00:00:04
hello it's Scott Manley here GPS is
00:00:07
everywhere and it's used in many many
00:00:09
things I carry multiple devices with me
00:00:12
that all have GPS receivers such as my
00:00:14
phone my car has it built in my plane
00:00:18
has three different GPS receivers what
00:00:20
was once a specialized military
00:00:22
technology has become so common place it
00:00:25
is now a part of the fabric of everyday
00:00:27
life and let's be clear GPS s is not the
00:00:31
only game in town There's glas Buu
00:00:34
Galileo they all perform the same
00:00:36
function and you generally refer to them
00:00:38
as Global navigation satellite systems
00:00:41
or gnss and thanks to these Technologies
00:00:44
it's almost impossible for someone to
00:00:46
get lost these days aircraft used to
00:00:49
rely on groundbased navigation systems
00:00:51
but these days everyone has GPS based
00:00:54
area navigation and the only instrument
00:00:57
Approach at my local Airfield is an
00:00:59
Arnav GPS approach which doesn't use any
00:01:02
groundbased navigation systems at all in
00:01:05
fact the in the US the number of
00:01:07
groundbased navigation AIDS has been
00:01:09
slowly decreasing as GPS begins to
00:01:12
dominate all the aviation na navigation
00:01:14
needs and ground facilities are breaking
00:01:17
down and without an obvious reason to
00:01:19
replace them they are going unrepaired
00:01:22
and it's not just used for navigation
00:01:25
increasingly complicated aircraft
00:01:27
avionics are incorporating GPS data with
00:01:29
other other sensors to provide other
00:01:31
information my aircraft the compass is
00:01:34
also a directional gyro which is you
00:01:36
know driven by GPS information I've seen
00:01:40
angle of attack indicators which rely on
00:01:42
GPS information uh systems that measure
00:01:46
winds speed are also using this so if
00:01:49
there was a problem with GPS it isn't
00:01:51
just that you're going to lose your way
00:01:52
you might lose basic instrumentation in
00:01:55
your aircraft if it relies on that but a
00:01:58
couple of weeks ago thin air had had to
00:02:00
cancel their newly opened route to tartu
00:02:03
in Estonia because GPS jamming was make
00:02:05
it impossible to navigate reliably they
00:02:09
didn't say who was responsible but uh
00:02:11
open source intelligence analysts know
00:02:13
exactly where this is coming from
00:02:15
because we actually have a way of
00:02:17
tracking GPS glitches aircraft when
00:02:20
they're flying they broadcast adsb which
00:02:22
is basically a signal that says their
00:02:24
GPS location uh over time and they keep
00:02:27
broadcasting this and where it goes
00:02:29
wonky you can say that this is possibly
00:02:31
because of GPS interference or jamming
00:02:35
so now if you plot the points where you
00:02:37
have this interference kicking in and
00:02:39
then you assume that they have to be
00:02:40
able to see the Target on the ground or
00:02:42
the the source of the interference on
00:02:44
the ground you can draw rings around
00:02:46
this and see that the whole thing ends
00:02:48
up C centering on a point just inside
00:02:52
Russia Southwest of St Petersburg and
00:02:55
that's one of them but there was another
00:02:58
uh Baltic Jammer which has been uh
00:03:01
involved in recent months and that is
00:03:03
been traced to a region called
00:03:05
kaliningrad now krad is a bit of a
00:03:09
territorial Oddity it's part of the
00:03:10
Russian Federation but it's not actually
00:03:12
connected directly it's on the Baltic
00:03:15
Coast between Poland and Lithuania and
00:03:17
it's Russia's only ice free port in the
00:03:19
Baltic so it's kind of important to them
00:03:22
it used to be known as kbur because it
00:03:24
was was part of Germany it was their
00:03:26
easternmost city right up until World
00:03:29
War II afterwards it became part of the
00:03:31
Soviet Union it was renamed krad in
00:03:34
honor of mik khenan who was like a you
00:03:37
know early leader Party official and um
00:03:41
he would lived in the city I think when
00:03:43
he died and yeah this name has become a
00:03:46
little problematic in recent years
00:03:47
because they're right next to Poland and
00:03:50
M Kenan was one of like six leaders that
00:03:54
signed an order to basically execute
00:03:56
thousands of Polish prisoners of war in
00:04:00
a war crime known as the ctin massacre
00:04:03
which has the dubious distinction of
00:04:05
being a war crime reported publicly by
00:04:08
the
