Texas students hijack superyacht with GPS-spoofing luggage

Don't panic, yet


Students from the University of Texas successfully piloted an $80m superyacht sailing 30 miles offshore in the Mediterranean Sea by overriding the ship's GPS signals without any alarms being raised.

The team, led by assistant professor Todd Humphreys from UT Austin's department of aerospace engineering and engineering mechanics, took a GPS spoofing device the size of a briefcase up to the upper deck of the White Rose of Drachs, a 65 meter luxury yacht owned by British property magnate Michael Evans, while it was in international waters en route from Monaco to Rhodes, Greece.

Having previously identified the location of the ship's two GPS receivers, the team then oriented the briefcase towards them and began broadcasting false GPS data at low power. By gradually increasing the strength of their signals they were able to overpower the aerials and spoof the on-board navigation systems.

To turn the ship they then input a new signal indicating the ship was going off its logged-in course, which set off an alarm from the navigation computer telling the crew to change course. As far as the crew was concerned things were back on track, but the vessel was now heading off its original course.

"With 90 percent of the world's freight moving across the seas and a great deal of the world's human transportation going across the skies, we have to gain a better understanding of the broader implications of GPS spoofing," Humphreys said.

"I didn't know, until we performed this experiment, just how possible it is to spoof a marine vessel and how difficult it is to detect this attack. This experiment is applicable to other semi-autonomous vehicles, such as aircraft, which are now operated, in part, by autopilot systems."

The experiment, which took place with the ship-owner's permission, is part of continuing research by the team into GPS spoofing. Last year Humphreys demonstrated how the same spoofing technique could be used from 1km away against a GPS-guided drone to an audience from the US Department of Homeland Security at White Sands, New Mexico.

The demonstration got a lot of attention, coming after the Iranians showed off a seemingly intact US bat-wing RQ-170 Sentinel drone, which it claimed it had been hacked and hijacked by an army electronic warfare unit. These claims have been dismissed by experts, but fears of military hardware getting redirected or stolen are on the agenda, as well as being much-loved by screenwriters.

Before the panic starts, it should be pointed out that the Texans are spoofing civilian GPS systems. Cracking encrypted military signals has never been demonstrated, although jamming them is possible, and redirecting cruise missiles in flight will remain in the fictional realm for the time being.

In the case of the White Rose of Drachs hijacking, there's also little need for concern. The ship carries a crew of 18 and no captain relies solely on GPS. Any significant course deviation would most likely be noticed by those on watch during regular position checks.

Nevertheless, the research by Humphreys and the US Austin team is interesting. Spoofing equipment is increasingly easy to get hold of and while Humphries claims to "owns the world's most powerful civil GPS spoofer," that should come with a caveat "that I know about." ®

Similar topics


Other stories you might like

  • We can unify HPC and AI software environments, just not at the source code level

    Compute graphs are the way forward

    Register Debate Welcome to the latest Register Debate in which writers discuss technology topics, and you the reader choose the winning argument. The format is simple: we propose a motion, the arguments for the motion will run this Monday and Wednesday, and the arguments against on Tuesday and Thursday. During the week you can cast your vote on which side you support using the poll embedded below, choosing whether you're in favour or against the motion. The final score will be announced on Friday, revealing whether the for or against argument was most popular.

    This week's motion is: A unified, agnostic software environment can be achieved. We debate the question: can the industry ever have a truly open, unified, agnostic software environment in HPC and AI that can span multiple kinds of compute engines?

    Arguing today FOR the motion is Rob Farber, a global technology consultant and author with an extensive background in HPC and in developing machine-learning technology that he applies at national laboratories and commercial organizations. Rob can be reached at info@techenablement.com.

    Continue reading
  • But why that VPN? How WireGuard made it into Linux

    Even the best of ideas can take their own sweet time making it into the kernel

    Maybe someday – maybe – Zero Trust will solve many of our network security problems. But for now, if you want to make sure you don't have an eavesdropper on your network, you need a Virtual Private Network (VPN).

    There's only one little problem with commercial VPNs: many of them are untrustworthy. So, what can you do? Well, run your own of course is the open-source answer. And, today, your VPN of choice is Linux's built-in VPN: WireGuard.

    Why WireGuard rather than OpenVPN or IKEv2? Because it's simpler to implement while maintaining security and delivering faster speeds. And, when it comes to VPNs, it's all about balancing speed and security.

    Continue reading
  • Boffins demonstrate a different kind of floppy disk: A legless robot that hops along a surface

    This is fine

    Those of us who fear future enslavement by robot overlords may have one more reason not to sleep at night: engineers have demonstrated a few of the legless, floppy variety making some serious leaps.

    Animated pancake-like droids have demonstrated their ability to execute a series of flops in a fashion their creators – soft robotics engineers based in China – describe as "rapid, continuous, and steered jumping."

    "Jumping is an important locomotion function to extend navigation range, overcome obstacles, and adapt to unstructured environments," Rui Chen of Chongqing University and Huayan Pu of Shanghai University said.

    Continue reading

Biting the hand that feeds IT © 1998–2021