Transport, communication and utility operators whose networks are based on GPS have been warned to boost security against malicious attacks, including jamming and spoofing.
Signals from satellite navigation systems to GPS and other receivers are vulnerable to interference, whether deliberate or unintentional, and can easily be brought down, a Research Network for a Secure Australia workshop was told on Friday.
“Interference can cause disruption to GPS, with potentially disastrous effects,” said Dr Chris Wullems, technical director of satellite navigation security company Qascom Italy.
“Critical systems such as aviation are secure and supported by fallback systems, but the RNSA is trying to raise awareness of the need for greater security and backups among the many industries that rely on GPS positioning and timing.”
Professor Kurt Kubik, of the University of Queensland school of information technology and electrical engineering, said GPS location and synchronisation technology was deeply embedded in commercial networks.
Many private users were unaware, however, that because GPS operated on very low-power signals, the weak signals could be blocked or jammed by radar or stronger broadcasts from two-way radio and wireless systems, such as Bluetooth, operating on the 2.4gH frequency.
GPS signals are vulnerable also to spoofing – an attacker replacing a valid signal with wrong information, based on widely known frequencies and protocols.
Professor Kubik said GPS used by the defence forces was protected by relatively robust security, but civilian and industry users were wide open to attack.
“Anyone who wants to attack a power or banking network could do so through GPS vulnerabilities,” he said.
“It would also be possible to spoof GPS navigation broadcasts to ships and aircraft, so that a vessel ran aground, or a plane went off course.
“Aircraft have good backup systems, but the question then becomes how quickly the pilot reacts when they realise they’ve got wrong information.”
Electricity networks were at high risk because GPS timing was used to synchronise power during load transfers, Professor Kubik said. “An attacker doesn’t need to take out an entire power station if they can disable the network by interfering with the timing.”
Users of GPS needed to conduct full vulnerability assessments and then make “proper provisions” to prevent attacks. “Right now, the problem is that users generally trust GPS,” Professor Kubik said.