AUSTIN -- A 213-foot mega yacht in the Mediterranean Sea is not a bad place to spend part of your summer. For University of Texas graduate student Jahshan Bhatti, the June trip from Monoco to Greece wasn't a vacation though... it was a chance to try out ground breaking research.
“We knew that it would work in theory but the key part of this experiment was to understand the crew’s reaction,” said Bhatti.
The crews reaction to GPS spoofing. That’s the term for creating a counterfeit GPS signal to ultimately take control of something. In this case it was the yatch called the White Rose.
UT’s Department of Aerospace and Engineering Mechanics Cockrell School of Engineering is leading the research study.
"We wanted to show the vulnerability in GPS," Bhatti said.
He's talking about the same GPS you use on your smartphone or in your car, called civil GPS.
Assistant Engineering professor Todd Humphreys, in the plaid, led the research team using the world’s first openly acknowledged GPS spoofing device. And it worked
“As the attacker increases the power of the spoofing signals he obtains control of the ships primary and backup GPS devices,” said Humphreys. “The takeover is clandestine. Both GPS receivers report healthy signals and no alarm is triggered.”
Grad student Daniel Shepard has been a part of UT spoofing experiments before on unmanned aircraft, cell phone towers, and even power grade units which use GPS in control aspects.
“So essentially what we’re doing is broadcasting a signal that looks indistinguishable from that the GPS satellites are sending out. And we can trick a receiver into locking onto our signal instead of the authentic GPS signal and by doing that we can control where they think they are and even what time they think it is,” Shepard said. “This can falsify the measurements that are being received on the power grid and you might be able to cause a blackout in a small area.”
And that’s why we should all care. Military GPS is encrypted to prevent attacks like this. Should the civilian system be too?
“GPS is not trustworthy until we can get some kind of change in the signal or use more sophisticated equipment that can tell whether you’re being spoofed or not,” Shepard said.