The GPS expert Todd Humphreys, professors at the University of Texas, demonstrated that just using a cheap apparatus composed by a small antenna, an electronic GPS "spoofer" built in $3,000 and with a laptop, it is possible to exploit GPS vulnerability to obtain control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea.
Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht "White Rose of Drachs" commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack.
Humphreys is a famous GPS experts, we met him last year when we discussed about drones hacking. The Assistant Professor of the University of Texas with his team has created the world's most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
Humphreys reported the results of his experiment to the Foxnews explaining how his team exploited the GPS system of the vessel: "We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals," 'Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we're worried about." "For maritime traffic, there are big implications," "You've got 90 percent of the world's cargo going across the seas. Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we're worried about."
The concept is simple, the researchers provided counterfeit GPS signals to the yacht providing inaccurate information on its position to hijack it, potentially the attack could be used to disorient any vessel with serious consequences without victims notification.
Captain Andrew Schofield was shocked by the results of the attack: "Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference," "I was gobsmacked -- but my entire deck team was similarly gobsmacked," Schofield he told Fox News.
The scope of these attacks is hijack GPS systems of victims causing collisions or other damage. A collision of a cruise ship or an oil tanker would lead to devastating consequences in terms of loss of human lives and environmental impact, we have observed it the cases of the Costa Concordia and the Exxon Valdez.
The impact of GPS hacking is not limited to the maritime environment, same kind of attack could be conducted against aircrafts or any other system that use GPS technology: "You're actually moving about a kilometer off of your intended track in a parallel line and you could be running aground instead of going through the proper channel," "Going after an expensive vessel on the seas and going after a commercial airliner has a lot of parallels," Humphreys said.
The latest experiment conducted by Humphreys demonstrated the possibility to control victim's GPS system exploiting the GPS vulnerability, not only to interfere with it.
"Before we couldn't control the UAV. We could only push it off course. This time my students have designed a closed loop controller such that they can dictate the heading of this vessel even when the vessel wants to go a different direction," Humphreys said.
The government is concerned by the possible exploitation of critical GPS vulnerabilities, Humphreys was called before Congress to speak with officials from the FAA, CIA and Pentagon, but according the researcher the Department of Homeland Security still been "fumbling around in the dark" on GPS security, doing little to address the threat.
Texas Congressman Mike McCaul, chairman of the Homeland Security Committee expressed its concerns on the GPS security issues and remarked with Senators Coburn and Collins the necessity to address these critical threats.
"It's a very serious homeland security issue that we've asked the secretary to review and look at and she's never responded to my requests," "The department seems to be thumbing its nose at it, saying it has no jurisdiction over this issue and not really showing any interest in this issue at all."
It's important to share information on possible effect of attacks against GPS systems, it could be too easy for the hackers to acquire a low cost appliance to cause serious damage, Schofield commented the results of the experiment with the following eloquent statements: "People need to know this kind of thing is possible with a relatively small budget and they can with a very simple system steer the ship off-course -- without the Captain knowing".