GPS Manipulation

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand.

The Shanghai “crop circles,” which somehow spoof each vessel to a different false location, are something new. “I’m still puzzled by this,” says Humphreys. “I can’t get it to work out in the math. It’s an interesting mystery.” It’s also a mystery that raises the possibility of potentially deadly accidents.

“Captains and pilots have become very dependent on GPS, because it has been historically very reliable,” says Humphreys. “If it claims to be working, they rely on it and don’t double-check it all that much.”

On June 5 this year, the Run 5678, a river cargo ship, tried to overtake a smaller craft on the Huangpu, about five miles south of the Bund. The Run avoided the small ship but plowed right into the New Glory (Chinese name: Tong Yang Jingrui), a freighter heading north.

Boing Boing article.

Tags: , , ,

Posted on November 21, 2019 at 6:26 AM25 Comments

Comments

Richard Whitcombe November 21, 2019 7:17 AM

Reading that article its not clear (to me at least) that its GPS being spoofed. It mentions the AIS plots were moving.

AIS is trivial to spoof and has been done for years by Somali pirates, shipwreck location and recovery boats and so on. Not legal but its simple.

AIS just takes the bog standard NMEA sentences (literally plain, clear, low baud rate text) from the GPS set and spits it out as a data burst on VHF marine. It can be fed with any data you want as there is no error checking, sanity checking or anything of the sort.

Anyone with a Raspberry Pi and a HackRF can do this with probably a few minutes work – its substantially easier than spoofing GPS.

The article to me isn’t clear its GPS being spoofed – it could be the AIS which is way way easier to do.

A similar weakness exists with aviation ADS-B which can also be spoofed with almost no effort to cause aircraft to be in the wrong position, create phantom contacts, trigger collision alerts etc.

Jeremy November 21, 2019 7:27 AM

My guess (since you ask) is that it’s related to local GPS augmentation measures (e.g. differential GPS, assisted GPS).

Whether there’s malicious intent involved is obviously another matter. Maybe it’s a deliberate attack, maybe it’s an unintended side effect of an attack – or maybe it’s just a subtle interaction between a configuration quirk in the local facilities and off-the-shelf firmware in popular commodity GPS chips.

Jeremy November 21, 2019 7:30 AM

@Richard Whitcombe –

The article does say that they found similar GPS errors in non-AIS users (Strava), which would seem to rule out AIS spoofing.

But yes, the lack of security in AIS is pretty remarkable.

Paul Houle November 21, 2019 8:22 AM

Systems like AIS or ADS-B are useful to the GPS spoofer because they let the spoofer know that they’ve been successful, which is otherwise a tricky problem.

lurker November 21, 2019 2:46 PM

Odd points: 1. this was a report from an American ship entering port. The problem appears to have been known to Chinese authorities for years, but has only just hit our headlines.
2.The Strava heatmaps from cyclists show similar “crop circles”. Does Strava use similar tech to AIS? Why would anyone want to throw cyclists off the track so to speak?
3. I spent some months cycling in eastern China in 2014, not in Shanghai, but including neighbouring Zhejiang province. I have a simple GPS tracking app called Cycledroid on my phone which worked nicely at home, including in my shirt pocket at a window seat on a train. In China the thing was “wandering”, to the extent that Distance Run was up to three time the actual distance, implying to me that it was integrating more than the normal position errors. I figured at first it might be because of the large number of container and other heavy trucks on the roads, but it still happened on quiet country lanes. At the same time the Chinese mapping app Baidu always showed my position accurate to 5 metres. Cycledroid returned to normal when I left China.
4. Google Maps and Satelite view are offset by up to 2 kilometres allegedly at the request of the Chinese government. Placenames are in my experience largely fictitious.
5. File under “Go Figure”:
https://www.gokunming.com/en/blog/item/2927/coke-accused-of-collecting-classified-information-in-china

Raul November 22, 2019 2:51 AM

The fact that ship positions are modified so that they end up in a circle to me brings to mind polar coordinates. Maybe a single number somewhere is being hacked somehow, and that number would be the random angle, for a given fixed center of that circle, and its radius.

