A recent spike in GPS 'spoofing,' a digital attack capable of diverting commercial airliners off course, has taken an intriguing turn, according to cybersecurity experts: the potential to manipulate time. There has been a 400% increase in GPS spoofing incidents affecting commercial airliners in recent months, according to aviation advisory body OPSGROUP. Many of these incidents involve illegal ground-based GPS systems, especially in conflict zones, that transmit false positions to confuse incoming drones or missiles.
'We often think of GPS as a source of position, but it's actually a source of time,' said Ken Munro, founder of Pen Test Partners, a British cybersecurity firm, during a presentation at the DEF CON hacking convention in Las Vegas on Saturday. 'We're beginning to see reports of airplane clocks behaving oddly during spoofing events.'
In an interview with Reuters, Munro mentioned a recent incident where an aircraft operated by a major Western airline had its onboard clocks abruptly advanced by several years, disabling the plane's digitally-encrypted communication systems. The plane was grounded for weeks while engineers manually reset its onboard systems, Munro explained. He did not disclose the airline or aircraft involved.
In April, Finnair temporarily halted flights to the eastern Estonian city of Tartu due to GPS spoofing, which Tallin attributed to neighboring Russia. GPS, short for Global Positioning System, has largely replaced costly ground devices that use radio beams to guide planes to landing. However, GPS signals can be easily blocked or distorted using inexpensive and readily available components, and minimal technical knowledge.
'Will it cause a plane to crash? No, it won't,' Munro told Reuters. 'It merely creates confusion. And there's a risk of triggering a series of events, where minor issues lead to a serious incident.'