A University of Texas student has traced the source of alarming GPS spoofing signals in the Middle East to the eastern outskirts of Tehran, but it would seem there is little anyone can do to stop the navigation interference. Todd Humphreys, who heads up the Radionavigation Laboratory at UT, said the grad student, Zach Clements, was able to use gear on the International Space Station to scan for the bogus signals and approximate their source. He said analysis of the signals themselves suggests it’s a more sophisticated form of jamming, the cruder form of which is ubiquitous in the region. “They seemed to be aimed at denial of service rather than actual deception,” Humphreys told Vice. “My students and I came to realize that spoofing is the new jamming. In other words, it is being used for denial of service because it’s more effective for that purpose than blunt jamming.”
Since late September, the website Ops Group has been collecting reports from pilots flying in the Middle East reporting satellite-based navigation equipment giving them false position reports. In some cases, their panels have told them they’re as much as 120 miles from their actual location, prompting the FMS to react. Some crews have had to ask ATC for vectors to keep them on course. Humphreys said the alarming development is the spoofing affects both the GPS-dependent equipment and the Inertial Reference System (IRS). The two systems are supposed to operate independently and the IRS was thought to be immune to that kind of tampering. It affects the main system and their backups simultaneously. “The GPS and IRS, and their redundant backups, are the principal components of modern aircraft navigation systems,” Humphreys said. “When their readings are corrupted, the Flight Management System assumes an incorrect aircraft position, Synthetic Vision systems show the wrong context, etc.” He said crews eventually figure out something is wrong and use old-fashioned tools like VOR and DME, but those are not always available and they have to call up ATC.
Iran has airlines that wouldn’t like to have their GPS jammed or spoofed.
It’s wise to disregard the notion that all the bad actors in that part of the world operate from a (take your pick) 13th-14th-15th Century mindset.
Oh, they do operate with a 13th century mindset. It is just that they do it with 21st century tools of warfare.
Having served in that part of the world for many years, I agree with our comment.
+1
7th century. i.e. Mohammad
Just so right, Mr. Roger.
I was wondering about this. Last week it took me multiple times to get my GPS to link up and initialize. First I thought that it was my old unit. But then I ran into the same thing with the panel mounted GPS. I recently loaded a program into my telephone. Hopefully between the 3 of them, I might actually get 1 GPS to work….
In redesigning my panel for a single engine aircraft operated mostly within the US, I was soundly criticized for keeping my DME, VOR/ILS/LOC equipment independent of the GNS Navigaor. It was a tough challenge, slightly increased the costs, but my concern that a VOR station is hard to jam/spoof, an GS/LOC is monitored and on the field and an ADF will detect any transmitter in its MF frequency band (200-1700 kHz). I have a good understanding of RF as a ham and physicist. This story precisely supports the argument I made in keeping the VHF and HF/MF radios. It’s pretty easy to jam a GPS, somewhat harder to spoof it, but until we have a backup other than “Stop Buzzer” which won’t work if a hostile agent has set up the interference say near the southern border, we should reconsider the security of our air navigation systems.
Personally, I favor turning LORAN-C back on as a backup to GPS. It is harder to spoof, requires few radio stations and it works fairly well.
LORAN-C is dead, however its replacement, eLORAN, would be the right backup for GNSS. Like GNSS and unlike VOR/DME, it is an area navigation system. It can even function to provide differential corrections to GNSS (e.g. WAAS). LORAN-C doesn’t have that extra low-bit-rate data channel.
Correct, Mr. Brian Lloyd. And it looks like it must be put in action as soon as possible.
No school like the old school.
Haha, imagine using VORs, i navigate using my sextant and trigonometry. Talk about old school!
I have experienced numerous outages of GNSS while flying. Some may have been equipment failure but when every GNSS receiver in the aircraft quits simultaneously, one has to suspect an external cause. Ever since seeing and holding a Russian GPS jammer 20 years ago it became very clear just how fragile GPS, and now GNSS, is. (The new L5 receivers will help.)
It is because of this I continue to equip my aircraft with ADF, DME, and VOR. I also make sure my magnetic compass is properly calibrated because I may have to fall back on ded reckoning to get into range of the next navaid. (Yes, it has happened, in this century, and while IFR too.)
All good points. I was impressed with your spelling of “ded reckoning”. I’m always a bit surprised by the number of pilots and aviation writers who think it’s “dead” reckoning, and don’t know the origin of the term is from “deductive reckoning” and has nothing to do with mortality ;>)
“Dead” also has a usage meaning “precisely”. I drill my holes on “dead center”, tighten my bolts to “dead nuts”, and when I know that you can’t refute me, I have you “dead to rights”. Homonyms are the bane of the poor-speller, and to most word-processors, still. I had to add “ded” to my browser’s default dictionary.