CallMeLateForSupper November 22, 2019 2:05 PM

I see a potential problem here that has nothing to do with GPS. The article mentions that sand for making concrete is in short supply and that sand rustling is possibly the reason for the GPS futzing. But you ought not use unwashed sea sand to make your concrete – unless you don’t care about your structures crumbling – because sea sand is heavily contaminated with NaCl.

The German army faced exactly this problem – sand shortage – during WW][ as a consequence of building e,g, the Atlantic Wall (not to mention the many structures required to develop and deploy super weapons). They recognized the need to wash their dredged sand and they made impressive efforts to do so, in certain cases combining washing, mixing and pouring into what we call a just-in-time operation.

Will Chinese sand rustlers wash their purloined piles? If not, will concrete mfgrs even know the sand they procure is full of salt? Will they care to know, or, rather, quickly make personal fortunes in sea salt concrete and then shutter (or better, sell) the business and “get out of Dodge” before the first bridge or skyscraper collapses?

Don K November 22, 2019 5:46 PM

My knowledge of GPS is limited and theoretical, not practical. But a couple of things come to mind.

  1. I doubt this phenomenon is a weapons test. One normally tests weapons in the middle of nowhere far from prying eyes and ears, the Chinese equivalent of Area 51, not in the busy port of the world’s second largest city.
  2. The thing that popped into my mind is differential GPS. Regular GPS is accurate to about 10-15 meters (local horizontal). It’s accuracy is limited by a lot of things, the biggest being ionospheric signal delays that can be quite variable depending on what is going on above 60km elevation along the signal path from the satellite to the receiver. Differential GPS is an optional add-on wherein a local station whose position is precisely known continuously samples the signals from visible GPS satellites and broadcasts corrections to GPS receivers in the area. Differential GPS is said to be up to 100 times more accurate than uncorrected GPS. IF differential GPS is being used in Shanghai habor. And IF the correction signals are sometimes buggy or garbled, that MIGHT cause the reported problems.

Just a guess.

JG4 November 23, 2019 11:15 AM

@Richard W

You raised a problem that could be solved partially with public key/private key encryption. Even more effective if mandated by Big Brother. In the current paradigm, it also is easy for a third party to generate false data, then broadcast at higher power/gain/etc. to over-ride the real signals.

A private key could be used to encrypt the outgoing traffic to certify that it originates from the correct vessel/airframe/vehicle, thereby defeating third-party intrusion. That doesn’t solve the problem of tampering by the owner/operator, but at least it isn’t third-party mischief.

I really like the safety aspect of broadcasting vehicle/vessel/etc. information, but I don’t like the intrusion of government into open navigation of the seas, skies, and roads. Just for the record, I don’t like private sector crime cartels any better than public sector crime. And the increased potential for surveillance. The problem isn’t data collection per se, but subsequent criminal misuse. I’ll skip the examples from the headlines, but you’ll recognize the liars, thieves and murderers.

https://www.schneier.com/blog/archives/2019/11/gps_manipulatio.html#c6801894

Anyone with a … can do this with … a few minutes work – its substantially easier…

similar weakness exists … which [also can] be spoofed … to cause … wrong position, … phantom contacts, … collision alerts etc.

A related example could use LED tail-lights to broadcast braking rate and other vehicle information. I find that common LEDs have bandwidths well into the MHz. The radar systems now built into vehicles could serve the same and related inter-vehicle communication purposes. Sensors in the front of the following cars could be used to apply automatic braking with millisecond response completely beyond human reflex. And relay information to the whole line of cars behind. That would open the door to convoys of cars running bumper-to-bumper to defeat half of air friction and almost all of the accidents.

