Skip to main content

Want to see this $80 million super yacht sink? With GPS spoofing, now you can!

gps spoofing white rose yaght
The $80 million White Rose of Drachs is a lot of ship. And under the guidance of spoofed GPS, it could be hurtling in the entirely wrong direction.

On Monday, reports revealed some shocking news: A small group located off the south coast of Italy successfully took control of an $80 million super-yacht’s navigation system using a homemade device, and sent the luxury vessel on a potentially disastrous wayward path. The captain had no idea that the boat’s GPS system was lying to him – not a single alarm bell sounded.

Had this been a real cyberattack, the ship and its crew could have suffered dire consequences. Fortunately for everyone onboard, the navigation takeover was the work of University of Texas at Austin researchers, led by assistant professor Dr. Todd Humphreys, who were testing out their ability to broadcast counterfeit GPS signals. And the captain of the ship, called the White Rose of the Drachs, gave the researchers permission to trick his boat’s navigation system. But according to Humphreys, this method of so-called GPS spoofing, could pose a major threat.

GPS spoofers trick a navigation system by feeding it counterfeit signals.

“With 90 percent of the world’s freight moving across the seas and a great deal of the world’s human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing,” said Humphreys in a statement. “I didn’t know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack.”

So, what exactly is GPS spoofing? And, more importantly, should we all be freaking out?

How GPS spoofing works

Ordinary GPS signals, like the ones that guide your smartphone’s mapping apps and location services, come from satellites orbiting the earth. But it’s possible to create a fake GPS signal here on dry land. The U of Texas students built a GPS spoofing device for about $3,000. A pair of students, the “attackers,” then sat aboard the upper deck of the White Rose, where their GPS spoofer emitted a counterfeit signal slightly stronger than the real GPS signal.

Eventually, the yacht’s navigation system deferred to the fake GPS signal, and that’s when the real attack began. The attackers altered their signal just a few degrees to make the yacht’s system “think” that the ship was off course, even though it was right on track. The White Rose’s captain then adjusted course, bring the fake GPS signal back to the original trajectory – meaning the ship’s real direction was off by a few degrees – plenty to cause an accident, or send a ship to an alternate location.

Here’s an animated video by the researchers showing how their experiment worked:

Does GPS spoofing let someone else take control of the vehicle?

No. GPS spoofing simply tells vehicle operators (or, theoretically, smartphone users) a false location. The drivers are the ones who changes course, thinking that they are going the wrong direction when they may be headed exactly right.

Is GPS spoofing the same as GPS jamming?

No – but both are cause for concern. Whereas GPS spoofers trick a navigation system by feeding it counterfeit signals, GPS jammers knock out the navigation system entirely. Jammers can also disrupt mobile phone service, civil aviation systems, and law enforcement and emergency service communications.

According to the Economist, experts suspect that a delivery truck driver trying to avoid his (or her) company’s tracking technology has managed to disrupt the trade records of the London Stock Exchange for 10 minutes every day using a GPS jammer. And in 2009, another truck driver managed to accidentally mess with the navigation systems of New Jersey’s Newark airport as he drove past on a neighboring highway.

Because of their potential to cause serious disruptions, the U.S. Federal Communications Commission outlawed the use of GPS jammers in February 2011 (pdf). It is currently illegal to use, market, manufacture, or sell GPS jammers – but, of course, it is still possible to get one. GPS spoofers would likely fall into the illegal category as well, considering they too are used to intentionally interfere with GPS and other signals, which is against the law.

Have hackers used GPS spoofing for criminal ends?

Maybe. Bob Cockshott of the UK’s ICT Knowledge Transfer Network told Ars Technica last year that “There have been incidents where trucks carrying high value goods have been hijacked, where GPS and cell phones have been blocked.”

It is only a matter of time before GPS spoofing goes from an academic exercise to a real-life problem.

That said, the only evidence we could find of a truck being hijacked using GPS spoofing stems from a 2002 experiment (pdf) performed by researchers at the U.S. Department of Energy’s Argonne National Laboratory. Researchers Jon Warren and Roger Johnston of the Vulnerability Assessment Team (VAT) successfully spoofed a cargo truck’s navigation system from about 30 feet away, for an average period of about two minutes.

The more nefarious known GPS spoofs may have come from foreign governments. In 2011, an Iranian engineer told Christian Science Monitor that the Iranian government had successfully taken down a highly classified U.S. military drone using GPS spoofing, or “electronic ambush,” as he called it. Experts have since refuted the engineer’s claims given that encrypted military GPS systems are much more difficult to interfere with. Last year, however, Humphrey’s team successfully executed the first ever GPS hijacking of a civilian drone.

Is there any way to make GPS more secure for everybody?

One way would be to encrypt civilian GPS in the same way military GPS is encrypted – but that’s not going to happen. It is the open nature of civilian GPS that makes it a viable tool for average people – de-encryption is the reason we have GPS in our cars and phones.

University of Oklahoma researchers found in 2011 (pdf) that there are two possible fixes. One is to increase the signal strength of civilian GPS, which would make it more difficult for a GPS spoofer to trick a navigation system. This, however, would be difficult to implement. A more “practical” fix, say the researchers would be to apply “trivial anti-spoofing algorithms in GPS receivers,” which would at least alert someone to the fact that their GPS had been spoofed.

Governments have also begun to enact countermeasures to protect against spoofing. Thanks to GPS disruptions from North Korea, the South Korean government announced in April plans to launch a network of eLoran (enhanced long-range navigation) towers, which are ground-based and emit much stronger signals. The U.K. also has plans to build an eLoran system – but GPS (or other similar satellite-based systems) aren’t going away soon.

