Drawing Circles – The Mysterious Satellite Signal Hacking Affecting The World

GPS spoofing performed by governments and countries as a form of electronic warfare attack and defense is well known for dozen of years – For example, in Russia spoofing was allegedly used on a large scale to protect president Putin’s whereabouts [GS1], Iran allegedly spoofed a UK ship navigation system forcing it to sail into its own territorial waters and seized it [GS2], and numerous reports regarding GPS interferences occurring in major Chinese ports [GS3]. In one case, a cargo ship crashed into riverbank after colliding with another boat, but no official sources confirmed the ongoing spoofing was the reason for the collision, so it might be a coincidence [GS4].

These attacks are becoming so common, that the subject of GNSS security was designated as a national cyber threat by many countries around the globe, one example is Trump’s executive order on the resilience of GPS used by the US [GS5] .

 

So far, one common feature to most spoofing attacks was the use of one single point as the fake location destination, but a research done by C4ADS (the Center for Advanced Defense Studies, a US nonprofit) learned that a new, more sophisticated technology of spoofing was used in China in the last couple of years, nicknamed “Spoofing Circles”.

 

First seen in the Shanghai port, spoofing circles are a spoofing technique that results in a spoof that causes the GPS device to show as if it’s moving in a circle, counterclockwise ring form. Unlike the single location spoofing that we have seen before. Based on assumptions, the spoofing device itself is located at the center of the circle.

 

From a technical point of view, little is known about the new spoofing technique, but it is safe to assume that this kind of spoofing is rapidly growing in occurences. Another unanswered question is the identity and motive of the attacker, the popular assumption is the Chinese government and its experiments on GPS systems. Not long after C4ADS’ research, another spoofing circle attack was recognized for the first time in the Middle East, in Iran.

 

One of the reasons spoofing circles are so dangerous is the fact the attack is mimicking movement, resulting in dangerous input that can affect the entire system. Unlike Jamming that can be easily noticed as a disruption in service, mass-spoofing situations, affects an entire area and multiple devices, acting upon the false movement information.

 

There is a lot to uncover in the case of the growing spoofing circles phenomena, and this discovery along with other GPS hacking attacks will require governments to allocate more resources on cybersecurity of satellite-based navigation and timing.

[GS1] https://www.wired.co.uk/article/russia-gps-spoofing

 

[GS2] https://lloydslist.maritimeintelligence.informa.com/LL1128820/Seized-UK-tanker-likely-spoofed-by-Iran

 

[GS3] https://www.maritime-executive.com/editorials/gps-jamming-and-spoofing-at-port-of-shanghai

 

[GS4] https://www.dailymotion.com/video/x7aex4h

 

[GS5] https://www.whitehouse.gov/presidential-actions/executive-order-strengthening-national-resilience-responsible-use-positioning-navigation-timing-services/ 

https://www.c4isrnet.com/battlefield-tech/space/2020/02/13/trump-wants-the-us-to-be-less-reliant-on-gps-with-new-executive-order/