Want to see this $80 million super yacht sink? With GPS spoofing, now you can!

gps spoofing white rose yaght
The $80 million White Rose of Drachs is a lot of ship. And under the guidance of spoofed GPS, it could be hurtling in the entirely wrong direction.

On Monday, reports revealed some shocking news: A small group located off the south coast of Italy successfully took control of an $80 million super-yacht’s navigation system using a homemade device, and sent the luxury vessel on a potentially disastrous wayward path. The captain had no idea that the boat’s GPS system was lying to him – not a single alarm bell sounded.

Had this been a real cyberattack, the ship and its crew could have suffered dire consequences. Fortunately for everyone onboard, the navigation takeover was the work of University of Texas at Austin researchers, led by assistant professor Dr. Todd Humphreys, who were testing out their ability to broadcast counterfeit GPS signals. And the captain of the ship, called the White Rose of the Drachs, gave the researchers permission to trick his boat’s navigation system. But according to Humphreys, this method of so-called GPS spoofing, could pose a major threat.

GPS spoofers trick a navigation system by feeding it counterfeit signals.

“With 90 percent of the world’s freight moving across the seas and a great deal of the world’s human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing,” said Humphreys in a statement. “I didn’t know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack.”

So, what exactly is GPS spoofing? And, more importantly, should we all be freaking out?

How GPS spoofing works

Ordinary GPS signals, like the ones that guide your smartphone’s mapping apps and location services, come from satellites orbiting the earth. But it’s possible to create a fake GPS signal here on dry land. The U of Texas students built a GPS spoofing device for about $3,000. A pair of students, the “attackers,” then sat aboard the upper deck of the White Rose, where their GPS spoofer emitted a counterfeit signal slightly stronger than the real GPS signal.

Eventually, the yacht’s navigation system deferred to the fake GPS signal, and that’s when the real attack began. The attackers altered their signal just a few degrees to make the yacht’s system “think” that the ship was off course, even though it was right on track. The White Rose’s captain then adjusted course, bring the fake GPS signal back to the original trajectory – meaning the ship’s real direction was off by a few degrees – plenty to cause an accident, or send a ship to an alternate location.

Here’s an animated video by the researchers showing how their experiment worked:

Does GPS spoofing let someone else take control of the vehicle?

No. GPS spoofing simply tells vehicle operators (or, theoretically, smartphone users) a false location. The drivers are the ones who changes course, thinking that they are going the wrong direction when they may be headed exactly right.

Is GPS spoofing the same as GPS jamming?

No – but both are cause for concern. Whereas GPS spoofers trick a navigation system by feeding it counterfeit signals, GPS jammers knock out the navigation system entirely. Jammers can also disrupt mobile phone service, civil aviation systems, and law enforcement and emergency service communications.

According to the Economist, experts suspect that a delivery truck driver trying to avoid his (or her) company’s tracking technology has managed to disrupt the trade records of the London Stock Exchange for 10 minutes every day using a GPS jammer. And in 2009, another truck driver managed to accidentally mess with the navigation systems of New Jersey’s Newark airport as he drove past on a neighboring highway.

Because of their potential to cause serious disruptions, the U.S. Federal Communications Commission outlawed the use of GPS jammers in February 2011 (pdf). It is currently illegal to use, market, manufacture, or sell GPS jammers – but, of course, it is still possible to get one. GPS spoofers would likely fall into the illegal category as well, considering they too are used to intentionally interfere with GPS and other signals, which is against the law.

Have hackers used GPS spoofing for criminal ends?

Maybe. Bob Cockshott of the UK’s ICT Knowledge Transfer Network told Ars Technica last year that “There have been incidents where trucks carrying high value goods have been hijacked, where GPS and cell phones have been blocked.”

It is only a matter of time before GPS spoofing goes from an academic exercise to a real-life problem.

That said, the only evidence we could find of a truck being hijacked using GPS spoofing stems from a 2002 experiment (pdf) performed by researchers at the U.S. Department of Energy’s Argonne National Laboratory. Researchers Jon Warren and Roger Johnston of the Vulnerability Assessment Team (VAT) successfully spoofed a cargo truck’s navigation system from about 30 feet away, for an average period of about two minutes.

The more nefarious known GPS spoofs may have come from foreign governments. In 2011, an Iranian engineer told Christian Science Monitor that the Iranian government had successfully taken down a highly classified U.S. military drone using GPS spoofing, or “electronic ambush,” as he called it. Experts have since refuted the engineer’s claims given that encrypted military GPS systems are much more difficult to interfere with. Last year, however, Humphrey’s team successfully executed the first ever GPS hijacking of a civilian drone.

Is there any way to make GPS more secure for everybody?

One way would be to encrypt civilian GPS in the same way military GPS is encrypted – but that’s not going to happen. It is the open nature of civilian GPS that makes it a viable tool for average people – de-encryption is the reason we have GPS in our cars and phones.

