Commercial Flights Are Experiencing ‘Unthinkable’ GPS Attacks and Nobody Knows What to Do::New “spoofing” attacks resulting in total navigation failure have been occurring above the Middle East for months, which is “highly significant” for airline safety.

  • SeriousBug@infosec.pub
    link
    fedilink
    English
    arrow-up
    11
    ·
    11 months ago

    Nope. And more importantly, it looks like nobody considered what might happen if the signal gets spoofed. The backup systems that are supposed to keep working if GPS breaks also break due to these spoofed signals.

    • Ajen@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      10
      ·
      11 months ago

      GPS is encrypted, it’s just that the US military won’t share the encryption keys so the rest of us have to use the unencrypted channels. They’ve clearly thought about it and decided against making it public.

      • grandkaiser@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        11 months ago

        If they shared the encryption keys, then it wouldn’t be safe from spoofing anymore. The whole point of encryption is to not share the keys.

        Also, before someone tries to point out PKI, the satellites don’t use PKI. So that’s not relevant. You can’t share the current keys without jeopardizing the system.

        • Ajen@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          11 months ago

          PKI? I assume you mean asymmetric encryption? That’s been available long before the GPS system was launched. Why do you think it isn’t relevant? They could have designed it into the protocol if they wanted to.

          • grandkaiser@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            The military didn’t design it for civilian use. That’s really all there is to it. The commenter I was replying to made it sound like theres an easy solution here. There isn’t.

            • Ajen@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              I’m the commenter you originally replied to. If the US military wanted unspoofable GPS available to everyone then it would be available to everyone. They only want the public to have unencrypted GPS, so that’s all we get.

              • grandkaiser@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                11 months ago

                The military is as concerned with civilian gps as much as they are with anything else that isn’t military-related: not their issue to solve. They won’t stop anyone from using encrypted gps. They really won’t. The only branch in the us that actively tries to prevent public encryption is the NSA. (Even then, they wouldn’t block something like gps). For the record, I’m a security engineer (DDI, private sector), previously worked for the DOD, and used to work in satcom.