Language

Grounded flights, lost drones and ‘crop circles’: the year in GNSS vulnerabilities

In 2019 we saw massive worldwide disruption from GNSS jamming, spoofing and other vulnerabilities. Here’s a recap of the year’s most significant events.

If anyone still doubts the seriousness of the risks presented by GPS and GNSS vulnerabilities, the events of 2019 should put those doubts to rest.

 

I’ve spent most of my career identifying threats to GNSS-dependent systems, and I can categorically say I’ve never seen issues on the kind of scale we’ve seen this year.

 

Across the world we’ve seen flights grounded, shipping disrupted, drones lost, weather balloons downed, and vehicles of all kinds mysteriously lose their bearings. The causes range from state-sponsored electronic warfare and organised criminal activity to technical issues with the satellite systems and the receivers that rely on their signals.

 

Here’s a look back at some of the most significant events of 2019.

GPS week rollover disrupts flights, traffic lights, weather balloons, and more

At midnight on April 6th, the Global Positioning System rolled into its third epoch of existence. This entirely planned and predictable event nonetheless spelled trouble for many users of older GPS receivers.

 

The issue was with the way receivers interpret the week number element of the GPS time signal. To conserve bandwidth, the week number is encoded in a 10-bit format that resets to zero after 1,024 weeks (or one GPS epoch). Many receivers that hadn’t been patched to cope with this issue started to behave erratically as the rollover took effect, breaking the systems that rely on the data they output.

 

As I wrote at the time, systems affected on the 6th April included New York’s traffic lights, the weather balloons of the Australian Bureau of Meteorology and the tsunami warning buoys of the National Data Buoy Center.

 

But the GPS week rollover is actually an ongoing issue, because many receivers count the 1,024 weeks from the date their firmware was compiled, rather than from the start of the GPS epoch. So we’re still seeing new problems crop up – likely including this widespread grounding of flights in June, which the FAA attributed to a ‘GPS issue’ in one manufacturer’s avionics equipment.

GPS week rollover disrupts flights, traffic lights, weather balloons, and more

At midnight on April 6th, the Global Positioning System rolled into its third epoch of existence. This entirely planned and predictable event nonetheless spelled trouble for many users of older GPS receivers.

 

The issue was with the way receivers interpret the week number element of the GPS time signal. To conserve bandwidth, the week number is encoded in a 10-bit format that resets to zero after 1,024 weeks (or one GPS epoch). Many receivers that hadn’t been patched to cope with this issue started to behave erratically as the rollover took effect, breaking the systems that rely on the data they output.

 

As I wrote at the time, systems affected on the 6th April included New York’s traffic lights, the weather balloons of the Australian Bureau of Meteorology and the tsunami warning buoys of the National Data Buoy Center.

 

But the GPS week rollover is actually an ongoing issue, because many receivers count the 1,024 weeks from the date their firmware was compiled, rather than from the start of the GPS epoch. So we’re still seeing new problems crop up – likely including this widespread grounding of flights in June, which the FAA attributed to a ‘GPS issue’ in one manufacturer’s avionics equipment.

Galileo goes down for a week – an unprecedented outage for a GNSS constellation

As if the GPS week rollover wasn’t enough, in July Europe’s Galileo system experienced a jaw-dropping week-long outage, during which it was unavailable for positioning, navigation or timing services.

 

The facts behind this huge and unprecedented GNSS system failure are only slowly coming to light, but one thing is certain: the world had a lucky escape. Today, almost all Galileo receivers also use GPS and sometimes other positioning systems, so they continued to work in Galileo’s absence. Most users wouldn’t have noticed anything amiss – although they may unknowingly have lost a certain amount of location accuracy and protection against interference.

 

But it does raise serious questions about what might happen in the event of a major outage of a system that single-constellation receivers rely on. As I wrote in July, it’s a wake-up call for GNSS users and developers to model the impact of a major outage and put backup measures in place.

State-sponsored GPS jamming and spoofing reach record levels

GPS signal jamming has long been a favoured method of electronic warfare (EW) by nation states, aimed at disrupting the enemy’s ability to navigate in geopolitically sensitive areas.

 

But 2019 saw unprecedented levels of jamming across huge geographical areas – particularly the Arctic Circle and the Middle East – with commercial shipping, aviation and emergency services all reporting significant disruption due to loss of GPS reception.

 

There are also signs that EW methods have advanced to include spoofing, in which fake GNSS signals are broadcast from a transmitter on the ground with the aim of throwing vehicles – notably drones – off course. Disruption reported in Russia since 2016 and in Libya this November suggests the use of powerful spoofing devices to capture drones or prevent drone attacks.

Drone threats increase, creating a dilemma for drone manufacturers

Methods for dealing with drones are becoming a concern in the civilian world, too. Last December, Gatwick was brought to a standstill when a rogue drone was spotted near the airport. In February, six drones were confiscated in Atlanta after breaking no-fly rules at the American Superbowl, and in August, a group of climate activists threatened to carry out drone incursions at Heathrow.

