FacebookTwitterLinkedIn

GPS Spoofers "Hack Time"

Karolis Liucveikis Written by on

A recent article published by Reuters shows a marked increase in GPS Spoofing attacks targeting airlines. GPS spoofing is a malicious attack in which Global Positioning System (GPS) data is manipulated to mislead a GPS receiver about its actual location.

This could cause significant disruptions, as it can misdirect navigation systems, mislead delivery vehicles, or even trick smartphone apps. The attack methodology also tricks commercial airplanes into their exact location.

GPS Spoofers Hack Time

Now, GPS spoofing has evolved to "hack time." According to aviation advisory body OPSGROUP, they have recorded a 400% increase in GPS spoofing attacks, impacting flight safety.

Many of those incidents involve illicit ground-based GPS systems. This is particularly true around conflict zones that broadcast incorrect positions to the surrounding airspace to confuse incoming drones or missiles.

OPSGROUP noted,

The number of flights affected has risen from an average of 200 daily in the period January-March, to around 900 daily for the second quarter of 2024. On some days, as many as 1350 flights have encountered spoofing. Flight crews also report that the intensity of the spoofing is increasing.

These attacks are also starting to do odd things to onboard flight navigation systems. Speaking to Reuters, Ken Munro, founder of Pen Test Partners, a British cybersecurity firm, said,

We think too much about GPS being a source of position, but it's actually a source of time…We're starting to see reports of the clocks on board airplanes during spoofing events start to do weird things.

In some instances where attacks have "hacked time," so to speak, an aircraft operated by a major Western airline had its onboard clocks suddenly sent forward by years, causing the plane to lose access to its digitally encrypted communication systems.

While the airline was not named, it was revealed that the plane was grounded for weeks while engineers manually reset its onboard systems.

In another incident, Finnair suspended flights to eastern parts of Estonia following GPS interference. The Estonian government blamed Russia for this. Finnair pilots have reported interference, especially near Russia's Kaliningrad exclave on the Baltic Sea coast, the Black Sea, the Caspian Sea, and the Eastern Mediterranean since 2022.

German authorities also reported a series of disturbances affecting navigation in the Baltic region. The German Defense Ministry pointed to Kaliningrad as their source, though it declined to give any details, citing reasons of military security.

Safety Concerns

OPSGROUP's report noted a series of safety concerns that resulted from the increased frequency of these attacks. For flight crews, there appear to be knock-on safety concerns, with the security firm stating that the primary risk from a GPS spoof was navigational in nature.

Autopilots began turning aircraft unexpectedly, aircraft positions became uncertain, and access to certain measurements was sometimes lost. This problem could be remedied with assistance from air traffic controllers. However, with the threat evolving, more safety concerns have arisen.

Regarding increased safety concerns, it was said,

The list is long. GPS is interwoven into many, if not most, aircraft systems these days. The EGPWS – our trusted friend to keep us away from terrain – is suffering heavily, and is becoming unreliable. False alerts – sometimes hours after the spoofing event – are now routine, and as a result, many are inhibiting the system. Crews are losing trust in what was until now an exceptionally reliable and critical device to eliminate CFIT accidents…Go-arounds directly caused by GPS spoofing effects are also being seen more regularly. False EGPWS alerts are the primary culprit, but in some cases, the indicated wind on the Navigation Display is false and leads to confusion. In others, autopilot behavior and unusual glideslope/localizer indications are causing missed approaches. Any go-around immediately increases crew workload and reduces the safety margin.

GPS spoofing attacks impact several other onboard systems, as navigation is interwoven into many onboard flight systems. GPS spoofing has also been seen to impact transponders aboard aircraft. Seeing the aircraft clock run backward has now become a common occurrence.

GPS spoofing also impacts air traffic control in that Oceanic flights and those in remote regions require increased onboard responsibility for navigation accuracy; life has thus become more challenging.

In one instance, due to the increased workload placed on air traffic controllers, it became harder to separate aircraft, and this has caused occasional diversions in Iceland. Experts believe it is only a matter of time before GPS spoofing directly causes an accident, placing lives at risk.

A workgroup has been established to prevent GPS spoofing from resulting in such an accident. At the time of writing, 450 participants have registered to participate in the Workgroup, including representatives of industry organizations IFALPA, IFATCA, OPSGROUP, IBAC, EBAA, ECA, and BALPA.

Airlines and Operators represented include Aer Lingus, Air Atlanta, Alaska Airlines, Cathay, Cargolux, Singapore Airlines, Turkish Airlines, United Airlines, Netjets, El Al, Royal Jordanian, Italian Air Force, USAF, American Airlines, LOT Polish Airlines, and FedEx.

Importantly also, GPS experts from NASA, Boeing, Collins Aerospace, FlightSafety International, Honeywell International, Safran Electronics & Defense, Satcom Direct, Aircraft Performance Group, Fokker Services, Honda Aircraft Company, Zurich University of Applied Sciences, and SkAI Data Services are part of the Workgroup.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog