Monday, January 25, 2016

Opinion: Were US sailors 'spoofed' into Iranian waters?

A riverine patrol boat from Costal Riverine Squadron 2 escorts the guided-missile cruiser USS Bunker Hill (CG 52) while in the Arabia Gulf in this November 15, 2014 handout photo, provided by the U.S. Navy, January 12, 2016.
Ten sailors aboard two U.S. Navy riverine patrol boats were seized by Iran in the Gulf on Tuesday, and Tehran told the United State the crew members would be promptly returned, according to U.S. Officials.
REUTERS/Mass Communication Specialist 1st Class LaTunya Howard/U.S. Navy/Handout via Reuters

From CSMonitor by Dana A. Goward

In 2011, Iran spoofed – or faked – Global Positioning System signals to send a CIA drone off course.

Did it do the same to trick Navy vessels into Iranian waters?

As images of captured American sailors competed with those of the President Obama during the State of the Union address Tuesday, viewers across the world asked: "How could this happen?"
The world’s most powerful nation with the most advanced navy had been embarrassed on the same day as the president's speech.

After a series of other implausible explanations, the Department of Defense settled on the explanation that the crews on both boats "misnavigated."
That in the middle of their trip between Kuwait and Bahrain the two boats accidentally went more than 50 miles out of their way to venture into Iranian waters.
But were they really that poorly trained and inattentive?
Is the navigation equipment in the world’s best navy that poor?
And was it just a coincidence it all happened on the day of the president’s address?
Or was something much more deliberate – and potentially troubling – to blame?

Iran has demonstrated in the past that it has the capability – and the will – to exploit a critical and broad vulnerability in our key navigation system – the Global Positioning System, or GPS.
In 2011, Iran manipulated GPS systems on a CIA surveillance drone to send it off course and capture it.

Now, at a time when elements in Iran are feeling their power and prestige diminish after Tehran agreed to the US-led pact to limit the country's nuclear program, the Islamic Republic could once again flex its muscles and show it has the wherewithal to toy with nearby Navy crews.
And, as the US government is well aware, the GPS network that both drivers and sailors rely on remains vulnerable to attacks.
Powered by solar panels and some 12,000 miles above the earth, GPS satellites broadcast very weak signals that are easy to block or jam.
Over the past few years, illegal jamming by criminals and terrorists trying to hide their whereabouts has become an increasing threat to those signals.
But perhaps more worrisome, GPS signals and receivers can also be spoofed, or faked.
This involves the spoofer sending a bogus signal that can fool GPS receivers, allowing the attacker to trick the device into thinking it's in another location.
Iran claims to have used that technique in 2011 to redirect a CIA surveillance drone from Afghanistan.
Their claim was credible at the time as they clearly had possession of the undamaged drone.

 Demonstration of a Remote Unmanned Aerial Vehicle Hijacking via GPS Spoofing
Military Global Positioning System (GPS) signals have long been encrypted to prevent counterfeiting and unauthorized use.
Civil GPS signals, on the other hand, were designed as an open standard, freely-accessible to all. These virtues have made civil GPS enormously popular, but the transparency and predictability of its signals give rise to a dangerous weakness: they can be easily counterfeited, or spoofed. Like Monopoly money, civil GPS signals have a detailed structure but no built-in protection against counterfeiting.
Civil GPS is the most popular unauthenticated protocol in the world.
The vulnerability of civil GPS to spoofing has serious implications for civil unmanned aerial vehicles, or UAVs.
This was demonstrated in June, 2012 by a dramatic remote hijacking of a UAV at White Sands Missile Range.
The demonstration was conducted by the University of Texas Radionavigation Laboratory at the invitation of the Department of Homeland Security.

It became much more credible several months later when Prof. Todd Humphreys and his students at the University of Texas showed how it was done.
In a live demonstration in 2013, they took over the navigation system of a large yacht in the Mediterranean.
Now, hackers are even selling spoofing kits.

For the 2015 DEF CON hacking conference in Las Vegas, a Chinese researcher sold equipment and published step-by-step instructions for building a spoofing device for about $300.
The loss of the CIA drone in 2011 should have been a wake-up call for the US military that GPS needs more safeguards.
That incident was yet another warning sign that's gone ignored.
But even presidential mandates meant to protect GPS have been ignored over the years.

In 1998, President Clinton became concerned about America’s growing reliance on GPS for navigation.
He directed the Department of Transportation to study the issue and make recommendations.
Those recommendations, which called for improving receivers, developing interference detection networks, and developing non-satellite navigation systems for use alongside GPS, came out just 12 days before 9/11.
Most of them, understandably, were tabled.

Then, in 2004, the Bush administration began to focus on GPS's other functions – providing highly precise timing signals for synchronizing telecommunications and IT networks, financial systems, and power grids.
President Bush issued a presidential directive that identified GPS services as essential to the nation’s critical infrastructure, security, and economy.
Among its provisions to protect GPS, it directed acquisition of a "back-up system" to serve the nation in the event of a GPS disruption.
President Obama later reaffirmed that directive and has issued several additional presidential orders designed to make the nation’s critical infrastructure more resilient.
The Obama administration has also continued to voice significant concerns about GPS vulnerability. Department of Homeland Security officials have called GPS "a single point of failure for critical infrastructure."
Secretary of Defense Ashton Carter has said he wants to "unplug the military from GPS."

But plans to construct a land-based GPS backup system remain dormant.
Studies have shown that, for about $50 million a year, a system known as eLoran could provide a signal more than 1.3 million times stronger than GPS.
And, importantly, the signal is incredibly difficult to jam or spoof.
The deputy secretaries of both the Department of Defense and Department of Transportation have spoken out in favor of such a system.
Yet nothing has been done.
Similar systems are currently being used by Russia, China, South Korea,Britain, Saudi Arabia, and even Iran.

We may never know what truly led two Navy vessels into Iranian waters – the Iranians confiscated the boat’s GPS navigation suites before they were released.
But all the reasons that have been offered to the press seem unlikely.
Small Navy vessels like these have multiple and redundant systems, and usually travel in pairs or small groups specifically to avoid having a single point of failure threaten their mission.
But the incident is once again an important reminder that GPS as a single point of failure can cause significant problems for America, the least of which are minor embarrassments like this one.
Officials in the Obama administration have said they are going to act and address this problem.
Let’s hope that they – and the administration that comes next – follow through on presidential commitments and finally do something to safeguard GPS for everyone.

Links :

No comments:

Post a Comment