GPS As a Key Distribution Platform

This is interesting:

The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch…

That means every device that uses GPS has been receiving hidden government information for years, and nobody outside the military knew it until now.

[…]

Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military’s Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation.

“There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data,” Murdoch said. “That was the smoking gun that made me think: This is what it’s for.”

These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures.

Tags: , ,

Posted on June 9, 2026 at 11:06 AM5 Comments

Comments

Clive Robinson June 9, 2026 11:37 AM

@ Bruce, ALL,

A thought to think on…

The modules that go into military GPS units are supposed to be,

1, Secure.
2, Tamper proof.

But… They are like all embedded systems “finite in capacity.

This means there is only so much Key Material (KeyMat) that can be securely stored within them.

Which means they will eventually either have to “reuse KeyMat”, be “reloaded with KeyMat”, or cease to function as the KeyMat is exhausted.

For various reasons this kind of precludes the use of “Shanon Perfect Secrecy” type systems (one of which is the OTP).

Thus the question arises of when will these secure modules “be beyond their shelf life”.

Vesselin Bontchev June 9, 2026 1:16 PM

I very much doubt that these are “keys”. More likely, they are ciphertext; a codebook-based one, where one code can mean a whole phrase.

Didier Frick June 9, 2026 1:27 PM

@clive robinson

isn’t the whole point of the article about remotely sending key material to those devices ?

Rontea June 9, 2026 1:56 PM

Fascinating to see how decades-old GPS signals quietly carried the backbone of military key distribution right over our heads the whole time.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.