On November 15, 2019, MIT technology review magazine published an article on GPS signal anomalies observed near the Shanghai port.
The captain of MV Manukai reported the US Coast Guard Navigation Center of a strange AIS system (Automatic identification system) performance. According to the report, the same ship appeared and disappeared on the AIS screen several times at completely different points.
Further investigation showed that in recent years thousands of navigation systems had been systematically spoofed not only in Shanghai but also in 20 sites on the Chinese coast. Experts found several attack zones with a spoofer in the center of a ring of false AIS broadcasts — “crop circles”.
It is remarkable that 16 of the 20 “crop circles” were observed near oil terminals and attacks were performed after tightening of US anti-Iran sanctions. Analysts suggest that these attacks were aimed to hide Iranian oil-tankers that transported oil to China (link).
To assess possible risks, we should understand what the spoofing attack is. GPS-receiver gets signals from 4 satellites. These signals are weak, and even cheap transmitters can create significant interferences. When the spoofing attack is performed, GPS-receiver gets fake signals that all ships are at the same point.
According to statistics, 50% of accidents at sea (collisions, grounding) are connected with errors in navigation systems.
In June 2019, the ship “New glory” rammed beach promenade just 5 kilometers from the Shanghai Bund. The connection between this incident and spoofing attacks has not been established, but this day dozens of attacks were detected near this location.
It is much more difficult to detect spoofing in cities because private persons don’t report failures in navigation systems. The problem of spoofing research is actual not only for sea navigation but almost for all areas of life. Spoofing attack distorts data on all GPS devices — from fitness trackers to tracking devices of rental vehicles.
It is not still known who performed spoofing attacks on the Chinese coast. Perhaps, cargo ships came into the testing zone of a new military complex electronic security system. Or these attacks are the result of internal wars between the Chinese government and criminal groups. None of the versions found public confirmation. Nevertheless, we can make some conclusions.
As already noted, the simplest and cheapest transmitter is enough to distort GPS signals. More serious and powerful equipment can break the whole navigation system, e.g. cargo transportation system.
The above examples show that critical systems can be successfully attacked and the consequences of these attacks can hardly be predicted.