• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Apple addressed the seventh actively exploited zero-day

 | 

Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

 | 

A Scattered Spider member gets 10 years in prison

 | 

FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

 | 

US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

 | 

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • GPS vulnerability exploitable to control the route of a vessel

GPS vulnerability exploitable to control the route of a vessel

Pierluigi Paganini July 27, 2013

A GPS vulnerability could allow hackers and terrorists to hijack ships, drones and commercial airliners, the GPS expert Todd Humphreys demonstrated it.

A GPS vulnerability could allow hackers and terrorists to hijack ships, drones and commercial airliners, the news represents a motivation of the greatest concerns for responsible for the national security of every country.

The GPS expert Todd Humphreys, professors at the University of Texas, demonstrated that just using a cheap apparatus composed of a small antenna, an electronic GPS “spoofer” built in $3,000 and a laptop he is able to take total control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea.

gps vulnerability vessel

We already mentioned Humphreys when we have spoken of drones hacking just one year ago, the Assistant Professor of the University of Texas with his team has created the world’s most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters.

The government is aware of this critical GPS vulnerability, Humphreys was called before Congress to speak with officials from the FAA, CIA, and Pentagon, but according to the researcher the Department of Homeland Security still been “fumbling around in the dark” on GPS security, doing little to address the threat.

Humphreys commented the GPS vulnerability to the Foxnews explaining how his team exploited it:

“We injected our spoofing signals into its GPS antennas and we’re basically able to control its navigation system with our spoofing signals,” ‘Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we’re worried about.”

The professor Humphreys speaking of the possible consequences of a similar hack said:

 “For maritime traffic, there are big implications,” “You’ve got 90 percent of the world’s cargo going across the seas. Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we’re worried about.”

The concept is simple, the researchers provided counterfeit GPS signals to the yacht providing inaccurate information on its position to hijack it, potentially the attack could be used to disorient any vessel with serious consequences without victims will note it.

Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht “White Rose of Drachs” commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack.

gps vulnerability vessel 2

“Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” “I was gobsmacked — but my entire deck team was similarly gobsmacked,” Schofield he told Fox News.

The hijacking, with relative collision, a cruise ship or an oil tanker would lead to devastating consequences in terms of loss of human lives and environmental impact. Cases such as the Costa Concordia and the Exxon Valdez was the most clamorous example of the effect of maritime incidents.

We cannot limit the analysis to the maritime environment, the same kind of attack could be conducted against aircrafts or any other system that uses GPS technology:

 “You’re actually moving about a kilometer off of your intended track in a parallel line and you could be running aground instead of going through the proper channel,” “Going after an expensive vessel on the seas and going after a commercial airliner has a lot of parallels,” Humphreys said.

What’s new in this attack respect previous ones?

The latest experiment conducted by Humphreys demonstrated the possibility to control victim’s GPS system exploiting the GPS vulnerability, not only to interfere with it.

“Before we couldn’t control the UAV. We could only push it off course. This time my students have designed a closed loop controller such that they can dictate the heading of this vessel even when the vessel wants to go a different direction,” Humphreys said.

Texas Congressman Mike McCaul, chairman of the Homeland Security Committee expressed its concerns on the GPS security issues and remarked with Senators Coburn and Collins the necessity to address these critical threats.

“It’s a very serious homeland security issue that we’ve asked the secretary to review and look at and she’s never responded to my requests,” “The department seems to be thumbing its nose at it, saying it has no jurisdiction over this issue and not really showing any interest in this issue at all.”

I believe that people must be aware of the risks related to an attack against any GPS system, the hackers with a low cost appliance could cause serious damage, Schofield commented the results of the experiment with the following eloquent statements:

 “People need to know this kind of thing is possible with a relatively small budget and they can with a very simple system steer the ship off-course — without the Captain knowing

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – hacking, GPS vulnerability)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

GPS GPS vulnerability Hacking homeland security security

you might also like

Pierluigi Paganini August 21, 2025
Apple addressed the seventh actively exploited zero-day
Read more
Pierluigi Paganini August 21, 2025
Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Apple addressed the seventh actively exploited zero-day

    Security / August 21, 2025

    Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

    Malware / August 21, 2025

    A Scattered Spider member gets 10 years in prison

    Cyber Crime / August 21, 2025

    FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

    Intelligence / August 21, 2025

    US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

    Security / August 21, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT