Earth got A warning shot on January 25, 2016. On that day, Air Force engineers were scheduled to kill off a GPS satellite named SVN-23—the oldest in the navigation constellation. SVN-23 should have just gone to rest in peace. But when engineers took it offline, its disappearance triggered, according to the National Institute of Standards and Technology, a software bug that left the timing of some of the remaining GPS satellites—15 of them—off by 13.7 microseconds.
That’s not a lot to you. If your watch is off by 13.7 microseconds, you’ll make it to your important meeting just fine. But it wasn’t so nice for the first-responders in Arizona, Pennsylvania, Connecticut, and Louisiana, whose GPS devices wouldn’t lock with satellites. Nor for the FAA ground transceivers that got fault reports. Nor the Spanish digital TV networks that had receiver issues. Nor the BBC digital radio listeners, whose British broadcast got disrupted. It caused about 12 hours of problems—none too huge, all annoying. But it was a solid case study for what can happen when GPS messes up.
The 24 satellites that keep GPS services running in the US aren’t especially secure; they’re vulnerable to screw-ups, or attacks of the cyber or corporeal kind. And as more countries get closer to having their own fully functional GPS networks, the threat to our own increases. Plus, GPS satellites don’t just enable location and navigation services: They also give ultra-accurate timing measurements to utility grid operators, stock exchanges, data centers, and cell networks. To mess them up is to mess those up. So private companies and the military are coming to terms with the consequences of a malfunction—and they’re working on backups.
The 2016 event was an accidental glitch with an easily identifiable cause—an oops. Harder to deal with are the gotchas. Jamming and spoofing, on a small scale, are both pretty cheap and easy. You can find YouTube videos of mischievous boys jamming drones, and when Pokemon GO users wanted to stay in their parents’ basements, they sent their own phones fake signals saying they were at the Paris mall. Which means countries, and organized hacking groups definitely can mess with things on a larger scale.
Someone can jam a GPS signal, blocking, say, a ship from receiving information from satellites. Or they can spoof a signal, sending a broadcast that looks like a legit hello from a GPS satellite but is actually a haha from the hacker next-door.
With that kind of threat looming, GPS understudies are getting more attention. Like, for example, other satellites. A company called Satelles is looking to Iridium satellites—you know, the ones that link up to the satellite phone you take with you on Arctic expeditions. The Iridium satellites had a little-used channel that used to ping pagers, but people don’t have those anymore. So Satelles made a deal with Iridium to reprogram the pager channel to beam down a GPS-esque signal.
If it were outfitted to do so, your phone—or your ship or your plane or whatever—could catch that signal. And because it knows when Iridium sent the signal down, and it knows when the signal arrived, it can calculate how far away the satellite was.
Get three Iridiums at once, and your phone calculate its position, similarly to how it does with GPS signals—except these signals were made with modern cryptographic techniques that make them, unlike GPS, basically unspoofable. The company calls it STL: Satellite Timing and Location, and it’s selling it to customers like the US government, banks, data centers, and potentially wireless carriers.
There are 66 Iridium satellites up there, and they’re about 25 times closer to the ground than GPS satellites are, and that proximity means their signals are much stronger when they arrive at Earth. Where a GPS signal might be too weak—like in an old brick apartment building amidst other brick apartment buildings—an Iridium signal does just fine.
There’s gotta be a downside, though, or everyone would have used this for location and timing in the first place. And here it is: “The accuracy is not quite as good as GPS,” says O’Connor. Where GPS gives your spot with about 5 to 10 meters of accuracy, Satelles’ method is only about 20 to 30 meters (the timing accuracy is comparable). “When you’re in an environment where you can receive GPS, GPS is better,” says O’Connor. But if you’ve got no GPS, or GPS has got your spot wrong, or you need to know for sure for sure you’re not being spoofed, Iridium might be the way to go.
Private industry isn’t the only place concerned with GPS’s vulnerabilities. The military is nervous, too. “[GPS] has become a single point of failure,” says Dave Tremper, a program manager at the strategic technology office for Darpa, the military’s advanced research branch. “Up until the early 2000s, there was a variety of other alternatives,” says Tremper. But after GPS came along, “they all went away.”
Now, the Defense Department wants options again. Over in the Army, engineers are developing what is basically a small-scale GPS constellation on the ground. The transmitters, tested at White Sands Missile Range in October 2017, are called “pseudolites”—pseudo + satellites. Their high-power transmissions are harder to jam, and easier to pick up in a dense forest, than the weak GPS signals that have to come from space.
And for the past decade or so, Darpa has also dug into alternatives for “PNT,” an acronym that stands for “position, navigation, and timing.” One of its programs is called Adaptable Navigation Systems, and its technology is already on some ships and Humvees. Instead of building new broadcasters, engineers figured out how to pull position information from signals that already exist. Darpa’s sensors pick up things like television broadcasts, cell tower transmissions, and lightning strikes, and they can pull in imagery. The systems then compare that data to catalogs of reference information—like, perhaps, where a TV station or cell tower is.
To grok how such a system could use images, think about what you could do with Google Street View, says Tremper. If you have a dashcam in your car, the software could compare its view to Google’s catalog, trawling through it in a sophisticated set of reverse image searches. With a smart system, “you could figure out pretty well where you are,” says Tremper.
Good as images may be, no single signal gives a complete location and time. Darpa fuses the TV, cell, and visual (and other) findings into “a collective solution.”
In the process of working on Adaptable Navigation Systems, Darpa researchers also tried to capitalize on the very low-frequency transmissions that drone across the planet. These radio waves can travel tens of thousands of kilometers, so it only takes a few broadcasters to cover the globe.
“There are already very low-frequency transmitters out there at known locations,” says Tremper, “so we don’t necessarily need to create new ones.” A newer Darpa program, called Stoic, is trying to hook into this type of signal to triangulate the location, accounting for how part of the atmosphere shifts in real-time and affects the transmissions.
The agency has at least five other PNT projects running. Because while GPS is great—”a science and technology marvel,” as Tremper says—it can’t be all things to all people all the time, even though it’s currently a lot of things to a lot of people a lot of the time. And that won’t fly forever, as high-power spoofing and jamming and whatever else become more common.
GPS signal, for all its powers, is weak. “It’s easy to disrupt it. It’s easy to interfere with it,” says Tremper. “If you’re dependent on something that’s whispering to you, and somebody else comes over and starts yelling … you’re lost.
*Originally posted on Wired https://www.wired.com/story/spoof-jam-destroy-why-we-need-a-backup-for-gps/
MEET REGULUS CYBER AT MWC 2020 – MOBILE WORLD CONGRESS
Regulus Cyber, is presenting a live GPS hacking and protection demo, at Hall 5, booth E71.
INTERVIEW WITH ROI MIT – REGULUS CYBER
Safety Detective’s Aviva Zacks caught up with Roi Mit, CMO of Regulus, and found out how his...
JANA WAGNER INTERVIEWING ON IAA (GERMAN)
N-TV Startup News visited Regulus Cyber's booth on IAA 2019 to learn more about the importance of...