Editing Spoofing attack (section)

== Global navigation satellite system spoofing <span class="anchor" id="GPS spoofing"></span><span class="anchor" id="GNSS spoofing"></span>==
A [[global navigation satellite system]] (GNSS) spoofing attack attempts to deceive a GNSS receiver by broadcasting fake GNSS signals, structured to resemble a set of normal GNSS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time.<ref name="coffed14">{{cite news |last1=Coffed |first1=Jeff |title=The Threat of GPS Jamming The Risk to an Information Utility |url=https://rntfnd.org/wp-content/uploads/Exelis-GPS-Vulnerability-Assessment-February2014.pdf |publisher=Exelis |date=February 2014}}</ref> Spoofing attacks are generally harder to detect as adversaries generate counterfeit signals. These spoofed signals are challenging to recognize from legitimate signals, thus confusing ships' calculation of positioning, navigation, and timing (PNT).<ref>Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928</ref> This means that spoofed signals may be modified in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the attacker. One common form of a GNSS spoofing attack, commonly termed a carry-off attack, begins by broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals.<ref name="coffed14">{{cite news |last1=Coffed |first1=Jeff |title=The Threat of GPS Jamming The Risk to an Information Utility |url=https://rntfnd.org/wp-content/uploads/Exelis-GPS-Vulnerability-Assessment-February2014.pdf |publisher=Exelis |date=February 2014}}</ref> 

Even though GNSS is one of the most relied upon navigational systems, it has demonstrated critical vulnerabilities towards spoofing attacks. GNSS satellite signals have been shown to be vulnerable due to the signals’ being relatively weak on Earth’s surface.<ref>Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928</ref>  A reliance on GNSS could result in the loss of life, environmental contamination, navigation accidents, and financial costs.<ref>Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing Cyber Challenges of Maritime Navigation. Journal of Marine Science and Engineering, 8(10), 776-. 
https://doi.org/10.3390/jmse8100776 </ref><ref>Leite Junior, W. C., de Moraes, C. C., de Albuquerque, C. E. P., Machado, R. C. S., & de Sa, A. O. (2021). A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems. Sensors (Basel, Switzerland), 21(9), 3195-. https://doi.org/10.3390/s21093195</ref><ref>Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928</ref> However, since 80% of global trade is moved through shipping companies, relying upon GNSS systems for navigation remains unavoidable.<ref>{{cite conference  <!-- Citation bot no --> |last1=Amro |first1=Ahmed |last2=Gkioulos |first2=Vasileios |chapter=From Click to Sink: Utilizing AIS for Command and Control in Maritime Cyber Attacks |title=Computer Security – ESORICS 2022, Proceedings part 3 | conference= 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022 |series=Lecture Notes in Computer Science |date=2022 |volume=13556 |pages=535–553 |doi=10.1007/978-3-031-17143-7_26 |hdl=11250/3049159 |isbn=978-3-031-17142-0 |editor1=Vijayalakshmi Atluri | editor2=Roberto Di Pietro | editor3=Christian D. Jensen | editor4= Meng Weizhi }}</ref><ref>{{cite journal |last1=Leite Junior |first1=Walmor Cristino |last2=de Moraes |first2=Claudio Coreixas |last3=de Albuquerque |first3=Carlos E. P. |last4=Machado |first4=Raphael Carlos Santos |last5=de Sá |first5=Alan Oliveira |title=A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems |journal=Sensors |date=4 May 2021 |volume=21 |issue=9 |pages=3195 |doi=10.3390/s21093195 |doi-access=free |pmid=34064505 |pmc=8124306 |bibcode=2021Senso..21.3195L }}</ref>

[[File:Figure 2 Potential results of a GPS spoofing attack on a naval vessel (51169854742).jpg|thumb|Potential use of GPS spoofing against a naval vessel]]

All GNSS systems, such as the US GPS, Russia's [[GLONASS]], China's [[BeiDou]], and Europe's [[Galileo (satellite navigation)|Galileo]] constellation, are vulnerable to this technique.<ref name=mbgps/> In order to mitigate some of the vulnerabilities the GNSS systems face concerning spoofing attacks, the use of more than one navigational system at once is recommended.<ref>{{cite journal |last1=Androjna |first1=Andrej |last2=Brcko |first2=Tanja |last3=Pavic |first3=Ivica |last4=Greidanus |first4=Harm |title=Assessing Cyber Challenges of Maritime Navigation |journal=Journal of Marine Science and Engineering |date=3 October 2020 |volume=8 |issue=10 |pages=776 |doi=10.3390/jmse8100776 |doi-access=free }}</ref>

