Surge in GPS Spoofing Threatens Airline Safety by Manipulating Time
Cybersecurity researchers have uncovered a worrying trend in GPS spoofing, a type of digital attack that can disrupt commercial airline navigation. This recent surge in incidents has revealed a new and concerning dimension: the ability to manipulate time on board aircraft.
According to OPSGROUP, an aviation advisory body, there has been a 400% increase in GPS spoofing incidents targeting commercial airliners in recent months. These attacks, often originating from conflict zones, involve ground-based systems that broadcast false GPS signals, misleading aircraft about their actual position. The primary aim is usually to misguide drones or missiles, but the impact on commercial aviation is becoming increasingly apparent.
Ken Munro, founder of the British cybersecurity firm Pen Test Partners, highlighted this growing threat at the DEF CON hacking convention in Las Vegas. “We think too much about GPS being a source of position, but it’s actually a source of time,” Munro explained. He noted that during spoofing events, aircraft clocks have started displaying erratic behavior, with some cases involving clocks being pushed forward by several years.
In one alarming incident, Munro recounted how an aircraft operated by a major Western airline experienced a severe time shift that caused it to lose access to its encrypted communication systems. The plane was grounded for weeks while engineers worked to reset its onboard systems manually. Munro did not disclose the airline or specific aircraft involved.
This threat is not isolated to one region. In April, Finnair temporarily suspended flights to Tartu, Estonia, due to GPS spoofing incidents. The Estonian government attributed these attacks to neighboring Russia, reflecting the broader geopolitical tensions that often underlie such incidents.
GPS, or Global Positioning System, has become a crucial component of modern aviation, replacing traditional ground-based navigation aids. However, the relative ease with which GPS signals can be spoofed or jammed—using inexpensive and readily available equipment—poses a significant risk to aviation safety.
While Munro emphasized that GPS spoofing is unlikely to cause a plane to crash directly, he warned of the potential for cascading failures. “What it does is it just creates a little confusion. And you run the risk of starting what we call a cascade of events, where something minor happens, something else minor happens, and then something serious happens,” Munro said.
As these incidents become more frequent, the aviation industry faces a growing challenge in ensuring the reliability and safety of its navigation systems. The ability to hack time itself on board aircraft adds a new layer of complexity to this already serious issue, underscoring the need for enhanced cybersecurity measures in aviation.