A hi-tech GPS spoofing attack took “remote control” of a 213-foot, $80 million superyacht – steering it off course, without anyone touching the steering wheel. The ship’s systems gave no sign that anything was amiss. All that was required was a suitcase-sized device in the yacht’s rigging.
Researchers led by Todd Humphreys of Cockrell University were able to “steer” a yacht off course by broadcasting fake GPS traffic from the upper deck – successfully fooling the ship’s systems so that anyone at the controls would have seen it travelling a straight line. The vessel’s wake, meanwhile showed it was steering in a curve.
The researchers were invited on board a yacht, the White Rose of Drachs, travelling from Monaco to Rhodes, Greece – about 30 miles off the coast of Italy, and in international waters. The researchers’ device – a blue box – broadcast its own civil GPS traffic until it overwhelmed the “real” GPS signals received by the ship. If GPS systems are blocked or jammed, onboard systems will register
The “GPS spoofing” device showed how the systems can be overwhelmed by false signals – without onboard sensors identifying the threat. A series of “location discrepancies”, broadcast to the ship’s two GPS antenna, slowly “nudged” the ship onto a new course.
“The ship actually turned and we could all feel it, but the chart display and the crew saw only a straight line,” Humphreys said.
“With 90 percent of the world’s freight moving across the seas and a great deal of the world’s human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing,” Humphreys said. “I didn’t know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack.”
Humphreys and his colleagues believe that the experiment could have wider-reaching implications for transport as a whole.
“This experiment is applicable to other semi-autonomous vehicles, such as aircraft, which are now operated, in part, by autopilot systems,” Humphreys said. “We’ve got to put on our thinking caps and see what we can do to solve this threat quickly.”
Author Rob Waugh, We Live Security