Researchers Steer Off Course to Show Potential Power of 'GPS Spoofing'
JEFFREY BROWN: And finally tonight, new research that could lead us all in a different direction.
In June, a 213-foot luxury yacht sailed off the southern coast of Italy, when, suddenly, it veered off course. But this was no sinister act worthy of a spy flick. Instead, a team of researchers from the University of Texas at Austin had deliberately coerced the $80 million vessel from its track, without physically taking the helm.
With the blessing of those aboard, Professor Todd Humphreys and his graduate students employed a technique called “GPS spoofing” to effectively disorient the ship's positioning system. Changes went undetected by alarms, and the autopilot system shifted the yacht to what it thought was the original course, not one selected by Humphreys' team.
The demonstration was the first to show GPS spoofing could pose a real threat to the world's civilian maritime industry. A year earlier, the Texas research group showed the same danger also exists in the civilian aerospace sector. They successfully used their GPS spoofing system to commandeer an unmanned aerial vehicle on U.T.'s campus and repeatedly brought the small helicopter-like drone to the ground by altering information sent to its altitude navigation system.
And Todd Humphreys, the University of Texas researcher behind these projects, joins us now. Also with us is Milton Clary. He works with federal government agencies to identify such threats. He's a senior analyst at Overlook Systems Technologies.
So, Todd Humphreys, this has a kind of innocuous, funny even, name of spoofing, but it sounds rather serious. You're, in essence -- you're tricking the GPS system?
TODD HUMPHREYS, University of Texas: That's right. We convincingly fake the GPS signals and make a receiver think that it's at some other place or some other time.
JEFFREY BROWN: And why do it? What's behind this experiment?
TODD HUMPHREYS: Well, you know, we had done experiments in our laboratory and we'd convinced ourselves that we could hack a GPS receiver, make it believe it's some other place, but what does this mean? What does it entail? Could you, for example, remotely and clandestinely lead an expensive and enormous ship at sea off course without the crew even knowing?
That was the question we sought to answer, and it turns out the answer is yes.
JEFFREY BROWN: Milton Clary, how do you view this spoofing? What -- what -- how do you think about it?
MILTON CLARY, Overlook Systems Technologies: Well, spoofing is certainly a real phenomenon.
And essentially spoofing is -- boils down to just being a very believable lie that the receiver gets down and thinks it's getting direction -- data from the satellite, but in effect think of it as just being in a neighborhood and someone has switched all the street signs around. You think you're on the right street, but you're really not.
JEFFREY BROWN: And why is it -- why are these kinds of experiments -- I will ask you the same question. Why is it interesting? Why is it important?
MILTON CLARY: Well, it's important to understand what can be done so we can in turn learn how to prevent it from being done.
And there are capabilities. For the last several years, there's been national policy to develop capabilities to preclude these types of basically threats to spoofing. But, unfortunately, certain elements within the federal government have sort of been a Chihuahua in a china shop when it comes to actually getting the work done.
JEFFREY BROWN: Well, what kind of -- what kind of -- when you think about what's vulnerable and what's not, what kinds of things are really bound by a GPS system?
MILTON CLARY: Well, when you consider what GPS does, people think of it as, you know, how far am I to the green? Or how do I get to the local shopping center?
But GPS is embedded in so much of our critical infrastructure. All our communications system depend on the timing from GPS. All the emergency responders rely on GPS. Emergency 911, if you dialed that on your telephone, it will show the operator right where you are based on the GPS in your phone.
If that gets -- if GPS goes away or it gets spoofed, that could be very disruptive. All our ground transportation, water transportation, rail transportation, positive train control, which is a very important thing to the Federal Railway Administration -- want to know where these trains are and where they are in time.
JEFFREY BROWN: So, Todd Humphreys, how hard is it to do or easy to do? You used that word hacking. Is that what it's about? Is it the proverbial hacker, the teenager who can do this or what?
TODD HUMPHREYS: It is a kind of hacking attack, but I wouldn't expect a teenager to be able to do what we have done. It took a team of about four Ph.D. students several years to come up with the box that we developed that can convincingly fake these GPS signals.
The real worry I have is that someone who is perhaps not a Ph.D. could operate a box like we have. So if the software ever got out onto the Internet or if someone else replicated the box, then it wouldn't take a Ph.D. to run the thing.
JEFFREY BROWN: So pick up on this question where of where the vulnerabilities are and using what -- the research you have been doing, how would one protect those?
TODD HUMPHREYS: Well, we have been looking into protections at the University of Texas, and Cornell University, Stanford, many other universities and agencies across the globe.
What we have found over the last couple years is that the most practical protections are also the least effective and the least expensive and so forth. But the impractical, somewhat cumbersome protections are the most effective. And so we're in a bit of a conundrum right now, but I'm hoping that within a couple years, we will find a sweet spot, we will be able to implement something that effectively defends and doesn't break the bank.
JEFFREY BROWN: But your feeling is that at this moment it's important to talk about, to do the research, to make it public precisely to get to that next step?
TODD HUMPHREYS: I think so. I think we have waited long enough for solutions to come about on their own. Now it's time to go to the public, to expose the problem, and get more people thinking about it.
JEFFREY BROWN: Milton Clary, I know you do a lot of work with the Defense Department. How much -- when you were talking about the various vulnerabilities, how much is it in the military?
MILTON CLARY: Well, the military GPS is a completely different system than what the civilians use. It has a much more sophisticated signal structure and that, in itself, is embedded in a very sophisticated encryption.
So to be able to get into the signal and fool it, you can't even get there to really mess with it in the way that Dr. Humphreys has done. Now, as far as trying to give ourselves some resilience, one of the biggest uses of GPS is not the position data, but the timing information. And there's countries -- United Kingdom, Japan and Korea all have a system called LORAN.
It was an American navigation system that goes back to the '40s. And they're building an enhanced LORAN that would provide timing signals as a backup. And that system, LORAN, would be very, very difficult to jam.
JEFFREY BROWN: All right, so, countries, companies, everybody's watching this right now.
MILTON CLARY: Oh, yes. There's a lot of people that care about it or work in it pay close attention.
JEFFREY BROWN: All right, fascinating stuff.
Milton Clary, Todd Humphreys, thank you very much.
MILTON CLARY: Thank you. I enjoyed being here.