Hacking attacks on airlines’ global positioning systems (GPS) increased worldwide by some 400 per cent in the first 10 months of last year, according to research by the aviation advisory body OpsGroup, representing 450 airlines and industry specialists such as Nasa.
OpsGroup – made up of about 8,000 professionals at what it calls “the pointy end of the industry” – reports “a troubling spike” in the attacks, up from an average of 200 daily in the first quarter from January to March, to around 900 daily for the second quarter of the year.
Some days, it says, as many as 1,350 flights have been hacked.
As a result, an international working group has been set up to collate data and talk to airline flight crew to try to get a more detailed picture of the extent and geographical locations of the problem – and who may be behind it.
Because this is a relatively new problem the industry has largely focused to date on “ad hoc mitigation efforts” but as the scale and speed of the threat increases there’s now “a need to broaden industry awareness of the growing safety risks”, says OpsGroup.
[ Increase in jamming of Irish flights’ GPS systems blamed on RussiaOpens in new window ]
OpsGroup’s findings are strikingly supported by recent statistics from the Netherlands Aviation Incident Analysis Bureau, which show that Dutch pilots were targeted 983 times in the first 10 months of this year by unidentified hackers sending counterfeit GPS locations to their aircraft.
“Reports started increasing noticeably after Russia invaded Ukraine in February 2022,″ says Coen George, vice-president of the Dutch airline pilots’ association. “Now, less than three years on, it’s so bad it’s a daily problem for pilots.
“It can lead to false warnings or – equally dangerous – to the absence of warnings. In many ways the real risk is that if pilots get used to discounting fake warnings, they may misinterpret or dismiss a real one.
“It’s like sailing in the fog: you can no longer fully trust your on-board systems.”
Is this type of attack, of itself, going to cause an aircraft to crash? No, it’s not. What it does is create confusion. You risk starting a cascade of events
— Ken Munro
According to researchers at the University of Texas, the counterfeit signals, particularly around military conflict zones, can be up to 500 times stronger than authentic GPS signals and so “present a direct safety threat to commercial aviation in range of the transmissions.”
Not so many years ago, a temporary answer for pilots would have been to turn off the GPS system while flying over risky areas and use a network of navigation beacons on the ground to lead the way.
However, those beacons have gradually been disappearing, especially in hard-to-maintain regions, due, ironically, to the reliability of new iterations of always-on digital satellite GPS.
The hacking is spreading rapidly. Whereas Dutch aircraft initially reported most problems north of Turkey, across the Balkans, and in the Middle East, they say it’s now also beginning to occur more frequently near Pakistan, Myanmar, North and South Korea, and even in the United States.
To that list of black spots, OpsGroup adds the Black Sea, Cyprus, northern Iraq (near Baghdad), Egypt (near Cairo), and anywhere in the vicinity of Russia, particularly conflict zones.
Insofar as one can tell without being certain of the identities of the perpetrators, what began as a hack aimed primarily at missiles, drones and military aircraft has broadened its appeal because “illicit ground-based GPS systems” have become more easily available.
According to C4ADS, a non-profit organisation in Washington DC specialising in data analysis from conflict flashpoints, GPS hacking equipment that might previously have cost tens of thousands of dollars now costs around $350. It’s portable and the software code is open source.
Initially the problems posed by GPS hacks were primarily navigational, says OpsGroup. But because as the GPS technology evolves it is becoming “interwoven” with the aircraft’s other online systems, the problems hacking causes are becoming more difficult to trace and tackle.
Examples of the navigational impact of a hack might be that the plane could begin turning unexpectedly or that the inertial reference system (IRS), which calculates position, acceleration, vertical speed, ground speed and true and magnetic heading, could became unreliable.
In such circumstances it’s easy to see how a navigational hack in or around a conflict zone could lead an aircraft to stray, even briefly, into potentially dangerous territory.
In terms of interacting on-board systems, an example is an increase in the cases of aircraft clocks being affected.
Seeing them “running backwards” is often one of the first warning signs of an encounter with a hacker. “Eurocontrol – the EU’s air navigation safety agency – now report seeing this on a daily basis,” says OpsGroup.
While the clock may sometimes be a pilot’s early warning, other false alerts can happen hours after a hack, emerging apparently out of nowhere as the fake data works its way through the system.
British cybersecurity expert Ken Munro recently described to an industry conference one incident in which clocks on a plane owned by “a major Western airline” suddenly went forward “by years” – causing the jet to lose access to its digitally encrypted communications systems.
The plane landed safely but was grounded for weeks while engineers manually reset its on-board systems, Munro told Reuters.
Earlier this year, Finnair temporarily paused flights to the eastern Estonian city of Tartu as a result of GPS attacks which Tallinn blamed on neighbouring Russia.
It said it planned to take the issue up with the EU and Nato on the grounds that it could be in violation of the UN’s International Telecommunications Union regulations – which forbid harmful radio frequency interference.
At around the same time, Germany also claimed Russia was “very likely to have been behind” a series of “disturbances” affecting GPS navigation in the Baltic region. Berlin said it believed the Russian enclave of Kaliningrad – on the Baltic Sea coast – was the source of the interference. However, it refused to say how it knew this, citing “military security”.
Russia did not comment in either case.
“Is this type of attack, of itself, going to cause an aircraft to crash? No, it’s not,” says Ken Munro.
“What it does is create confusion. You risk starting a cascade of events, where something minor happens, something else minor happens – and then something serious happens.”
All of this is why pilots are unhappy with proposals being examined by the European Aviation Authority to abolish co-pilots in favour of single-pilot planes, a move welcomed by many cash-strapped airlines.
“Given the risk posed by fake GPS signals”, says Coen George of the Dutch airline pilots’ association, “it’s crucial that two pilots are in the cockpit to monitor the aircraft’s signals and to intervene when necessary.”
Anything less, he maintains, is “an irresponsible and unnecessary gamble with air safety.”
In an industry where safety plays such an all-consuming role, a similarly bleak warning comes from OpsGroup, whose members know the industry inside out at every level – and are not given to alarmism.
“The trouble is that shifts in safety risk are happening without much attention to them,” they warn.
“These are largely unaddressed latent pitfalls that will become painfully clear when the first accident attributable to spoofing occurs.”
- Sign up for push alerts and have the best news, analysis and comment delivered directly to your phone
- Find The Irish Times on WhatsApp and stay up to date
- Our In The News podcast is now published daily – Find the latest episode here
