Photo of real GPS spoofing attack reported to OPSGROUP by a memberPilots flying in the Middle East need to be increasingly wary of GPS spoofing attacks as one group continues to release new information concerning close to 50 reports. Now, these reports are being broken down into categories and analyzed, revealing two new types of GPS spoofing being reported, with one leading to new critical navigation failures.
On Sept. 26 OPSGROUP published a risk warning on complex navigational failures following fake GPS signals, otherwise known as spoofing. GPS spoofing occurs when someone uses a radio transmitter to send a false GPS signal to a receiver antenna to counter real GPS satellite signals, according to McAfee. While most navigation systems have a strong signal, a stronger fake signal can override a legitimate signal. The original risk warning described instances of spoofing occurring in the Iranian airspace, identifying 20 reports of near-identical situations. The group gave two updates in November describing the two new types of GPS spoofing being reported and three distinct scenarios with a published spoofing map.RELATED STORY:Reports of GPS spoofing in Middle East rising, FAA issues risk warning
According to OPSGROUPS, the worst-case scenario will involve a complete loss of on-board navigation requiring ATC vectors, IRS failure and an unnoticed off-track navigation toward dangerous areas or hostile airspace. The initial report recounted an incident involving an Embraer Legacy 650 en route from Europe to Dubai that lost GPS in the aircraft and both iPads and the IRS stopped working, and the crew nearly entered Iranian airspace without clearance. Another crew in a Bombardier Challenger 604 received a warning near the north of Baghdad and lost everything related to Nav and IRS, suggesting they had drifted by 70-90 miles. The Challenger crew reported that they did not get the GPS sensors back until they fired up the plane and went to home base two days later. The FAA released a memo to pilots on the situation, advising of the potential spoofing risk.
"The recent opensource reporting regarding spoofing incidents, if confirmed, would pose increased safety of flight risks, due to potential loss of aircraft situational awareness and increased pilot and regional air traffic control (ATC) workload issues, which can lead to potential accidents and/or loss of life," the FAA said. "FAA recommends that U.S. civil air operators transiting ORBB and UBBA monitor regional NOTAMs, put additional emphasis on maintaining continuous communications with appropriate air traffic control authorities while monitoring aircraft equipment performance closely for any discrepancies or anomalies, and be prepared to operate without GPS navigational systems."
The group described the most troubling of the nearly 50 reports to show how critical the impact of spoofing can be. A Gulfstream G650 experienced full nav failure; a false GPS position on a Bombardier Global Express and controller warned the crew that they were flying towards a forbidden area; A Global 7500 was spoofed three separate times in Cairo Flight Information Region with the first taking out one GPS, the second took out a GPS and all three IRS's and the third took both GPS's and all three IRS's; and a Boeing 777 experienced a 30-minute GPS spoofing incident in Cairo FIR.
The two new types of GPS spoofing were reported in other areas since the initial September alert, including critical nav failures on departure from Tel Aviv leading aircraft toward Lebanon and spoofing signals received by multiple aircraft in Cairo FIR that showed a stationary position over the Ben Gurion Airport in Israel. OPSGROUP has identified three distinct scenarios and shown each on a map. Scenario 1 area (Baghdad Type) outlined primary incidents since Aug. 29, Scenario 2 area (Cairo Type) involved incidents since Oct. 16, and Scenario 3 area (Beirut Type) involved primary incidents since Oct. 25. The incidents have involved a range of aircraft including a Falcon 2000LX, Boeing 777, Airbus A330, Bombardier Global 7500, Gulfstream G650, Boeing 737 and Falcon 8X.Scenario 2 Cairo Type on map
The first scenario, the Baghdad Type, encompasses the first report on Aug. 29 and the additional reports in September. These involved GPS spoofing of en route aircraft with nav failures. The Cairo Type was primarily in the Cairo FIR, Nicosia FIR (Cyprus) and Amman FIR (Jordan). The second scenario involves reports that surfaced around Oct. 16, most within Cairo FIR. In this scenario, all crews reported similar circumstances where a false spoofed GPS position was received by the aircraft incorrectly showing the aircraft position as being over the Ben Gurion Airport or Tel Aviv. The locations of these varied from over the eastern Mediterranean, Egypt and on approach to Amman in Jordan. The Beirut type was primarily within the Tel Aviv FIR, Nicosia FIR and Amman FIR and the spoofing showed the aircraft over OLBA/Beirutor created subtle tracking towards OLBA. The third scenario was responsible for wayward tracking on SID departures from the Ben Gurion Airport since Oct. 25.