So I, too, revel in Brian Lloyd’s proper spelling of ‘ded’, and wish that it weren’t so notable.
“Ded” reckoning is a product of the 20th century, having first appeared in printer around the 1930s.
“Dead” reckoning, on the other hand, has been around since wooden sailing ships roamed the seas, with the earliest printed reference appearing in 1613.
There are various explanations behind using “dead”, such as referencing one’s position from a floating log or object “dead in the water” (i.e. – not moving). But none (until recently) use anything but the whole word “dead” and not the abbreviation “ded”.
PS – Lindbergh wrote it as “dead reckoning” in his book published in 1927.
That’s a little snooty.
Saw this regularly in Korea. Don’t go suggesting that shutting down the LORAN chain was a bad idea, though. People will fight you over that.
I fly a Champ with only a whiskey compass. Hard to defeat ded reckoning.
Yeah, a glass panel is great when you need to move an airplane from one airport to another, but for flying, you don’t want all that stuff getting in the way.
“But it would seem there is little anyone can do to stop the navigation interference”
Maybe some diplomacy delivered in the form of a 2,000lb JDAM? GPS-guided, of course.
Yes, please.
We just can’t have enough wars going on. The Military industrial complex needs to meet their numbers for the next quarter.
Peaceniks … they’re everywhere !!
There need not be a war. Just one mission.
I fail to understand how any jamming or spoofing can interfere with IRS navigation unless the IRS is allowed to update itself from GPS signals as is common with most systems giving you a “blended” position. Crews need to be aware of how to disable the GPS sensor from contributing to the blended position in whatever FMS system/s they have. If this cannot be done then the aircraft and/or crew need to be assigned to a non affected part of the world.
Obviously another fix would be a couple of IRS only guided cruise missiles into the jamming stations.
IRS drifts and uses GPS as a cross check. That drift is somewhat known and comparisons made to GPS should be within certain parameters.
Out of those parameters or tolerances, and the computer doesn’t know which is the best source.
Wait a minute. Over 50 years ago, I worked the bomb/navigational system on the B-58A “Hustler” which used inertial navigation to find its way around. While there was some drift, there were ways to correct for it using radar. Today, IF visual references could be seen, that’d work, too. There should be a way to turn off the GPS system in favor of IRS only. There is NO WAY that a spoofed GPS signal or GPS jamming can impact the inertial system. ONLY drift is involved and it isn’t that much.
You can also update inertial platforms with VOR data…
My Aera 660 can use the Russian constellation as a cross check, too. I wonder if the spoofers are jamming that system simultaneously? IF not, maybe pilots oughta carry backup portable GPS’ along in areas where this is an issue?
Perhaps it’s not Tehran the only one making Spoof GPS signals, once upon a time, when looking for the address of a Downtown hotel inside a German city, my GPS drove me to the door of an US base, where an afroamerican Army man asked me if I had an identity document.
My response: ‘Yes, mine!’
Gesund +
I’m certainly not an expert on these things, but it seems unlikely to me that any sort of external RF signal is actually disrupting the IRS, which is basically a black box with (typically) laser ring gyros. I would think it more likely the spoofed signal is being treated as gospel by the system software, leading to the inertial navigation system’s version being disregarded or even “corrected”. A software problem, so to speak.
Any time new technology is fielded. all the effort is directed on getting it to work right. The work of defending it from bad actors only comes later and is almost entirely reactive; we wait and see what the bad guys come up with and then figure out how to counter it.
Many IRS setups in commercial airplanes rely on GPS to correct their position for drift, so my assumption is that someone essentially figured out the “proper” amount they can shift a GPS position by (I’d assume it’s done over a period of time) so that the FMS updates the IRS with the wrong position instead of having the data flagged as bad.
How many reasons does anyone need to turn Iran into the “Valley of glowing wolves?”
Perhaps because of all the innocent civilians who would die? Do you have a aviation-related comment to make?
In my view, at least 4,5 billion. The number of citizens without a very hard connection with Putin and Ayatollahs.
Anything to feed the Military Industrial Complex.
Our own government here in the US interferes with GPS navigation all the time. They call it “interference testing”. Fortunately, they issue NOTAMs (which almost nobody reads). Regardless, this nonsense must stop immediately! It’s not just us aviators who rely on GPS. Other users include emergency services (firefighters, ambulances, police), outdoorsmen (fishermen, backpackers, hunters), motorists (including truckers who have GPS logs and GPS tracking of loads), and, of course the Armed Forces of various nations (probably the target of Iran’s mischief). Interference with GPS, even in the name of “testing” can and will kill. Maybe it already has.
