Hackers are taking over airplanes’ GPS; experts don’t know how to fix it

It is one of the most terrifying events imaginable.

There have been more than 50 recent reports of terrifying cyberattacks that have disrupted planes’ in-flight GPS, leading to what experts described as “critical navigation failures” on board the plane.

What is even more alarming is that industry leaders thought this type of hacking was not possible and do not know how to fix the now evident security flaw. Since late August, they have been observed across the Middle East, particularly in Israel, neighboring Egypt and Iraq.

In September, the FAA issued a “safety flight risk to civil aviation operations” warning over the series of attacks, according to Operations Groupan international collection of pilots and technicians who were the first to draw attention to the terror.

The attack, called GPS spoofing, when a navigation system receive false coordinates — is not new and applies to all modes of transport. Ten years ago, a group of college students at the University of Texas boasted that An $80 million yacht was taken off course as a school project. In 2015, a security researcher He also hacked a United Airlines flight. and changed course as a warning about security flaws.

Reports of GPS “spoofing” have proliferated in the Middle East since late summer.
Operations Group

But the tactic has become so sophisticated that the infamous hackers, still at large, have recently learned how to defeat an aircraft’s critical inertial reference systems (IRS). That crucial piece of technology is commonly called “brains” of a craftsmanship on the part of the manufacturers.

One flight, a Gulfstream G650 from Tel Aviv on October 25, “experienced full navigation[igation] failure”, since its system had marked the plane 225 nautical miles off the true course. And a Boeing 777 was spoofed over Cairo airspace and was also falsely thought to be stationary for half an hour on Oct. 16, according to the group.

Before these rampant attacks began in late August, it was “previously thought to be impossible” to spoof the IRS, OpsGroup said. he wrote in a November update.which added several more cases of identity theft to the already long list.

Experts warn of specific navigation glitches across the Middle East.
Operations Group

“The industry has been slow to accept the problem, leaving flight crews on their own to find ways to detect and mitigate GPS spoofing… What are you going to do at 2 a.m. over the Middle East when the plane starts veering off course? and say ‘Position? Uncertain?’ With almost no guidance, we are largely on our own to figure things out.”

Another aviation expert and former flight operations captain, Patrick Veillette, warned that the current global climate (the pattern of attacks began shortly before Gaza’s assault on Israel in October) is an additional global risk. Israel also admitted that “GPS was restricted in active combat zones in accordance with various operational needs” in mid-October.

“It is likely that nefarious forces are behind this (although they have not yet been identified)” Veillette wrote. “And the consequences could turn into an international crisis and possibly the loss of an innocent civilian aircraft in a region that is already a high-risk zone near an active conflict zone.”

There are concerns that these navigation tricks could lead to innocent deaths in the sky.
NurPhoto via Getty Images

To further heighten the tension, Professor Todd Humphreys, who led the yacht spoofing at UT a decade ago, believes he has traced the origin of these hacks to Iran.

“Using raw GPS measurements from several spacecraft in low Earth orbit, my student Zach Clements last week located the source of this spoofing on the eastern outskirts of Tehran,” Humphreys said. who warned congress on the dangerous potential of identity theft in 2012, said to Vice motherboard.

“GPS spoofing acts as a zero-day exploit against aviation systems…[aviators are] completely unprepared and powerless against it.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button