So, what’s the verdict: Stay calm, or freak out?

For now, GPS spoofing is not a major concern for the average person – even if you regularly find yourself inside of an aircraft or on the deck of an $80 million super-yacht. Most of the GPS exploits are the subject of university researchers, not criminals with a scheme.

If you ask Humphreys, however, we should all at least be aware of the ways in which GPS can be manipulated. It is only a matter of time before GPS spoofing goes from an academic exercise to a real-life problem.

For more information on the dangers of our GPS future, watch Humphreys’ TEDx talk below:

Top image courtesy of Giorgio Ferretto

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
Can you see me now? Samsung reveals monstrous 7-inch Galaxy W phablet
samsung galaxy w phablet

No, it's not your imagination. Phablets are getting bigger every day. Both Samsung and Asus launched 7-inch smartphones on the same day. The Asus Fonepad 7 and the Samsung Galaxy W completely redefine what it means to be a phablet. If you thought the Galaxy Mega was big, you haven't seen anything yet.
The Galaxy W is the exact same size as most small tablets. It has a 7-inch diagonal display with a resolution of 1280 x 720 pixels and a 16:9 aspect ratio. Just like Samsung's Galaxy Note lineup, the W has lots of multitasking features, including multi-window and split screen options, so that you can really take advantage of all that screen real estate.
Even though the Galaxy W's display is just as big as that of the Asus Fonepad 7, it is slightly more slender. The W is just 9.96 centimeters wide, as opposed to the Fonepad 7, which is a full centimeter wider. That may not seem like much, but when you're talking about a  7-inch phablet, every millimeter counts. The Galaxy W is also lighter at 245 grams. Overall, these minor differences in dimension should make the Galaxy W easier to handle.
The Galaxy W is powered by a quad-core 1.2GHz processor and 1.5GB of RAM. Samsung gave the phablet 16GB of storage and an 8-megapixel back camera. To keep the Galaxy W's big display going, Samsung popped a 3,200mAh battery under the hood. The W features LTE-A, ensuring that calls and data use will go lightening fast. Unfortunately, the Galaxy W is only running Android 4.3, instead of 4.4 KitKat or even Tizen. 
Samsung will launch the Galaxy W in South Korea for 499,400 won or $490. It will have the same faux leather back as the Samsung Galaxy Note 3 and come in red, white, and black color options. It's unlikely that the Galaxy W will head to the U.S. any time soon, but phablet fans in Korea will certainly enjoy the novelty.

Read more
Using GPS tracking, researchers can now fingerprint who you are by your movements

Own a cell phone? Tout it around with you no matter where you go? (Except for those dreaded days when you accidentally leave it at the office and feel completely disconnected from the world.) Then, according to a study done at MIT and reported by CNN, you are now the proud owner of a brand new type of fingerprint, so to speak.
The study shows that, since our phones are constantly tracking our whereabouts, regardless of whether or not you’re checking in to Facebook or Foursquare, or tracking your every meal on Foodspotting, if someone really wanted to, they could use this information to figure out who you are. The places we go, when marked down on a map, result in something like a digital a fingerprint.
The study tracked the patterns of 1.5 million different mobile users over the course of 15 months. They pulled hourly reports on each user’s movement, which they were able to track using mobile carriers’ cell phone towers; 95 percent of the time, they were able to determine a person’s identity correctly.
Why hello there, Big Brother.
This information has privacy advocates extremely worried, particularly since one court has already ruled that mobile users don’t have the right to expect privacy; law enforcement has even been known to turn to mobile carriers in order to keep tabs on people.
What’s worse is that, besides law enforcement tracking people, carriers have been opening up anonymous data to various developers. Knowing where an app user is located helps them to serve up ads more accurately, particularly local ads. Now, in light of this new study, that makes things a little scarier. Sure, if we’re going to see ads in our app, best to have ones that may be relevant to what we’re looking for. But no, we don’t want to give up the right to remain completely anonymous.
All they need are four different spots that a user visits on a regular basis, and bam: the user is able to be identified with almost certain accuracy. Visit more than four spots regularly, and that accuracy becomes even more refined.
What do you think? Does this information concern you, or do you think it’s too much effort on the average person’s account to actually worry you?

Read more
Want a phone you can see through? Polytron unveils clear phone prototype

Clear glass phones have been a mainstay of science fiction movies for the last half-decade, from Real Steel to Looper, but Hollywood's dream may be closer than you think. Polytron, a global systems integration firm based in Duluth, GA, has unveiled (via Mobile Geeks) a mostly transparent cell phone. We say mostly transparent because, in the released photos, we could still see a small battery, circuit board, and a memory card. But aside from that, the entire phone is completely transparent.

The prototype is not fully functional yet, but it’s believed that such devices could be ready for the retail market as soon as the year’s end. Of course, with such a novel (and yes, completely unnecessary) concept, there are questions that arise about the functionality. Will video quality on the phone, which has increasingly been getting better and better, begin to suffer? Will the backside of the phone reveal what the user is seeing, resulting in an issue of privacy?
This isn’t the first time the company has come up with innovative uses of glass. While they traditionally have employed glass for use in construction projects, the company has also revealed a nearly transparent USB memory stick, which it says will be available for sale later this year.
While this clear concept is certainly a cool innovation, we’re not sure just how well-received it will be by the general public. And, more importantly, how much devices like this will cost and what they'll be capable of. (We’re guessing they won’t be on the affordable end of the scale.)

Read more