I’m pretty sure that I wrote about my experience with automatic braking (not entirely positive) and it did not escape my notice that someone else did too (life-threatening). You almost need thought control so that automatic braking can be applied when needed (e.g., if you have lost situational awareness and the car in front is slowing rapidly), but not when you are trying to pass. I did find the audible alerts from the system to be almost uniformly helpful. It’s going to take a while to work the bugs out of your government and out of your machines. There are no guarantees that you or your species will survive the attempt.

RealFakeNews November 23, 2019 11:51 AM

A private key could be used to encrypt the outgoing traffic to certify that it originates from the correct vessel/airframe/vehicle, thereby defeating third-party intrusion. That doesn’t solve the problem of tampering by the owner/operator, but at least it isn’t third-party mischief.

@JG4: I thought this a long time ago about transponders (ADS-B in particular). I think this is how IFF interrogators work.

Tractor Gent November 23, 2019 3:11 PM

This probably isn’t the Chinese government, as there’s no obvious benefit for them to spoof GPS in Shanghai. However spoofing is rather more than ‘script kiddy’ level in execution. It needs tome tech chops to do. However I’m sure the Chinese government do mess with GPS when they need to. I staged through HKG recently, and on taking off from Chek Lap Kok I had a gps app on my phone on, next to the window. It was perfectly happy tracking around the taxiways but as soon as we took of it went dead, and we climbed out over Kowloon before turning north with no tracking at all. It took a while before it came back as we moved away from Hong Kong. Now, it could have been just loss of signal, but my phone is pretty good at tracking GPS, even in buildings.

Tatütata November 23, 2019 3:53 PM

On the background issue, there is a looming global sand shortage, yet one more component of the coming apocalypse. So there is an incentive to foil law enforcement.

But I’m puzzled by this news item. As others noted, it isn’t clear what is being spoofed or jammed. Furthermore, the PRC has developed a domestic NavSat system called “BeiDou, which is currently maturing and offers restricted modes that shouldn’t be as easy to spoof or jam as US GPS. Does AIS mandate GPS, or can an alternative system (Glonass, Galileo et AL) be used? I would expect that BeiDou has some early adopters.

Chris November 24, 2019 4:57 AM

If one receives just one GPS-satellite, your position is known to be on a circlish track on earth – 3 are needed for a point. Suppose a receiver is spoofed into receiving 1 real satellite and 2 clones, physics will make the clones not 100% the same. Your position will jump from one point on the circlish track to another. But your receiver might be satisfied that he‘s got 3 fixes and display that result

Clive Robinson November 24, 2019 3:00 PM

@ Tatütata,

On the background issue, there is a looming global sand shortage…

Yes there is but it’s kind of hidden in “plain sight” so we tend not to think of it, the same with the limestone, aggregates, carbon footprint, and pottable water issues of construction concretes as well.

There are various mixes of concretes made from mixes of cement[1], sand and aggregate.

Cement is made by effectively “crushing and burning limestone rock”, sand is the result of millions of years of erosion and aggregate some what less time of erosion.

One of the things that makes sand important not just for building is that it is mainly silica or silicon dioxide (SiO2). This is usually in the form of quartz, which, because it is fairly chemicaly inert, is a very good insulator, and has considerable hardness makes it usefull in many applications. The reason non-organic sand is silica based is that quartz is the most common mineral resistant to erosion or weathering. Thus as softer rocks weather comparatively faster down to silt, that then get washed out by suspendion in water the still larger silica remains behind as a sand.

This weathering process is actually increadibly energy intensive and takes considerable time to erode rocks to stones, then pebbles, then gravel, then sand, then silt for it to be washed away to form sedimentry rocks that then get subducted to eventualy become magma and the cycle continue.

