CYBER SECURITY
“A Faraday cage is a mesh enclosure
of conductive materials used to
block electromagnetic fields. ”
2 3
systems’ responses to interference in natural
environments. However, because US federal law prohibits
over-the-air retransmission of GPS signals without
appropriate authority, addressing this problem has been
challenging. Fortunately, SwRI has recently developed a
“legal” technique to spoof a GPS signal to understand the
effects, particularly for automated vehicles that use GPS
for positioning, navigation and timing.
So, what is allowed? In general, the Federal
Communications Commission (FCC) only allows entities to
reradiate GPS signals inside a fully enclosed Faraday cage,
under an experimental license or under a waiver, greatly
limiting research and testing.
In response, SwRI has developed and demonstrated a
mobile GPS spoofing system that allows legal, real-world
evaluations of GPS vulnerabilities. The two-component
system includes a box placed on top of the vehicle’s GPS
antenna and a separate ground station that controls the
attacks remotely. This following example explains an
application with a driverless vehicle, but the technology
can also be applied to aerial drones and other technologies
that rely upon GPS receivers.
The system receives the actual GPS signal from an
on-vehicle antenna, processes it, inserts a spoofed signal
and broadcasts it to the vehicle’s GPS receiver. This gives
the spoofing system full control over the vehicle’s GPS
receiver and allows for real-time manipulation while a
receiver is in motion. The operator can modify the signal
in real time through a remote graphical user interface.
ATTACK MODES
The system offers a full range of attacks to the GPS
systems that thoroughly evaluate vulnerabilities to
automated vehicles. These attack scenarios include
modifying signal speed and timing as well as offsetting
the location data or jamming.
A speed attack intentionally changes the speed
associated with GPS signals, which can have various
AEROSPACETESTINGINTERNATIONAL.COM // SHOWCASE 2020 25
AVIATION HACKING RISKS EXPOSED
Researchers from the USA successfully showed how easy
it is to hack an instrument landing system in a series of
experiments earlier this year
The doctoral students at Northeastern’s Khoury College
of Computer Sciences in Boston, USA, showed that radio
signals from ATC towers can be easily spoofed to direct a
plane to land off target.
Researcher on the program, Harshad Sathaye said, “The
instrument landing system is a very simple analog system. It
can be spoofed.”
Using a relatively inexpensive setup, the researchers
broadcasted a high-powered signal to overshadow the
legitimate one. The instruments on the plane follow the
stronger signal.
A second attack required less power and broadcast a
signal that merges with a portion of the legitimate one,
causing a slight course deviation. They also devised an
algorithm that adjusts their fake signals as the plane
approaches, so the instruments on board continue to show
that the plane is on-target.
“We know the location of the plane, because either
the plane is broadcasting its location or the device itself
is inside the plane,” said Guevara Noubir, a professor
of computer sciences and director of Northeastern’s
cybersecurity graduate program. “The power, the signal,
everything is adjusted as a function of the current location
of the plane.”
The researchers warned that the level of risk rises as the
amount of automation in aircraft increases. “It would be very
difficult for an autopilot to figure out if there’s something
wrong,” Sathaye said. “The autopilot will blindly follow the
instruments. And that’s about it.”
Furthermore, although many techniques exist to encrypt
data, protecting the physical characteristics of a radio
signal is a lot more complicated “That’s the thing about
wireless,” Sathaye added. “Anyone can listen and anyone
can transmit.”
/AEROSPACETESTINGINTERNATIONAL.COM