The December 2011 [[Iran-US RQ-170 incident|capture of a Lockheed RQ-170 Sentinel]] drone aircraft in northeastern [[Iran]] may have been the result of such an attack.<ref name=gpssp11>{{cite news|url=http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer |title=Exclusive: Iran hijacked US drone, says Iranian engineer|author1=Scott Peterson |author2=Payam Faramarzi|date=December 15, 2011|newspaper=Christian Science Monitor}}</ref> GNSS spoofing attacks had been predicted and discussed in the GNSS community as early as 2003.<ref name=block>{{cite web |url=http://www.blockyourid.com/~gbpprorg/mil/gps4/Wen_Spoof.pdf |title=Countermeasures for GPS signal spoofing |last1=Wen |first1=Hengqing |last2=Huang |first2=Peter |last3=Dyer |first3=John |last4=Archinal |first4=Andy |last5=Fagan |first5=John |year=2004 |publisher=University of Oklahoma |url-status=dead |archive-url=https://web.archive.org/web/20120315092132/http://www.blockyourid.com/~gbpprorg/mil/gps4/Wen_Spoof.pdf |archive-date=15 March 2012 }}</ref><ref name=humphreys08>{{cite journal |last1= Humphreys|first1=T.E. |last2=Ledvina |first2=B. M. |last3=Psiaki |first3=M. |last4=O'Hanlon |first4=B. W. |last5=Kintner |first5=P.M. |year=2008 |title=Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer |journal=Ion GNSS |url= http://web.mae.cornell.edu/psiaki/humphreys_etal_iongnss2008.pdf|access-date=16 December 2011 }}</ref><ref name=warner03>{{cite journal|url=http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html|title=GPS Spoofing Countermeasures|author1=Jon S. Warner|author2=Roger G. Johnston|date=December 2003|journal=Los Alamos Research Paper |volume=LAUR-03-6163 |access-date=16 December 2011|archive-url=https://web.archive.org/web/20120207185107/http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html|archive-date=7 February 2012|publisher=homelandsecurity.org}}</ref> A "proof-of-concept" attack was successfully performed in June 2013, when the luxury yacht ''White Rose of Drachs'' was misdirected with spoofed [[GPS]] signals by a group of aerospace engineering students from the Cockrell School of Engineering at the [[University of Texas in Austin]]. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht.<ref name=shijack>{{cite news |url= http://www.scmagazine.com.au/News/351659,students-hijack-luxury-yacht-with-gps-spoofing.aspx |title= Students Hijack Luxury Yacht |newspaper= Secure Business Intelligence Magazine}}</ref><ref>{{cite news|title=UT Austin Researchers Successfully Spoof an $80 million Yacht at Sea|url=http://www.utexas.edu/news/2013/07/29/ut-austin-researchers-successfully-spoof-an-80-million-yacht-at-sea/|newspaper=Ut News|date=29 July 2013|access-date=5 February 2015 |last1=Leahy |first1=Cory }}</ref><ref name="NRK">{{cite news |url=https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/ |publisher=[[Norwegian Broadcasting Corporation]] |title=GPS freaking out? Maybe you're too close to Putin |first=Henrik |last=Lied |date=September 18, 2017 |archive-url=https://web.archive.org/web/20170925202637/https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/ |archive-date=September 25, 2017}}</ref>

In 2019, the British oil tanker ''Stena Impero'' was the target of a spoofing attack that directed the ship into Iranian waters where it was seized by Iranian forces. Consequently, the vessel including its crew and cargo were used as pawns in a geopolitical conflict. Several shipping companies with vessels navigating around Iranian waters are instructing vessels to transit dangerous areas with high speed and during daylight.<ref>Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing Cyber Challenges of Maritime Navigation. Journal of Marine Science and Engineering, 8(10), 776-. 
https://doi.org/10.3390/jmse8100776</ref>

