A significant increase in GPS “spoofing” incidents has been witnessed that target commercial airliners, according to cybersecurity researchers. This form of digital attack can send planes off course and has now evolved to include the ability to manipulate time.
OPSGROUP, an aviation advisory body, reports a 400% rise in GPS spoofing incidents affecting commercial airliners, particularly near conflict zones.These incidents often involve unauthorised ground-based GPS systems that broadcast false positions to the surrounding airspace, aiming to disorient incoming drones or missiles.
Ken Munro, founder of Pen Test Partners, a British cybersecurity firm, emphasised during a presentation at the DEF CON hacking convention in Las Vegas that “We think too much about GPS being a source of position, but it’s actually a source of time.” He added, “We’re starting to see reports of the clocks on board airplanes during spoofing events start to do weird things.”
Munro shared an incident with Reuters in which a major Western airline’s aircraft had its onboard clocks abruptly advanced by years, causing the plane to lose access to its digitally encrypted communication systems.
The aircraft was grounded for weeks while engineers manually reset its onboard systems. Munro withheld the identity of the airline and aircraft involved.
In April, Finnair briefly suspended flights to Tartu, Estonia, due to GPS spoofing, which Tallin attributed to neighbouring Russia.
GPS has largely replaced expensive ground devices that transmit radio beams to guide planes towards landing. However, GPS signals can be easily blocked or distorted using relatively inexpensive and readily available components, with minimal technological expertise.
Munro told Reuters, “Is it going to make a plane crash? No, it’s not.” He explained that the confusion caused by GPS spoofing could potentially trigger a series of minor events that may eventually lead to a serious incident.