00:04:09
Nazis yeah the history of this region is
00:04:12
complicated so anyway yeah it's been
00:04:14
known for a long time that there's GPS
00:04:16
jamming and interference coming from
00:04:17
inside Russia is also around Ukraine
00:04:20
obviously a war which has seen a huge
00:04:22
number of drones being used many of
00:04:24
which are relying on consumer grade GPS
00:04:27
Hardware so it makes complete sense to
00:04:31
deploy GPS interference uh to you
00:04:33
basically blunt these Technologies
00:04:36
Effectiveness now the itu specifically
00:04:39
prohibits gnss interference and it's
00:04:42
easy to say that Russia is breaking
00:04:44
those rules those International laws but
00:04:46
okay you know let's be clear we all know
00:04:48
that most other nations have similar
00:04:51
capabilities it's not exactly difficult
00:04:53
to figure out how to jam GPS I even
00:04:56
pointed out that in a previous video
00:04:58
that the US designed um GPS system has
00:05:02
uh difference differences between the
00:05:04
military and the civilian signals that
00:05:06
make it easier for the for the jamming
00:05:09
of the civilian signal while leaving the
00:05:11
military signal available so you know
00:05:14
this is not something that hasn't been
00:05:15
thought of and we also get what are
00:05:17
called GPS notams which will tell Pilots
00:05:21
by the way if you're near this test
00:05:23
range you might have some GPS
00:05:25
interference so you know don't
00:05:27
necessarily trust it um so yeah
00:05:31
elsewhere around the world there's been
00:05:32
a few other stories and one of the more
00:05:34
spectacular ones I think is these viral
00:05:36
videos of drone shows in China where the
00:05:40
drones are supposed to be spelling out
00:05:42
some ad and they just start falling out
00:05:45
of the sky and this is actually been
00:05:48
accompanied by stories that this is
00:05:51
because of a rival rival advertising
00:05:54
company jamming the drones to try to
00:05:56
make their competitors look bad I'm not
00:05:58
sure I believe this but but we do know
00:06:00
that there is actually a lot of GPS
00:06:02
jamming in and around China so it's not
00:06:06
something that doesn't happen Beyond
00:06:09
simply like losing navigation signal
00:06:11
there's other things that can go wrong
00:06:12
for example cell phone networks all
00:06:15
those cell towers frequently they will
00:06:17
use GPS signals to get their time so
00:06:20
they can synchronize their clocks across
00:06:22
the network and when those things get
00:06:23
out of sync or they can't get signals
00:06:26
it's entirely possible that you lose
00:06:28
cell phone signal even although there
00:06:30
isn't say they aren't relying on a
00:06:32
satellite signal to transmit the data
00:06:34
around so yeah you can find cell phones
00:06:37
not working or cars losing their
00:06:39
location or all sorts of other problems
00:06:42
but yeah look to jam GPS it doesn't take
00:06:45
a massive amount of Technology right the
00:06:49
the satellites are tens of thousands of
00:06:52
miles away the signals are very very
00:06:54
weak and you could actually accidentally
00:06:57
Jam GPS signals just in everyday work
00:07:00
there's like certain frequencies if you
00:07:02
tune your nav radio and there are
00:07:05
harmonics of that that will happen to
00:07:07
coincide with a GPS frequency and
00:07:08
there's been cases where Pilots
00:07:10
literally they hit the push to talk
00:07:12
button to transmit and they find their
00:07:13
GPS system stopping working while
00:07:15
they're transmitting because of some
00:07:17
farfetched harmonic that just happens to
00:07:20
you know overpower the GPS signal uh you
00:07:25
know there's there's other things like
00:07:26
this where it doesn't take a lot of
00:07:28
power like it only takes a few few watts
00:07:29
of power on the ground to transmit a
00:07:33
signal which can obliterate the GPS
00:07:35
signal for miles around because it's
00:07:38
very very weak now as you can imagine
00:07:41
the way jamming works is you put out a
00:07:44
radio signal in roughly the same band
00:07:46
with lots of noise and energy and you
00:07:49
swamp the signal that is being looked
00:07:51
for so that it isn't recoverable it's
00:07:53
like you're talking across the street to
00:07:56
your neighbor or your friend and a car
00:07:58
rolls up between the middle of you
00:08:00
pumping it stereo loud revving its
00:08:02
engine you can't hear what they're
00:08:03