On October 15, 2023, [[Israel Defense Forces]] (IDF) announced that GPS had been “restricted in active combat zones in accordance with various operational needs,” but has not publicly commented on more advanced interference. In April 2024, however, researchers at [[University of Texas at Austin]] detected false signals and traced their origin to a particular air base in Israel run by the IDF.<ref>{{cite news |last1=Arraf |first1=Jane |title=Israel fakes GPS locations to deter attacks, but it also throws off planes and ships |url=https://www.npr.org/2024/04/22/1245847903/israel-gps-spoofing |access-date=2 June 2024 |work=[[NPR]] |date=April 22, 2024}}</ref>

===Russian GPS spoofing===
{{also|Krasukha#Operational_history|Borisoglebsk-2|Automatic Dependent Surveillance–Broadcast}}
In June 2017, approximately twenty ships in the [[Black Sea]] complained of GPS anomalies, showing vessels to be transpositioned miles from their actual location, in what Professor Todd Humphreys believed was most likely a spoofing attack.<ref name="NRK"/><ref>{{cite news |url=http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea |publisher=The Maritime Executive |title=Mass GPS Spoofing Attack in Black Sea? |first=Dana A. |last=Goward |date=July 11, 2017 |quote=An apparent mass and blatant, GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads.}}</ref> GPS anomalies around [[Putin's Palace]] and the [[Moscow Kremlin]], demonstrated in 2017 by a Norwegian journalist on air, have led researchers to believe that Russian authorities use GPS spoofing wherever [[Vladimir Putin]] is located.<ref name="NRK"/><ref>{{cite news |url=https://www.youtube.com/watch?v=dfLE_nXh7jY |publisher=[[YouTube]] |author=Norwegian Broadcasting Corporation |author-link=Norwegian Broadcasting Corporation |title=Moscow correspondent Morten Jentoft shows GPS trouble near Kremlin |access-date=September 25, 2017 |date=September 14, 2017}}</ref>

The mobile systems named [[Borisoglebsk-2]], [[Krasukha]] and [[Zhitel]] are reported to be able to spoof GPS.<ref name="sce">{{cite news |last1=Cranny-Evans |first1=Samuel |title=Russia trials new EW tactics |url=https://www.janes.com/defence-news/news-detail/russia-trials-new-ew-tactics |publisher=Janes.com |date=14 June 2019}}</ref>

Incidents involving Russian GPS spoofing include during a November 2018 NATO exercise in Finland that led to ship collision (unconfirmed by authorities).<ref name=bbcfin>{{cite news|url=https://www.bbc.com/news/world-europe-46178940|title=Russia suspected of jamming GPS signal in Finland|last=|work=BBC News|date=12 November 2018|access-date=28 December 2019|via=BBC}}</ref> and a 2019 incident of spoofing from Syria by the Russian military that affected the civil airport in [[Tel Aviv]].<ref>{{cite web|url=https://www.timesofisrael.com/disruption-of-gps-systems-at-ben-gurion-airport-resolved-after-2-months/|title=Disruption of GPS systems at Ben Gurion Airport resolved after 2 months|last=Times Of Israel|date=5 August 2019|access-date=29 December 2019|via=Times of Israel}}</ref><ref name="jp19">{{cite news |last1=JOFFRE |first1=TZVI |last2=BOB |first2=YONAH JEREMY |title=MI6 fears Iran used Russian GPS tech to send UK tanker off course - report |url=https://www.jpost.com/middle-east/mi6-fears-iran-used-russian-gps-tech-to-send-uk-tanker-off-course-report-596535 |publisher=The Jerusalem Post |date=23 July 2019}}</ref>

In December of 2022 significant GPS interference in several Russian cities was reported by the [[GPSJam]] service; the interference was attributed to defensive measures taken by Russian authorities in the wake of the invasion of Ukraine.<ref name=mbgps>{{Cite magazine |last=Burgess |first=Matt |title=GPS Signals Are Being Disrupted in Russian Cities |language=en-US |magazine=Wired |url=https://www.wired.com/story/gps-jamming-interference-russia-ukraine/ |date=15 December 2022 |issn=1059-1028}}</ref>

===GPS spoofing with SDR===
Since the advent of [[software-defined radio]] (SDR), GPS simulator applications have been made available to the general public. This has made GPS spoofing much more accessible, meaning it can be performed at limited expense and with a modicum of technical knowledge.<ref name=defcon25>{{cite web|url=https://www.youtube.com/watch?v=isiuTNh5P34|title=DEF CON 25 - David Robinson - Using GPS Spoofing to control time|last=DEFCONConference|date=27 October 2017|access-date=7 April 2018|via=YouTube}}</ref> Whether this technology applies to other GNSS systems remains to be demonstrated.

