New Report Details GNSS Spoofing Including Denial-of-Service Attacks

GNSS spoofing is more wide spread than previously believed and being used to not only misdirect satellite navigation users but to deny GNSS service altogether, according to a new report by the Center for Advanced Defense Studies, a non-profit that analyzes transnational security issues.

In its report Above Us Only Stars the Center (also called C4ADS) details the evidence for spoofing pointing to consistent, widespread GNSS disruptions and geolocation errors in and around the Russian Federation, Crimea, and Syria. C4ADS used publicly available information to document incidents of spoofing, track down the locations of significant sources of bogus GNSS signals and make a case for the spoofing being intended to protect of Russian officials and sensitive areas/events.

Lost in Moscow
Heat maps derived from fitness tracker applications were one type of data C4ADS used to track likely disruptions. For example, one app called Strava showed a pattern of individuals located in central Moscow who suddenly appeared to be on the runways of Vnukovo and Sheremetyevo airports well outside of the city.

“At normal airports throughout Russia and the rest of Europe, device position paths typically remain confined to aircraft taxiing paths and the terminal area,” the report asserts dryly. Assuming that airport authorities do not actually allow passengers to run in circles on an active runway “these positions are highly suspect.”

Apparent dislocation to an airport, a spoof that has been seen repeatedly, has been widely suggested to be an attempt to take advantage of geofences built into the software of many commercially available drones. The geofences are designed to keep the drones away from airports, thereby limiting the danger to airplanes as they take off and land. Spoofing to fool a drone into leaving its current location because it thinks it is violating a geofence could be an attempt to keep unmanned aircraft away from important officials or locations. The researchers found that brief incidents of spoofing in isolated areas directly coincided with visits by Russian president Vladimir Putin. Spoofing also occurred in close correlation to sensitive locations like Khmeimim Airbase, Putin’s residence, and government offices and in conjunction with important events that Putin or other officials might be attending, C4ADS wrote.

Another type of spoofing underway in the region appears intended to confound rather than mislead. This type of spoofing involves overwhelming real satellite navigation signals with signals that seem real but contain no navigation data.

“In effect, Russian forces now have the capability to create large GNSS denial-of-service spoofing environments, all without directly targeting a single GNSS satellite,” C4ADS wrote. “These systems are widely believed to be in use across Russia’s Western and Southern Military Districts at the border with NATO and reportedly have been forward deployed in conflict zones such as Ukraine20 and Syria.”

Using marine vessel Automatic Identification System (AIS) path histories C4ADS identified nearly 10,000 incidents from February 2016 through November 2018 impacting 1,311 commercial vessels. The group detected at least 7,910 instances where the victim vessels were located outside of Russian territorial waters. Such spoofing could pose a risk to maritime navigational safety and violate United Nation’s International Telecommunications Union (ITU) Radio Regulations Articles, which prohibit harmful radio frequency interference.”

With the help of GPS spoofing expert Todd Humphreys, an associate professor of aerospace engineering at the University of Texas at Austin, the C4ADS team used data from a GPS receiver onboard the International Space Station to locate the sources of the spoofing signals. The disruptions appear to have originated from 10 or more locations in Russia and Russian-controlled areas in Crimea and Syria.

C4ADS said it did not find evidence confirming that any of the 10 locations was being used to deliberately target specific receivers. Overall, however, the spoofing has had an impact on civilian systems. There have been public reports of errant cell phone locations in Moscow as early as June 2016. GNSS spoofing signals originating from Khmeimim Airbase in Syria would be deafening for aircraft flying near the transmitter, subjecting them to spoofing signals 500 times stronger than authentic GPS signals. Norway and Finland reported severe GPS outages during military exercises, including Russia’s Zapad 2017 and NATO’s Trident Juncture 2018. Those disruptions affected commercial airliners and cell phone networks for several days.