University of Oklahoma researchers found in 2011 (pdf) that there are two possible fixes. One is to increase the signal strength of civilian GPS, which would make it more difficult for a GPS spoofer to trick a navigation system. This, however, would be difficult to implement. A more “practical” fix, say the researchers would be to apply “trivial anti-spoofing algorithms in GPS receivers,” which would at least alert someone to the fact that their GPS had been spoofed.

Governments have also begun to enact countermeasures to protect against spoofing. Thanks to GPS disruptions from North Korea, the South Korean government announced in April plans to launch a network of eLoran (enhanced long-range navigation) towers, which are ground-based and emit much stronger signals. The U.K. also has plans to build an eLoran system – but GPS (or other similar satellite-based systems) aren’t going away soon.

So, what’s the verdict: Stay calm, or freak out?

For now, GPS spoofing is not a major concern for the average person – even if you regularly find yourself inside of an aircraft or on the deck of an $80 million super-yacht. Most of the GPS exploits are the subject of university researchers, not criminals with a scheme.

If you ask Humphreys, however, we should all at least be aware of the ways in which GPS can be manipulated. It is only a matter of time before GPS spoofing goes from an academic exercise to a real-life problem.

For more information on the dangers of our GPS future, watch Humphreys’ TEDx talk below:

Top image courtesy of Giorgio Ferretto

Mobile

5 features I’d like to see in Google’s Pixel 4 smartphone

We’ve had a sneak peek at Google’s forthcoming Pixel 4 smartphone, and it offers few clues about what we’ll get. These are the 5 features I’d like to see Google include to take the Pixel line to the next level.
Deals

The Samsung Galaxy S10 smartphone gets a $100 price cut on Amazon

The Samsung Galaxy S10 sits right in the middle of the phone maker's 2019 lineup. But despite its middle child status, the S10 is a great phone. And we've found a deal on an unlocked version on Amazon that will save you $100 this weekend.
Mobile

Samsung dismisses rumors of a revitalized Galaxy Fold launching in July

The Samsung Galaxy Fold is real, but for how long? Folding out from a 4.6-inch display to a tablet-sized 7.3-inch display, this unique device has six cameras, two batteries, and special software to help you use multiple apps.
Mobile

Huawei's folding phone held back for more tests, will be released in September

The Huawei Mate X is an exciting 5G folding smartphone with stunning looks. The Mate X has three screens, a clever hinge system, and a Leica camera. All the details you need to know are right here.
Android

You can pre-order the Galaxy S10 5G from Sprint starting today

Samsung announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show, as it's the first 5G-ready smartphone to hit the market.
Mobile

These are the best Moto Z4 cases to boost your new phone’s longevity

The Moto Z4 is the newest way to experience Motorola's flagship range. But just because it's cheap, doesn't mean that it's expendable. Make sure your new and beautiful Moto Z4 survives for a long time with one of the best Moto Z4 cases.
Mobile

Pixel 4 gets spotted in real world, showing not even Google can stop the leaks

Rumors abound about the Google Pixel 4, Google's next Pixel phone following the Pixel 3 and Pixel 3a. Getting around the leaks, Google straight-up teased an image of the back of the phone. Here's what you need to know.
Home Theater

Diagnose and fix some common Apple AirPods problems with our handy guide

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.
Deals

Fitbit Versa and Samsung Gear fitness smartwatches get big Amazon price cuts

Some of the best options can get pretty pricey, but with smartwatch discounts on the Fitbit Versa and Samsung Gear Sport, they are really quite affordable right now. You can save up to $125 on a new fitness watch.
Mobile

Huawei’s lock screen ads were a mistake, but may be a sign of things to come

Ads were placed on the lock screen of Huawei device owners yesterday, causing outcry on forums and social media. Huawei initially said it wasn't responsible, but that's no longer the case. Here's what happened.
Mobile

These are the best Pixel 3a XL cases and covers to protect your Google phone

If you want to change up the look or feel of your new Google phone, you want some decent drop protection, or both, then we have you covered with this list of the best Google Pixel 3a XL cases and covers.
Deals

The best Amazon Prime Day 2019 deals: Leaked date and what you need to know

Amazon Prime Day 2019 is still a month away, but it's never too early to start preparing. We've been taking a look at the best discounts from previous Prime Days to give you our predictions of what to expect this year.
Photography

Tapped out? Edit faster with 5 gesture shortcuts in Lightroom CC on mobile

Missing those keyboard shortcuts when photo editing on a smartphone or iPad? Lightroom has a handful of gesture-based controls that can help fill the gaps, if you know where to find them.
Mobile

Learn how to create a 360-degree panorama with your phone and Google Street View

Google Street View encourages you to explore the great outdoors, including landmarks, natural wonders, and even your own neighborhood. Learn how to create 360-degree imagery using your smartphone camera to add locations to Google Maps.