[Salon] The Dangerous Rise of GPS Attacks



By Matt Burgess   Apr 30, 2024   https://www.wired.com/story/the-dangerous-rise-of-gps-attacks/

The Dangerous Rise of GPS Attacks

Thousands of planes and ships are facing GPS jamming and spoofing. Experts warn these attacks could potentially impact critical infrastructure, communication networks, and more.
Video: Cameron Getty; Getty Images

The disruption to GPS services started getting worse on Christmas Day. Planes and ships moving around southern Sweden and Poland lost connectivity as their radio signals were interfered with. Since then, the region around the Baltic Sea—including neighboring Germany, Finland, Estonia, Latvia, and Lithuania—has faced persistent attacks against GPS systems.

Tens of thousands of planes flying in the region have reported problems with their navigation systems in recent months amid widespread jamming attacks, which can make GPS inoperable. As the attacks have grown, Russia has increasingly been blamed, with open source researchers tracking the source to Russian regions such as Kaliningrad. In one instance, signals were disrupted for 47 hours continuously. On Monday, marking one of the most serious incidents yet, airline Finnair canceled its flights to Tartu, Estonia, for a month, after GPS interference forced two of its planes to abort landings at the airport and turn around.

The jamming in the Baltic region, which was first spotted in early 2022, is just the tip of the iceberg. In recent years, there has been a rapid uptick in attacks against GPS signals and wider satellite navigation systems, known as GNSS, including those of Europe, China, and Russia. The attacks can jam signals, essentially forcing them offline, or spoof the signals, making aircraft and ships appear at false locations on maps. Beyond the Baltics, war zone areas around Ukraine and the Middle East have also seen sharp rises in GPS disruptions, including signal blocking meant to disrupt airborne attacks.

Now, governments and telecom and airline safety experts are increasingly sounding the alarm about the disruptions and the potential for major disasters. Foreign ministers in Estonia, Latvia, and Lithuania have all blamed Russia for GPS issues in the Baltics this week and said the threat should be taken seriously.

“It cannot be ruled out that this jamming is a form of hybrid warfare with the aim of creating uncertainty and unrest,” Jimmie Adamsson, the chief of public affairs for the Swedish Navy, tells WIRED. “Of course, there are concerns, mostly for civilian shipping and aviation, that an accident will occur creating an environmental disaster. There is also a risk that ships and aircraft will stop traffic to this area and therefore global trade will be affected.”

“A growing threat situation must be expected in connection with GPS jamming,” Joe Wagner, a spokesperson from Germany’s Federal Office for Information Security, tells WIRED, saying there are technical ways to reduce its impact. Officials in Finland say they have also seen an increase in airline disruptions in and around the country. And a spokesperson for the International Telecommunication Union, a United Nations agency, tells WIRED that the number of jamming and spoofing incidents have “increased significantly” over the past four years, and interfering with radio signals is prohibited under the ITU’s rules.

On the Upswing

Attacks against GPS, and the wider GNSS category, come in two forms. First, GPS jamming looks to overwhelm the radio signals that make up GPS and make the systems unusable. Second, spoofing attacks can replace the original signal with a new location—spoofed ships can, for example, appear on maps as if they’re at inland airports.

Both types of interference are up in frequency. The disruptions—at least at this stage—mostly impact planes flying at high altitudes and ships that can be in open water, not people’s individual phones or other systems that rely on GPS.

Within the Baltic region, 46,000 aircraft showed potential signs of jamming between August 2023 and March this year, according to reports and data from tracking service GPSJam. Benoit Figuet, an academic at the Zurich University of Applied Sciences who also runs a live GPS spoofing map, says there have been an additional 44,000 spoofing incidents logged since the start of this year.

Earlier this month, more than 15,000 planes had their locations spoofed to Beirut Airport, according to data Figuet shared with WIRED. More than 10,000 were spoofed to Cairo Airport, while more than 2,000 had their locations showing in Yaroslavl in Russia, the data shows. Separate analysis from geospatial intelligence company Geollect shared with WIRED shows that on April 16, around 55 ships broadcast their location as being over the main runway at Simferopol International Airport in Crimea, Ukraine. The airport is around 19 miles inland from the Black Sea, where it’s believed the ships were actually located.

