In the last few weeks India has issued alerts about GPS spoofing near airports like Delhi, Mumbai and Kolkata. Today, I thought we will discuss the basic science behind spoofing and how it works.
GPS or Global Positioning System is a set of very weak radio signals from satellites. Satellites are GPS(US), GLONASS(Russia), Galileo(EU), BeiDou(China) & NavIC(India). The receiver in the aircraft listens to four satellites, matches their known codes and solves four timing equations to work out its (x, y, z) position and the tiny time error in its own clock. The key point is that it simply trusts the signals it hears.
GPS spoofing is when an attacker (most likely on from the ground) sends fake GPS like signals that look normal but carry the wrong data. On the ground, they use a radio transmitter and signal generator to copy several satellite signals and line them up with the real ones. Because real satellite power at the antenna is tiny, the attacker only has to be a little stronger and closer, so the receiver prefers the fake signals. This is probably the reason you see these attacks common in and around airports.
Once the receiver locks on to the fake signal, the attacker can slowly move the virtual position away from the real one. On the display, you see the aircraft symbol drift off the true path, even though every status light still looks fine. If this is not caught early, the route, the landing path and even the position sent to air traffic control can all be wrong. Hence its a security risk.
As a mitigation, pilots are warned when air routes have these risks. In-flight, if spoofing suspected, pilots cross-check with raw nav aids, request radar vectors, disable GNSS as required. On airports like Delhi, folks are putting up more Instrument Landing Systems(ILS) so aircraft can land using trusted ground signals and avoid relying on GPS when spoofing makes satellite guidance unsafe. It’s a not major security critical issue yet as of now but starting to be one.