===Preventing GNSS spoofing===
The Department of Homeland Security, in collaboration with the National Cybersecurity and Communications Integration Center ([[NCCIC]]) and the National Coordinating Center for Communications ([[National Cybersecurity and Communications Integration Center|NCC]]), released a paper which lists methods to prevent this type of spoofing. Some of the most important and most recommended to use are:<ref>The Department of Homeland Security. [https://icscert.uscert.gov/sites/default/files/documents/Improving_the_Operation_and_Development_of_Global_Positioning_System_(GPS)_Equipment_Used_by_Critical_Infrastructure_S508C.pdf "Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure"]. Retrieved November 12, 2017.</ref>
#Obscure [[Antenna (radio)|antennas]]. Install antennas where they are not visible from publicly accessible locations or obscure their exact locations by introducing impediments to hide the antennas.
#Add a sensor/blocker. Sensors can detect characteristics of interference, [[Radio jamming|jamming]], and spoofing signals, provide local indication of an attack or anomalous condition, communicate alerts to a remote monitoring site, and collect and report data to be analyzed for forensic purposes.<ref>{{cite web |title=Novel Timing Antennas for Improved GNSS Resilience |first1=Erik |last1=Lundberg |first2=Ian |last2=McMichael |date=2018 | publisher=Mitre Corporation |url=https://www.mitre.org/sites/default/files/publications/pr18-0336-novel-timing-antennas-for-improved-gnss-resilience.pdf}}</ref>
#Extend data spoofing whitelists to sensors. Existing data spoofing whitelists have been and are being implemented in government reference software, and should also be implemented in sensors.
#Use more GNSS signal types. Modernized civil GPS signals are more robust than the L1 signal and should be leveraged for increased resistance to interference, jamming, and spoofing.
#Reduce latency in recognition and reporting of interference, jamming, and spoofing. If a receiver is misled by an attack before the attack is recognized and reported, then backup devices may be corrupted by the receiver before hand-over.
These installation and operation strategies and development opportunities can significantly enhance the ability of GPS receivers and associated equipment to defend against a range of interference, jamming, and spoofing attacks.
A system and receiver agnostic detection software offers applicability as cross-industry solution. Software implementation can be performed in different places within the system, depending on where the GNSS data is being used, for example as part of the device's firmware, operating system, or on the application level.{{cn|date=December 2021}}

A method proposed by researchers from the Department of Electrical and Computer Engineering at the [[University of Maryland, College Park]] and the School of Optical and Electronic Information at Huazhong University of Science and Technology that aims to help mitigate the effects of GNSS spoofing attacks by using data from a vehicles controller area network (CAN) bus. The information would be compared to that of received GNSS data and compared in order to detect the occurrence of a spoofing attack and to reconstruct the driving path of the vehicle using that collected data. Properties such as the vehicles speed and steering angle would be amalgamated and regression modeled in order to achieve a minimum error in position of 6.25 meters.<ref>Wang, Qian & Lu, Zhaojun & Qu, Gang. (2018). Edge Computing based GPS Spoofing Detection Methods. 10.1109/ICDSP.2018.8631600.</ref> Similarly, a method outlined by researchers in a 2016 [[Institute of Electrical and Electronics Engineers|IEEE]] Intelligent Vehicles Symposium conference paper discuss the idea of using cooperative adaptive cruise control (CACC) and vehicle to vehicle (V2V) communications in order to achieve a similar goal. In this method, the communication abilities of both cars and radar measurements are used to compare against the supplied GNSS position of both cars to determine the distance between the two cars which is then compared to the radar measurements and checked to make sure they match. If the two lengths match within a threshold value, then no spoofing has occurred, but above this threshold, the user is notified so that s/he can take action.<ref name=carson16>{{cite conference |author1= Carson, N. |author2= Martin, S. |author3= Starling, J. |author4= Bevly, D. |date=2016 |title=GPS spoofing detection and mitigation using Cooperative Adaptive Cruise Control system |conference=2016 IEEE Intelligent Vehicles Symposium (IV), 2016- |pages=1091–1096 |doi=10.1109/IVS.2016.7535525}}</ref>