The spoofing was causing concern and confusion. No one could identify where the attacks originated, but it was growing more evident that these failures could be catastrophic if unchecked. Previous NOTAMS were issued for GPS jamming that had occurred in the area since 2018 but do not begin to cover the extensive problems that spoofing can cause. Unlike jamming, which can interrupt a signal and render it unusable, spoofing will produce false positioning without warning and often go undetected. Little over a decade ago, sending false GPS signals was thought to be impossible. Now, the question is, how do you identify it?
For flight crews flying over the Middle East, they must be extra cautious and prepared for any scenario. OPSGROUP released three informative details based on reports from the crews that have experienced spoofing. First, a sudden increase in estimated position uncertainty. GPS jamming will not create EPU but spoofed position can jump, changing EPU values from 0.1nm to 60 nm and andgt;99nm in rapid succession. Second, an EFIS warning related to nav. Some aircraft will go straight into dead reckoning mode, which is a process of calculating the current position of a moving object based on a previously determined position, incorporating speed, heading and elapsed time. Third, is a sudden large change in the aircraft clock UTC time. The reports have varied from a couple of hours to an eight and 12-hour change in the aircraft clock time.
To reduce risk, pilots must be aware when they enter a potential GPS spoofing region. Crews can consider de-selecting the GPS as a sensor input to the flight management system and, if possible, to the IRS. Doing so could help avoid nav uncertainty or the loss of IRS. Crews can monitor ATC for other reports of spoofing or any help should a problem arise. Before flying into a spoofing zone, pilots can identify other navaids to be used in place of GPS.
When experiencing active spoofing, OPSGROUP said to de-select any GPS inputs as soon as possible (within 60 seconds) to prevent wider nav failure. Pilots can switch to using conventional navaids like VOD or NDB. If the IRS is not spoofed, this could be preferable for accuracy. Crews should report any instance to ATC, either for help navigating, to find an accurate position or to warn other pilots of possible attacks.GPS Spoofing graphic from Safran
The OPSGROUP is a membership organization for international flight operations, like pilots, flight dispatchers, schedulers and controllers. With 8,000 in the group, they share new information on any changes or risks being reported. With the November update on GPS spoofing, the group issued an ALL CALL to the group for reports, guidance, member comments and updates.
As the aviation community shares concerns and reports risk mitigation tips and maps for pilots, one professor and a group of students in Texas have narrowed down the possible sources. UT Austin professor Todd Humphreys, who researches satellite communications, told Vice News about the work he and a team of graduate students are doing in a lab to study the signals across the region. Humphreys has been warning of an attack like this for 15 years and in 2012 he testified to Congress about concerns. Humphreys shared that through using raw GPS measurements from several spacecraft in low-Earth orbit, his student Zach Clements located the source of the spoofing to the eastern periphery of Tehran. Spoofing has been reported in other countries in the region, including Israel.
For those flying in GPS spoofing territory, OPSGROUP released a pilot quick reference handbook revealing the hotspots and what to expect in each. The group even shared an image of a spoofing incident from a member, showing how easy it is to mistake a false location. Until a solution is found to prevent spoofing, pilots can prepare for flights in risky regions and have a plan for in case they are caught in a spoofing attack.