GPS Spoofers Hack Time On Commercial Airlines

LAS VEGAS, Aug 10 (Reuters) – A recent surge in GPS “spoofing”, a form of digital attack which can send commercial airliners off course, has entered an intriguing new dimension, according to cybersecurity researchers: The ability to hack time.
There has been a 400% surge in GPS spoofing, opens new tab incidents affecting commercial airliners in recent months, according to aviation advisory body OPSGROUP. Many of those incidents involve illicit ground-based GPS systems, particularly around conflict zones, that broadcast incorrect positions to the surrounding airspace in a bid to confuse incoming drones or missiles.

“We think too much about GPS being a source of position, but it’s actually a source of time,” Ken Munro, founder of Pen Test Partners, a British cybersecurity firm, said during a presentation at the DEF CON hacking convention in Las Vegas on Saturday.

“We’re starting to see reports of the clocks on board airplanes during spoofing events start to do weird things.”

In an interview with Reuters, Munro cited a recent incident in which an aircraft operated by a major Western airline had its onboard clocks suddenly sent forward by years, causing the plane to lose access to its digitally-encrypted communication systems.

The plane was grounded for weeks while engineers manually reset its onboard systems, said Munro. He declined to identify the airline or aircraft in question.

In April, Finnair (FIA1S.HE), opens new tab temporarily paused flights to the eastern Estonian city of Tartu due to GPS spoofing which Tallin blamed on neighboring Russia.

GPS, short for Global Positioning System, has largely replaced expensive ground devices that transmit radio beams to guide planes towards landing. However, it is also fairly easy to block or distort GPS signals using relatively cheap and easy to obtain parts, and limited technological knowledge.

“Is it going to make a plane crash? No, it’s not,” Munro told Reuters.

“What it does is it just creates a little confusion. And you run the risk of starting what we call a cascade of events, where something minor happens, something else minor happens, and then something serious happens.”

Sign up here.

Reporting by James Pearson; Editing by Daniel Wallis

Our Standards: The Thomson Reuters Trust Principles., opens new tab

Purchase Licensing Rights

Reports on hacks, leaks and digital espionage in Europe. Ten years at Reuters with previous postings in Hanoi as Bureau Chief and Seoul as Korea Correspondent. Author of ‘North Korea Confidential’, a book about daily life in North Korea.

READ MORE HERE