Good point, Blaine. Just this morning I received an FAA Flight Advisory. It seems our military is doing “GPS Interference Testing” at Fort Liberty, NC for a solid week starting Friday. AGAIN.
Helpfully, they document the area where it “may result in unreliable or unavailable GPS signal (including WAAS, GBAS, and ASD-B)”. Specifically, above 50′ agl while within a radius of 46 nm of the site. My home airport, and every ‘drome that I commonly visit is within that distance. Note that RDU is only 51 nm away, at which point the “zone of unreliability” starts at 4,000’ agl, and covers 90% of the airports in the state.
So what do I care about some spoofer in the Middle East? My own government is doing it to me right here at home.
The story is somewhat confusing in the use of the terms “Spoofing” and “Jamming”, both are denial of service attacks. Jamming is typically trying to overpower the relatively weak GPS satellite signal with broadband noise (something like the guy next to you at a stop light with a 10,000 watt stereo overwhelming your car’s music system). Spoofing is using a powerful, but “real” GPS signal to alter the timing signal to produce a false position on your GPS receiver. Military GPS receivers deal with these fake signals using multiple GPS frequencies and anti-jam antennas not available to civilian GPS receivers.
For Inertial Reference Systems that use GPS aiding, there are typically three navigation solutions available, INS Only, Blended (GPS/INS) and GPS Only. If the FMS software is not alerting the crew of a divergent solution, someone should fix the software. For pure IRS with no external aiding, they are jam and spoof-proof unless someone can change the rotational rate of the earth.
The eventual answer to GPS outages will be inexpensive “Navigation” grade MEMS gyro chips in your airplane or maybe a Starlink based navigation system.
Tempting as it may be to turn Tehran into a radioactive parking lot, it is instructive to learn what their capabilities are in electronic warfare. Knowing what they can do and how they do it allows our side to develop counter measures to defeat it. Just another step in the ongoing game of us versus them. Besides, don’t forget that the Iranians are a lap dog of the Russians, so this is a convenient way for them to test systems with “plausible deniability”.
Good and undeniable point.
A CENTCOM (U.S. Central Command) spokesperson said the Command was aware of the issue but had no further comment.
Based on information from its members, OPSGROUP characterized the spoofing as something beyond the ordinary GPS jamming common to the area. It reports that a specific GPS receiver on a single aircraft is sent a signal that shifts the displayed position by 60 nautical miles.
The aircraft’s navigation systems cannot process or make sense of the sudden new data and in almost all reported cases navigation systems and GPS displays are rendered useless. The pilots then have to call air traffic control for vectors to stay on course.
Any delay in recognizing the loss of navigation and resultant positional drift near Iranian border areas could result in an intercept by Iranian Air Force aircraft, the consequences of which can be unpredictable.
So clearly, Iran is itching to possibly shoot down a civilian registered aircraft and cause a reason to ramp up the already war time footing in the Middle East.
Any delay in recognizing the loss of navigation and resultant positional drift near Iranian border areas could result in an intercept by Iranian Air Force aircraft, the consequences of which can be unpredictable.
OPSGROUP notes that airway routes over Baghdad near the eastern Iraq-Iran border are considered sensitive areas by Iran.
Iran shot down a passenger aircraft in 2020 in Tehran and has been heard in September of 2023 issuing warnings on 121.5 with ” threats to shoot down any aircraft entering the FIR without a clearance.”
So here’s a question: GPS operates on frequencies in the 1200 to1600 MHz range. Signals in that range do not travel past the radio horizon. For a spoofing signal to reach an aircraft at 10,000 feet overhead Tel Aviv, the antenna in Tehran would have to be 500,000 feet tall to create line of sight. This is assuming there is no terrain between the two locations, which there is. How did the Iranians build a 94 mile high tower?
Before we’re portraying Iran as the only bad guy in the world and start another war, maybe it’s worth adding this quote from the original article: “The strong and persistent spoofing we’re seeing over Israel since around October 15 is almost certainly being carried out by Israel itself,” Humprheys said.
Yes! and bet they have correction protocol or algorithms to adjust to their own spoofing.
As we saw in Iraq war cell phone GPS plays a part in low cost munitions. Understandable why Israel would like to disrupt devices like this, and then have error correction integrated into their own systems.
Answer: From Ben Gurion airport in Israel to the border with Hezbolla occupied Lebanon is on the order of 100 miles. No 94 mile high tower required.