saying until they slam the accelerat or
00:08:06
Screech off into the distance and you
00:08:08
can hear them again now GPS is already
00:08:11
designed to deal with very you know high
00:08:13
levels of noise very weak signals like
00:08:16
the CDMA encoding that it uses repeats
00:08:19
the same bit millions of times maybe
00:08:23
thousands of lots and lots of times so
00:08:25
that it can be pulled out of the noise
00:08:27
it's like transmitting 5050 bits per
00:08:29
second over a frequency of 1.5 GHz
00:08:33
there's a lot of bandwidth there and so
00:08:36
they can get this very low bit rate
00:08:38
signal through it very low signal Powers
00:08:41
uh but even then you know there's a
00:08:42
limit to how much noise before it drops
00:08:44
in and also because of the way GPS works
00:08:47
the way CDMA Works actually it's harder
00:08:50
to get the initial lock on the signal
00:08:52
but once you've got a lock on it's a lot
00:08:54
easier to maintain it so you could get
00:08:55
into a situation where you have like a
00:08:59
system that's just starting up isn't
00:09:01
able to get any GPS signal but a system
00:09:03
that's been running for a while when the
00:09:05
jamming starts it's able to maintain the
00:09:07
log so you know you can get some
00:09:09
disparity in performance between those
00:09:12
anyway back to krad uh amateur radio
00:09:14
operators have actually captured the
00:09:17
interference we've got nice waterfall
00:09:19
plots uh from the the area and you know
00:09:22
what they're using is pretty broad stuff
00:09:24
it's sometimes it's targeting certain
00:09:26
frequencies sometimes it's targeting GPS
00:09:28
and other uh gnss systems the spectrum
00:09:32
is actually changing over time by the
00:09:34
looks of things as if they're
00:09:35
experimenting with different concepts
00:09:37
but it's also appears that it's not
00:09:40
omnidirectional that is that they've got
00:09:42
cutouts where they're not broadcasting
00:09:44
or at least it's broadcasting at a lower
00:09:45
level and I would imagine that this is
00:09:47
so you can have friendly aircraft
00:09:50
navigate in because after all kerrad is
00:09:53
disconnected from the rest of Russia and
00:09:55
one way to get in and out is via an
00:09:57
aircraft and it would be a shame if they
00:09:58
couldn't land but anyway yeah GPS
00:10:01
jamming is easy you can do it
00:10:03
accidentally it's really easy to build
00:10:05
Hardware to do it it's not legal but
00:10:08
it's very easy to do uh it's also very
00:10:11
easy to figure out where such a signal
00:10:13
would be coming from a far more
00:10:15
interesting attack is GPS spoofing and
00:10:18
that is where you generate false GPS
00:10:21
signals and try to convince the Target
00:10:23
that they are somewhere where they're
00:10:25
not and this is a vastly more
00:10:28
sophisticated attack attack right most
00:10:30
GPS Hardware implementations are pretty
00:10:33
trusting and they will happily lock on
00:10:35
to the strongest signals they can get
00:10:37
and use those instead of the real
00:10:39
satellites but you know GPS spoofing is
00:10:42
still very complicated it's not
00:10:44
something that can be used
00:10:45
indiscriminately over a wide area with a
00:10:48
signal
00:10:49
transmitter GPS of course works by
00:10:52
measuring the timing of signals from
00:10:54
satellites and the satellite's position
00:10:56
has to be determined from orbital
00:10:58
Elements which are inside the signal
00:11:01
it's conceivable that a spoofing attack
00:11:03
might simply replace the orbital
00:11:05
elements in the signal or the timing
00:11:07
code or perhaps it could attack the
00:11:09
differential GPS signal used for like
00:11:12
was GPS saying that the correction is
00:11:15
sufficiently far and you know maybe you
00:11:17
can only change the location on a
00:11:19
differential attack by you know uh tens
00:11:22
of meters but guess what tens of meters
00:11:24
is sometimes far enough if you're
00:11:27
dealing with Munitions that are supposed
00:11:28
to hit a Target with great Precision but
00:11:31
anyway there are multiple ways that an
00:11:33
attack could proceed but yes say you
00:11:35
want to spoof a specific satellite you
00:11:37
could just start broadcasting a matching
00:11:40
signal perhaps making it a bit stronger
00:11:42
and hope that receivers will lock onto
00:11:45
it and ideally you do it with a whole
00:11:47
bunch of simulated satellites you just
00:11:49
replicate the entire network so that you
00:11:51