“The biggest change in the past six months is definitely the amount of spoofing that’s going on,” says Zach Clements, a graduate research assistant at the University of Texas at Austin. “For the first time, we’re seeing widespread disruptions in civil aviation, especially in the Eastern Mediterranean, the Baltics, and the Middle East. In prior years, there were reports of spoofing impacting marine vessels, but not aviation.”

Clements says there appear to be three spoofers that can be traced back to Russia. One open source intelligence analyst, going by the pseudonym Markus Jonsson, has located jamming in the Baltics, and that which impacted the Finnish airline this week, to Kaliningrad and other Russian locations. One research group has suggested disruption near Poland impacted Russia’s own GNSS system less than others. Russia has a long history of interfering with GPS signals both within its borders and internationally. Russia’s embassy in the UK did not respond to a request for comment.

The disruptions can cause uncertainty and potential safety issues for airline pilots and their passengers. A spokesperson for Eurocontrol, a European aviation organization with more than 40 countries as members, says its analysis shows disruptions are happening in the Eastern Mediterranean, areas around Ukraine and the Black Sea, as well as the Baltic states. During one week in March, 4,387 aircraft reported issues, the Eurocontrol spokesperson says, while for the same week last year, there were 2,646 flights reporting problems.

The Eurocontrol spokesperson says planes can fly safely without GNSS, but interference “puts a higher workload on pilots and air traffic control.” A safety notice issued by the UK’s Civil Aviation Authority this month says loss of GNSS can result in navigation issues, incorrect emergency “terrain” warnings that the plane is low to the ground, and the failure of various other systems.

“I have flown with crew members who were not fully aware of this problem,” one pilot said in a NASA report detailing GPS incidents that was also published this month. Other pilots said they had received “false terrain warnings” that caused them to pull up and that pilots should have a “thorough review of jamming affects on the different aircraft systems” as part of their training.

Jari Pöntinen, a director at Traficom, the Finnish transport and communications agency, says there has been an increase in disruptions both close to and in Finland since the beginning of this year. Pöntinen, who was formerly a pilot, says flight operators need to make sure they have made “comprehensive risk assessments” and to properly train pilots about what to expect if GPS disruptions occur.

Threats Big and Small

The increase in GPS disruptions has partly coincided with Russia’s full-scale war in Ukraine and Israel’s attacks in Gaza. Disrupting GPS as part of electronic warfare has become common on Russia and Ukraine’s battlefields as a way to try to limit the operation of drones. And while Iran launched a barrage of missiles and drones against Israel on April 13, Israeli GPS disruption designed to limit the impact of the attack also impacted mapping and taxi services as well as food delivery.

Kevin Heneka, the founder of cybersecurity company Hensec whose work includes detecting GPS disruptions, says jamming and spoofing technology has become cheaper and smaller over the years, to the extent that individuals can install them in their cars to hide their movements. However, Heneka says, more sophisticated attacks use equipment that can cost huge sums. “In conflict zones, in military terms, and in professional terms, this spoofing is very sophisticated, and it always goes hand in hand with jamming,” he says.

As the number of jamming and spoofing incidents increases, there is a growing concern that the disruption of crucial services could become normalized. Multiple experts worry that the full extent of GPS interference is not known, and systems beyond those of airlines and shipping may be at risk if the disruption becomes more widespread.

“Many do not realize that GNSS is not only used in your mobile phone for navigation, but is also a primary source of time synchronization for vital infrastructure: power grid systems, data centers, automatic train control systems, communication systems—especially 5G—financial services, and any distributed management and control systems,” says Maksim Barodzka, the CEO of GNSS-detection firm GPSPatron. “What's happening with this infrastructure is not widely reported in the public domain.”


Matt Burgess is a senior writer at WIRED focused on information security, privacy, and data regulation in Europe. He graduated from the University of Sheffield with a degree in journalism and now lives in London. Send tips to Matt_Burgess@wired.com.


This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.