A recent surge in GPS spoofing incidents has raised alarms within the aviation industry, with cybersecurity experts warning of a new dimension to these attacks: the manipulation of time on aircraft systems, Reuters reports.
According to aviation advisory body OPSGROUP, there has been a 400% increase in GPS spoofing incidents affecting commercial airliners in recent months, particularly around conflict zones.
GPS spoofing involves the use of ground-based systems that broadcast incorrect positional data to disrupt the navigation of aircraft, drones, or missiles. While this form of attack has traditionally focused on misleading a vehicle’s location, recent reports indicate that spoofers are now targeting the timing mechanisms within aircraft.
Ken Munro, founder of the British cybersecurity firm Pen Test Partners, highlighted this emerging threat during a presentation at the DEF CON hacking convention in Las Vegas. “We often think of GPS as just a source of location data, but it’s also crucial for accurate timekeeping,” Munro explained. “We’ve started seeing incidents where the clocks on airplanes go haywire during spoofing events.”
One such incident involved an aircraft from a major Western airline that experienced a sudden shift in its onboard clocks, propelling them forward by years. This disruption caused the plane to lose access to its digitally encrypted communication systems, grounding it for weeks as engineers worked to manually reset the systems. Munro, however, did not disclose the identity of the airline or the specific aircraft involved.
The vulnerability of GPS signals has become a significant concern, especially since they are relatively easy to block or distort using readily available technology. In April, Finnair temporarily suspended flights to Tartu, Estonia, due to GPS spoofing, with Estonian authorities pointing to neighboring Russia as the likely source of the interference.
While Munro emphasized that GPS spoofing is unlikely to directly cause a plane crash, he warned of the potential for these minor disruptions to trigger a “cascade of events.” What begins as a small issue could snowball into a more serious situation, posing new risks to aviation safety.