have complete control of the new signal
00:11:54
and then a receiver might lock onto your
00:11:56
signal and think that they're at the
00:11:57
location that you specify one problem
00:11:59
though with this is if that you're
00:12:01
broadcasting from a single site then the
00:12:04
relative timings aren't going to change
00:12:07
so one of the important parts of GPS is
00:12:10
the timings between the various
00:12:11
Simulator the various satellites changes
00:12:14
depending upon location so you can
00:12:16
figure out your location but if you're
00:12:18
coming from a single site you can't
00:12:19
really do that so it best if you
00:12:21
broadcast a spoofing attack from a
00:12:22
single antenna everybody ends up
00:12:24
thinking they're in the same place and
00:12:26
there may be some utility to that but
00:12:29
if you're really going to tailor your
00:12:31
attack to specific targets you have to
00:12:33
hit that Target with a narrow focused
00:12:36
radio beam and give them you know all of
00:12:40
your attention you might have multiple
00:12:42
beams but the point is you're aiming at
00:12:44
one target and tailoring the signal
00:12:46
specifically to them and this might need
00:12:48
a fairly large antenna to make it
00:12:50
focused enough so you know look if you
00:12:52
start sending fake signals to something
00:12:54
that's ready in Flight what's going to
00:12:57
happen is it may have the existing
00:12:59
satellites tracked you're now going to
00:13:00
get new satellites coming in and these
00:13:03
positions are going to be inconsistent
00:13:05
and you're going to end up with a
00:13:06
confused GPS receiver unless you
00:13:08
specifically tail your signal to remove
00:13:11
those other satellites from the system
00:13:13
and one way you could do this is since
00:13:14
you know where the target is know what
00:13:17
it should be receiving because you know
00:13:19
the state of the GPS system you can then
00:13:22
transmit the opposite signal cancel out
00:13:24
as much of the real signal as possible
00:13:28
and then on top of that that you
00:13:29
transmit your fake signal again
00:13:32
targeting one specific object and then
00:13:35
you slowly starting at the same state
00:13:37
you can then evolve it away that is
00:13:39
absolutely theoretically possible and if
00:13:42
you did do that you could start sending
00:13:45
you know different flight tracks take uh
00:13:49
a consumer drone I I love I flew my
00:13:51
mavic a while back and uh you know the
00:13:54
amazing thing about it was when you
00:13:56
would have it take off and you would
00:13:57
just leave it hanging there and would
00:13:59
just remain solid hanging Motionless In
00:14:02
The Air in exactly the way bricks don't
00:14:06
right yeah we know where that comes from
00:14:07
right but now imagine it's getting GPS
00:14:10
information and it's sufficiently high
00:14:13
altitude that it's no longer using its
00:14:15
Ground tracking
00:14:16
cameras well imagine a a spoof GPS
00:14:20
signal started telling it it was moving
00:14:23
well it might want to correct in the
00:14:24
opposite direction and by doing that it
00:14:27
would fly so you could SL slowly make it
00:14:30
fly around and this has actually been
00:14:32
demonstrators by researchers they put a
00:14:35
drone in like a you know in in a RF
00:14:38
insulated facility they had it fly up
00:14:40
and hover and then they started feeding
00:14:43
it you know spoofed GPS signals and told
00:14:46
it to hover still and they could
00:14:48
actually fly it around using a joystick
00:14:50
and the joystick wasn't controlling the
00:14:52
Drone it was just sending slightly
00:14:55
different positional information to it
00:14:57
and the Drone was doing its best to to
00:14:59
stay still or so it thought this is
00:15:02
absolutely possible the the reason of
00:15:04
course you do it inside an RFC area is
00:15:06
because you don't want those signals
00:15:07
getting out to the world and equally it
00:15:09
helps to not have signals from the real
00:15:12
satellites coming in and confusing it
00:15:14
okay so we know these attacks are
00:15:16
possible how can you defend against them
00:15:19
well one really simple way is to have a
00:15:22
directional intenna which attenuates
00:15:24
signals from below satellites are in
00:15:27
space why should you trust anything
00:15:29
coming from on the ground now I found
00:15:31
this image of a Russian large drone and
00:15:34
I sort of joked oh it looks like they've
00:15:36
got the an GPS antenna surrounded by
