Earlier this summer, researchers from the University of Texas at Austin quietly redirected an $80 million yacht hundreds of meters off-course using only a custom-made GPS device. Their work could mean changes for the methods currently used to prevent intentional interference with GPS systems in the transportation industry.
Led by assistant professor Todd Humphreys of the Department of Aerospace Engineering and Engineering Mechanics at the Cockrell School of Engineering, the research team was invited aboard the White Rose of Drachs, a 213-foot private yacht, to investigate the possibility of intentionally disabling maritime GPS systems using the world’s first openly acknowledged GPS-spoofing device. “Spoofing” is a technique used to deceive a GPS receiver by broadcasting a slightly more powerful signal than the one received from the legitimate GPS satellites. The false signal is structured to resemble a set of normal GPS signals, effectively tricking the vessel’s GPS receivers and allowing the “attacker” to take control of the ship remotely.
The experiment took place about 30 miles off the coast of Italy in international waters, as the yacht sailed on its way from Monaco to Rhodes, Greece. Using a spoofing device roughly the size of a briefcase developed for the experiment, graduate students Jahshan Bhatti and Ken Pesyna broadcasted a faint ensemble of civil GPS from the ship’s upper deck toward the ship’s GPS antenna, slowly overpowering the authentic GPS signals until they successfully obtained control of the ship’s navigation system. Once in control, the team was able to coerce the ship onto a new course that led it hundreds of meters away from its original course—all without the activation of any alarms, or any indication on the electronic chart system in the yacht’s command room.
“The ship actually turned and we could all feel it, but the chart display and the crew saw only a straight line,” Humphreys said.
“I didn’t know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack.”
Chandra Bhat, director of the Center for Transportation Research at the University of Texas at Austin, believes that the experiment highlights the vulnerability of the transportation sector to such attacks.
“The surprising ease with which Todd and his team were able to control a (multimillion) dollar yacht is evidence that we must invest much more in securing our transportation systems against potential spoofing,” he said.
Remote hacking has been the recent subject of much debate as electronic systems in cars, planes and other vehicles continue to become increasingly sophisticated.
Last year, Humphreys and his colleagues employed spoofing to take control of a GPS-guided unmanned aerial vehicle (UAV), eliciting concern over the U.S. government’s proposed plan to open national airspace to commercial drone traffic.
Recent academic work from the University of California San Diego also demonstrated the methods hackers could use to take control of a car wirelessly, including through the media player, telematics unit and Bluetooth. Other research conducted by computer software hackers Charlie Miller and Chris Valasek with a grant from the U.S. government uncovered security flaws in critical electronic systems in the Toyota Prius and Ford Escape that could be used to control the vehicles.
Humphreys believes it’s important for the public and policymakers to understand that spoofing and other methods of remote hacking pose a threat to the transportation industry.
“This experiment is applicable to other semi-autonomous vehicles, such as aircraft, which are now operated, in part, by autopilot systems,” he said. “We’ve got to put on our thinking caps and see what we can do to solve this threat quickly.”