn’t believed to be possible, hackers have been wreaking havoc on aircraft throughout the Middle East and as the Post notes, over Israel in particular.
Until these attacks began about three months ago, cyber security experts didn’t think it was possible for hackers to execute GPS spoofing on these planes.
OPS Group has since published a map of where the GPS spoofing is occurring and listed two new types of GPS spoofing that is being reported across the industry. In the map, they lay out three scenarios and locations for the hackers’ GPS spoofing attacks: Scenario 1 – Baghdad Type, Scenario 2 – Cairo Type, Scenario 3 – Beirut Type.
In the Baghdad Type (1) scenario, it “involves GPS spoofing of enroute aircraft, nav failures follow.” In the Cairo Scenario (2), planes receive false GPS location signals from their system and it shows them as being over Tel Aviv. In the third scenario (Beirut type), the GPS spoofing shows the plane as subtly moving toward OLBA/Beirut.
Despite knowing that hackers are actively going after planes and jets with GPS spoofing attacks, there really isn’t any guidance yet on what to do about it. They cite “uncertainty as to the best way to mitigate GPS spoofing activity” and “wide concern over IRS spoofing, previously thought to be impossible.”
There have now been multiple instances reported where planes/jets nearly entered restricted airspace without permission which could have led to dire consequences if military jets were scrambled.
It is easy to brush this off as mostly a concern for people who fly via private jet but given the lack of knowledge about how hackers are executing these GPS spoofs the scope and threat of these three hacking scenarios remains to be seen. The OPS Group has also issued guidance on mitigation before and during active GPS spoofing attacks from hackers.