It must be pretty cool to be one of Todd Humphreys’ engineering students at the University of Texas at Austin. Last year, the U.S. Department of Homeland Security dared them to hack into a drone. (Which they did.) And this year, Humphreys and his students went to the Mediterranean to see if they could hijack an $80 million yacht.
It all started when Humphreys was giving a talk about navigation security at SXSW. After the presentation, a man approached him to say how impressed he was with the work Humphreys had done with drones. The man then handed him a card and said, “Do you think you could hijack my superyacht?”
The man turned out to be Andrew Schofield, an amateur scientist and captain of the White Rose of Drachs. Humphreys knew that yachts and other sea vessels relied heavily on civil GPS, the same signals he used to hack into a drone, so he was eager to test his methods on a new target. Not to mention, to rent a ship like the White Rose of Drachs for a week would cost something in the range of $700,000—and sequestration or no, there isn’t a government in the world that’ll float the check for that sort of research. (The project also ended up receiving gift funding from the Wireless Networking and Communications Group and its sponsors. And how about a hand for the anonymous superyacht-owner-guy who let some college kids attack his ship in name of science?)
Once onboard, Humphreys and his team set up a battle station on the yacht’s upper deck. From there, they took stock of the ship’s current position and velocity, then started beaming GPS signals at the ship’s antennae. This technique is known as “spoofing,” and it works by gently replacing authentic GPS signals from satellites with counterfeit signals of the attacker’s choosing.
When it was developed back in the 1970s, GPS signals were built in two flavors, as Humphreys described them to me. You had military GPS, a heavily encrypted signal, and civil (or civilian) GPS, a signal that was deliberately left unprotected so as not to stifle innovation. The thing is, the forefathers of GPS couldn’t have imagined the level to which our daily lives would come to rely on these signals—from commercial aircraft and vehicle navigation systems to the phones in our pockets. And that means a lot of things that use GPS signals out there today are vulnerable to spoofing attacks. As Humphreys put it, “Civil GPS is like a $20 bill with no watermark. You can walk down and take a photocopy of the bill and no one can tell the difference. It’s almost like Monopoly money.”
If civil GPS signals are Monopoly money, then back on the ship Humphreys’ students were making it rain. Without drawing an alarm or disrupting the ship’s instruments, the team carefully took control of the ship’s navigation and set course for a new path. Subtlety is the key, says Humphreys. If you come on too strong, the GPS system will report that it’s lost the signal, potentially tipping off the crew that something is amiss. Given their success aboard the superyacht, Humphreys thinks they could execute the same attack from 20 to 30 miles away—perhaps aboard a small aircraft.
Furthermore, if a college is capable of pulling off this sort of thing, the threat exists that someone else might try to do the same. Military GPS is pretty well encrypted, so we don’t need to worry about fighter jets falling out of the sky, but commercial airliners, cruise ships, and all sorts of civilian vehicles use the more vulnerable form of GPS. It’s true, GPS isn’t the only navigational tool in the mix—and a good pilot or captain should be constantly second-guessing her equipment anyway. But the better we make technology, the easier it is to be lulled into thinking it’s infallible.
That is, until a terrorist with a laptop steers a Disney cruise ship into a coral reef.
Humphreys says his university, Cornell, and Stanford are all looking into ways to reinvent the civil GPS system to close the door on such a threat. “Right now, these signals are very predictable,” he said. “And predictability is the enemy of security.”