This cycle being a primary geological process takes times longer than the human race has been in existance. Therfore in human terms sand and limestone and the aggrigates used to make concretes we use for construction are “Non renewable resources of finite availability”…

Thus the question arises as to “recycling”[2]. Currently most construction concretes have a comparitively short life (40years on average) before being broken up. Due to the finite availability of iron it’s common to extract the rebar as scrap and recycle it. The remaining concrete “rubble” tends to be used as a form of “hard core” in some foundations and the like or as a form of land erosion prevention, with still large quantities going to landfill at considerable financial and environmental expense. Which is obviously not the best use that could be made of it, hence the increase in recent times of turning it into low quality aggregate on site. Part of this is due to the large amounts of energy required to do the transportation off to landfill and obtaining gravel aggrigates thus recycling can reduce construction costs. Energy is another environmental issue with the making of concrete, it has a very high carbon footprint as well as using very large quantities of often potable water which it’s self has a quite non-negligible carbon footprint.

In short “Concrete is a major disaster area” in the making for mankind and the rest of the planet and we need to address all it’s issurs as a matter of high priority. But politically that is highly unlikely as concreate is seen as a primary economic enabler…

[1] Many people call the result of making concrete “cement” which after a moments thought can be seen to be wrong. Cement is actually a “binder” for the strong sand and aggregates, the result is quite durable if brittle even though the cement it’s self is actually quite a weak material. There are two types of cement the second –hydrous / Portland– is made from the first –non-hydrous / Lime– which is made by crushing and burning limestone in a high energy process. As with sand limestone is also being used at a prodigeous rate and this as well is of great environmental concern.

[2] https://en.m.wikipedia.org/wiki/Concrete_recycling

Toni Myran November 28, 2019 10:40 AM

With assignments piling up during the academic right throughout the year it makes sense to start looking for the answer to that question Who can do my homework for me? as soon as possible. As the saying goes, the best time was yesterday, the second best time is now! So once you’ve decided to take the plunge and go looking for some professional academic help with your homework there are quite a few things you should know before you choose the service you need.

If you are fed up with so many assignments or you have tried to determine what to write, but you cannot find anything, then you do not need to worry. A student needs to have free time to have fun and relax. The homework online services for sale is an ideal solution for any student who is overwhelmed or cannot find time for his or her assignments. Expert writers http://do-my-homework-for.me/ write assignments excellently in order to help students to succeed in their careers. The service is offered at an affordable price and it is available whenever you need it.

Rory Milkilroy November 28, 2019 2:45 PM

@Emma
An interesting implication that the stolen sand goes to feeding the insatiable needs of the golf industry, i will think about it.
I applaud the fair sharing of the worlds finite resources, by giving milk to your neighbours boy, you are making the world a more equal place. Interesting that you have embraced a socialistic solution to the problem rather than a capitalistic approach. Do you think that the alleged sand-thieves are motivated by capitalist greed, or idealism? or geo-political goals?
I have refrained from visiting golfexperttips[dot]com as I don’t trust golf experts in the field of gps spoofing, I assume they closely guard their GPS spoofing technology, and don’t trust a word they say.

Rory Milkilroy November 28, 2019 2:55 PM

@moderator
The last four comments (including this one) are spam and should be considered for removal.

regards,
Rory

It’s my pleasure, I’m the milkman 😉

Security Sam December 2, 2019 11:31 AM

This article on the GPS Manipulation
Reminds me of the one about Boeing
Who by eliminating sensor duplication
Couldn’t tell if they’re coming or going.

Glen T December 29, 2019 9:57 AM

I suspect the clock of the fake GPS signal is likely derived from a computer clock rather than a high-precision atomic clock, and thus has step-drift with respect to the GPS atomic clock signals. This error inscribes a circle because the rotation of the earth and GPS satellites.

(“suspect” meaning I’ve done drawings but have not done the GPS equations with an added error term).

Chris December 29, 2019 2:15 PM

Crazy Danish Hacker
hxxps://www.crazydanishhacker.com/gps-spoofing-bladerf-software-defined-radio-series-23/

hxxps://www.invidio.us/channel/UClg0eyJTbAZaYuz3mhwfBBQ

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.