 

The problem creates a dilemma that will become acute in the next few years. Manufacturers want to protect their drones against jamming and spoofing, to ensure they work as intended in the presence of RF interference. At the same time, governments want to be able to safely disable any drone that’s used as an offensive weapon – and RF interference is one of the most effective ways of doing that.

 

In short, the more robust its inbuilt protection against jamming and spoofing, the harder a rogue drone will be to disable. As I wrote in September, I wouldn’t be surprised to see governments asking manufacturers to build ‘back doors’ into their drones’ navigation systems – and the reaction to that request will be interesting to see.

ICAO flags GNSS interference as an ‘urgent safety priority’

As commercial activity becomes more reliant on GNSS and the threats to GNSS increase, more organisations are starting to see signal interference as a critical risk – not just to business continuity, but to safety of life.

 

In October, the International Civil Aviation Organization (ICAO) for the first time identified GNSS disruption as an ‘urgent safety priority’, responding to concerns raised by a host of national and regional aviation bodies.

 

A horrifying near-miss incident at Friedman Memorial Airport in Hailey, Idaho, was one of the catalysts for ICAO’s action. A write-up of the incident in NASA’s June Callback newsletter notes that there was ‘widespread jamming’ and ‘an abundance of smoke’ in the area as ‘Aircraft X’ approached the airport. The pilot had reported a GPS outage prior to its descent, but said the problems had cleared up, so the local controller cleared the aircraft for a GPS-based approach.

 

Shortly thereafter, a controller some 250 miles away in Salt Lake City happened to notice that Aircraft X was straying off course. What’s more, the plane was at 10,700 feet altitude and nearing a 10,900 feet mountain.

 

Thinking quickly, the controller contacted the local control tower in Hailey, which directed the aircraft back onto a safe flight path. The report concludes that “Had [the Radar Controller] not noticed, […] the flight crew and the passengers would be dead, I have no doubt”.

 

This was an isolated incident, but data shows that GNSS interference poses a rapidly-growing threat to aviation. The chart below shows the number of instances of interference reported to NASA’s Aviation Safety Reporting System every year since 1997. Bearing in mind the 60-day lag between an incident being reported and it being published, the 2019 data is significant indeed:

Mysterious spoofing events #1: Back to the future at the Geneva Motor Show

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.Something I’ve seen time and again in my work with Spirent is that the impact of RF interference on receivers can be surprising and unpredictable. When the source of the interference is unknown and only its effects can be observed, some incidents can look extremely weird.


Two such ‘weird incidents’ stand out for me this year. The first was at the Geneva Motor Show in March, and affected the in-vehicle navigation systems of several vehicles on the exhibition floor, including models from Audi, Peugeot, Rolls-Royce and BMW.


According to the automotive blog Jalopnik, the vehicles’ navigation systems all suddenly started displaying the year as 2036, and their location as Buckingham, England. In some cases, even manual attempts to reset the date and location failed.


Perhaps a GPS signal simulator may have been to blame – as I saw happen in 2017 at the ION GNSS+ show in Portland – but we are lacking a great deal of information as to what actually happened, and to my knowledge the mystery has never been cleared up

Mysterious spoofing incidents #2: Crop circles and sand thieves in Shanghai

The second incident is an ongoing mystery that has even the world’s foremost GNSS vulnerabilities experts scratching their heads.

 

For a few months now, commercial ships on the Huangpu River in Shanghai have been intermittently broadcasting inaccurate data about their location and movements. Some ships DRONES

 

appear to traverse the river very quickly from side to side, while others have been creating elegant ‘crop circles’ of position data that bear no resemblance to the ships’ actual locations.

 

A November report in MIT Technology Review says the prevailing theory is that the ships’ GPS-based navigation systems are being spoofed by sand thieves; criminals trying to mask their own vessel’s location in order to illegally dredge highly valuable sand from the riverbed.

 

But this would mean Shanghai’s sand thieves have access to spoofing technology that’s more sophisticated than any I’ve ever seen. Even Professor Todd Humphreys of the University of Texas at Austin, a leading expert on GPS spoofing, is at a loss, saying the effects “look like magic”.

 

If you’d like to try solving the mystery, Dr Ramsey Faragher of Focal Point Positioning notes that you can track the ‘crop circles’ forming in real time here on the Marine Traffic website. Do leave a comment if something occurs to you.

A prediction for 2020: integrity will become more important than pure GNSS performance

As GNSS signals are used in ever more applications, the last few years have seen the pursuit of accuracy and precision above all else. Multi-sensor positioning systems and precision timing receivers have made sub-centimetre positioning and nanosecond-level timing a reality – fuelling advances in autonomous vehicles, smart infrastructure and next-generation mobile networks.

 

Given the scale of GNSS interference, what’s going to matter now is ensuring the integrity of the signals reaching the receiver, and of the data output by the receiver. My prediction for 2020 is that integrity will become even more important to users than the fundamental measures of GNSS receiver performance. Without it, systems and devices of all kinds will continue to be compromised by escalating levels of interference that show no sign of stopping.

Stay up to date with GNSS vulnerabilities

Threats to GPS/GNSS are evolving all the time. To stay up to date with the latest news, events and incidents, join the growing community in the GNSS Vulnerabilities LinkedIn Group.