00:15:38
these shielding rings and I was feeling
00:15:41
really smart until some antenna engineer
00:15:43
said oh actually that's a specific kind
00:15:45
of antenna that actually these baffles
00:15:47
work together and they they make it just
00:15:50
very directional so it can in fact see
00:15:52
the sky with a great you know quality
00:15:55
but below it it has something like 30 DB
00:15:58
of signal attenuation so that helps
00:16:00
that's one way of doing it but then
00:16:02
again you know maybe you have uh
00:16:04
somebody that's performing jamming or
00:16:06
interference from an aircraft or even a
00:16:09
satellite in orbit there's nothing to
00:16:11
say that you couldn't have bad you know
00:16:13
gnss signals coming from a hostile
00:16:17
satellite uh other things you could do
00:16:19
um you can build smarter antenna you can
00:16:22
make multiple antenna that combine the
00:16:25
signals with different phases and by
00:16:27
doing that you give it a directionality
00:16:30
so you can recover the signal or you can
00:16:33
use a directionality which is peculiar
00:16:35
to each of the satellites you're
00:16:36
tracking making sure that it's focusing
00:16:39
on where the satellite should be rather
00:16:42
than where the satellite says it should
00:16:44
be and by doing that you could
00:16:46
effectively eliminate spoofed satellites
00:16:49
or if you think that a particular
00:16:51
satellite or source is bad you can make
00:16:55
a hole in your antenna that just refuses
00:16:58
to receive from that direction I saw one
00:17:01
product which was a fancy upgrade to
00:17:03
military drones that would do this and
00:17:06
it was literally a box that was its own
00:17:08
GPS receiver with a very smart antenna
00:17:11
and it just was sort of velcroed on top
00:17:14
of the existing drone it didn't connect
00:17:16
it just broadcast its own GPS signal
00:17:19
into the Drone that was like the cleaned
00:17:21
up version after all its uh you know
00:17:23
error detection robust uh GPS yeah you
00:17:26
could also just detect the stuff that is
00:17:28
inconsistent detect The Imposter
00:17:30
satellites and um just say for example
00:17:33
if a satellite signal is too powerful to
00:17:35
be from a satellite T of thousands of
00:17:37
miles away you might flag as suspicious
00:17:40
and start ignoring it so that way you
00:17:42
can't simply spoof something by
00:17:44
broadcasting a more powerful signal but
00:17:46
of course there are in turn counter
00:17:48
counter measures where you can increase
00:17:50
the sophistication of your attack and
00:17:52
deploy from other sources and gathering
00:17:54
around this and of course all this time
00:17:56
I've been talking about GPS like it is a
00:17:58
monolithic system but as you probably
00:18:00
know there are actual actually multiple
00:18:03
systems like there's the L1 course GPS
00:18:06
and then there's the L2 military there's
00:18:08
like the L5 there's different signals
00:18:10
and different frequency bands with
00:18:12
different levels of encryption and
00:18:14
spoofing checks and different technology
00:18:17
so there is already security being built
00:18:20
into modern GPS and of course the other
00:18:23
competing Satellite Systems ultimately
00:18:25
GPS at the consumer level trusts things
00:18:28
perhaps a lot more than it should which
00:18:30
is fine for everyday life it doesn't
00:18:33
necessarily work once you start getting
00:18:35
into conflicts and it's entirely
00:18:36
possible to harden a GPS system against
00:18:39
jamming with things like directional
00:18:41
antennas and limit spoofing by having
00:18:44
better in complex cross validation
00:18:47
between the the data and obviously a
00:18:49
number of these things are already
00:18:51
involved in implemented on military
00:18:54
hardware but the airliners on the other
00:18:56
hand you know they tend to be a bit more
00:18:58
slow moving it took a long time for GPS
00:19:01
to get accepted at the level that it is
00:19:03
in airliners and I suspect that if we
00:19:06
had new secure spoofing resistant GPS
00:19:11
signals or systems available tomorrow it
00:19:13
would still take more than a decade for
00:19:15
them to be common place in airliners as
00:19:17
we speak so what I'm going to say is to
00:19:20
prospective Pilots just learn to read
00:19:22
maps I mean I love looking at a good
00:19:24
oldfashioned map and seeing things on
00:19:26
the ground I'm Scott Manley fly safe
00:19:35
[Music]
00:19:49
[Music]
