A previously unknown GPS attack creates “ghost ships”

For more than a year, AIS systems (Automatic Identification System) of ships have fixed the coordinates of non-existent ships near the Shanghai port. It looks like a previously unknown GPS attack is creating “ghost ships.”

Information began to appear in the media about a new, previously unknown GPS spoofing technology, allegedly tested by the PRC government. For more than a year, ships in the port of Shanghai and neighboring ports have become victims of a new attack.

Unlike previously known attacks on GPS, when GPS receivers in a certain area displayed their location in a limited range of fixed false coordinates, the new attack forces the transponders of several ships at once to display false coordinates. Together, these coordinates form ring-shaped patterns that some experts have already dubbed “crop circles.”

Read also: Mozilla extends bug bounty program and increases rewards

According to the MIT Technology Review, in the summer of 2018, the American cargo ship Manukai sailed along the Huangpu River to the port of Shanghai. According to international law, all commercial vessels (except small ones) must be equipped with an Automatic Identification System (AIS). Every few seconds, the AIS transmits the name, course, location and speed of the vessel, and transit all this data for other vessels nearby. AIS location data is received from GPS satellites.

Captain Manukai saw on the AIS screen a ship following the same course with him at a speed of 8 knots.

“Suddenly the ship disappeared, and after a few minutes appeared again, but already at the dock. Then the ship disappeared and appeared in the strait, and then again appeared in the dock several times”, – says captain Manukai.

In order to find out where the ship is nevertheless, the captain looked through binoculars. As it turned out, all this time the ship did not leave the dock.

In the end, a report on what happened came into the view of the C4ADS Center for Modern Defense in Washington. Experts studied the data from AIS systems purchased from a startup that records AIS data around the world and found that the highest intensity of attacks occurred on July 2018. In addition to Manukai, about 300 ships near Shanghai were found to be victims of spoofing that day.

When visualizing data covering days and weeks, the coordinates of the vessels formed large circles. Similar “patterns” led C4ADS specialists to bewilderment. Experts also found that the mysterious circles formed not only ships. After analyzing the movement map of Shanghai cyclists using the Strava fitness app, the researchers also saw circular patterns. That is, the attack affected all GPS-enabled devices, not just ships.

“The ability to fake the coordinates of several ships at once so that they form circles is an extraordinary technology. Akin to magic”, – said Todd Humphreys, head of the Austin University’s radio navigation laboratory at Austin.