9 August 2024, NIICE Commentary 9407
Sayani Rana & Dr. Karamala Areesh Kumar
Can you possibly imagine your life without GPS? Probably not! The Google Maps (or perhaps Apple Maps) on your device has become an integral part of everyday life – helping you visit new places to navigate known traffic. Akin to several modern technologies, the source of this wonderful invention can be traced back to the military. Invented in the 1960s, GPS helped the US military successfully navigate and locate its submarines, ships, and aircraft. Moreover, this luxury of easy navigation is available to civilians as well. But imagine, what if this technology is manipulated to divert you from your destination, what if it is used to lure you, putting you in a vulnerable position, without your knowledge or control? What if this technology is weaponized to spread fear and terror among innocent civilians, threatening a hostage situation? Well, that might be happening right now, through GPS spoofing.
GPS and GPS Spoofing
The Geographic Positioning System or GPS, helps provide an accurate position of any object. It is a tiny box fitted into a larger device such as a mobile phone or bigger bodies like ships and aircraft. This object receives continuous signals from designated geostationary satellites, which help calculate its distance from a predetermined point (reference station) based on the time taken to receive the signals. During calculations, the position of the reference station is known and does not change. The geostationary nature of the satellites further ensures the distance between the reference point and the satellite remains known. Hence, the movements of the GPS-enabled can be tracked in real-time. Applications like Google Maps and Apple Maps display the movements of their devices on the screen to notify individuals about their location and the optimum path to reach their destination.
Source: Kumar, D & Singh, R.B & Kaur, R. (2019). Spatial Information Technology for Sustainable Development Goals.
However, in cases of GPS spoofing, a separate signal is generated at a false location. This signal possesses similar characteristics as those transmitted from the satellite to the receiver but has a higher signal-to-noise ratio (SNR). SNR determines the strength of a signal and a higher SNR leads to the receiver accepting the counterfeited signals, bypassing the genuine ones. The spoofed signal provides false information on the receiver’s location, therefore diverting them from their intended destination.
Till 2013, GPS spoofing was considered a technique too complex to be implemented. However, in 2016, a successful application of GPS spoofing was witnessed when multiple vessels were left misguided near Russia.
Can Spoofing be a means of Terrorism: The Case of Iraq
In September 2023, 20 flights were left astray on the airway UM688. The airway that passes through Iranian airspace experienced continuous cyber-electronic attacks called GPS spoofing where aircraft such as Boeing 777, 747 and 737, Falcon 8X, Embraer 190, 600, and Challenger 650 fell victim. In view of the spoofing incident, the aircraft received a false location which led them to travel close to the Iranian border. The Ops Group was informed of the simultaneous failure of the aircraft’s IRS (Inertial Reference System), along with the failure in VOR/DME sensor inputs and the aircraft’s UTC clock during these attacks. These systems work independently of GPS and help measure variables such as wind speed, amplitude, pressure, and local time. If these devices were to be working aptly, the pilots could have recognized the spoofing taking place. Although not as accurate as the GPS, in cases of GPS jamming and other technical difficulties, these devices help the aircraft navigate before the controller is informed of the mishap, and they help guide. However, a simultaneous failure of these devices makes this attack ‘extraordinary,’ according to Ops Group. The Federal Aviation Administration (FAA) soon issued a notice warning about the risk of GPS spoofing and GPS jamming in Iranian airspace. However, the damage was already done.
The border of Northern Iran is a conflictual area and the potential of these aircraft being shot down by Iranian soldiers or other militant groups cannot be denied. Although no substantial damage was caused by the incident, with no passengers or cabin crew hurt, the probability of passengers remained. Upon rescue, one of the pilots asked for the local time of landing, while the passengers were simply left confused, unable to fully understand the incident they encountered. While the lack of a universal definition makes categorization of such acts as terrorism difficult, it did succeed in inflicting fear, confusion, and distress among both direct and indirect victims, along with the non-participatory masses. The incident of GPS spoofing is undoubtedly a case of cyber-attack. Further accounting for its impact on the masses, it can be considered a form of cyber-terrorism.
Solution
Research conducted by Stanford University provided four ways to prevent GPS spoofing. This includes the use of a Wide Area Augmentation System (WAAS) message authentication, the time of arrival techniques, using antennas to distinguish the direction of arrival, and comparing encrypted PY codes. The WAAS message authentication is compulsorily present within every US aircraft, while facilities for the next two techniques are available on every commercial aircraft. However, multiple American flights falling prey to the Iran spoofing incident question the effectiveness of the same. Therefore, the only viable option remaining is encrypting the GPS signal with P(Y) code. This method is already in use amongst military aircraft and has proven effective. While implementing this might be financially burdening, for the safety and security of individuals as well as nations, such methods must be promoted by the states. At the same time, research and development must take place to strengthen GPS encryption along with the invention of other technologies to tackle GPS spoofing.
While technological advancements ease our lifestyle, they also create multiple opportunities through which it can be threatened. Therefore, brainstorming must be done to analyze how existing and upcoming technologies can be misused to prevent such instances from happening in the first place.
Sayani Rana is a Research Scholar at the Department of International Relations, Peace and Public Policy (IRP and PP), St Joseph’s University, Bengaluru, India & Dr. Karamala Areesh Kumar is the Head at the Department of International Relations, Peace and Public Policy (IRP and PP), St Joseph’s University, Bengaluru, India.
