Looks like VOR is back on the menu boys...

Hengelo

Line Up and Wait
Joined
Aug 31, 2021
Messages
748
Display Name

Display name:
Hengelo

While GPS spoofing is not new, the specific vector of these new attacks was previously “unthinkable,” according to OPSGROUP, which described them as exposing a “fundamental flaw in avionics design.” The spoofing corrupts the Inertial Reference System, a piece of equipment often described as the “brain” of an aircraft that uses gyroscopes, accelerometers, and other tech to help planes navigate. One expert Motherboard spoke to said this was “highly significant.”
“This immediately sounds unthinkable,” OPSGROUP said in its public post about the incidents. “The IRS (Inertial Reference System) should be a standalone system, unable to be spoofed. The idea that we could lose all on-board nav capability, and have to ask [air traffic control] for our position and request a heading, makes little sense at first glance— especially for state of the art aircraft with the latest avionics. However, multiple reports confirm that this has happened.”
 
VOR never went away, never was going away. Check out the FAA's MON program. That being said, ground based VHF/UHF nav systems are even easier to spoof than GPS.
 
VOR never went away, never was going away. Check out the FAA's MON program. That being said, ground based VHF/UHF nav systems are even easier to spoof than GPS.
Does that mean that they can get funding to fix all the radials that are down at every VOR so that the Leidos guy doesn't have to go through them when getting a briefing :lol:

Also I'm curious - is it more difficult to spoof radio-based systems from afar (like from a different continent) than it is to mess with satellite-based systems?
 
I thought VORs were destined for the scrap pile; with EU refurbishing theirs and the US shutting them down. Not sure how I got the idea, come to think of it.
(Edit for punctuation)
 
Last edited:
I thought VOR's were destined for the scrap pile; with EU refurbishing theirs and the US shutting them down. Not sure how I got the idea, come to think of it.
I thought they were going down to 50 but it looks like they are going down to somewhere around 500.
 
:(Does that mean that they can get funding to fix all the radials that are down at every VOR so that the Leidos guy doesn't have to go through them when getting a briefing :lol:

I didn't say they were gonna get any better.:(

Also I'm curious - is it more difficult to spoof radio-based systems from afar (like from a different continent) than it is to mess with satellite-based systems?

If you look at the article, it says that the GPS "spoofing" they're talking about is happening in a specific area in the middle east. Its like the spoofers' spoofing equipment has to be able to "see" the satellites to work. Then (I think) because of the error checking protocols, as each satellite passes out of view, its time code gets corrected (or something like that...)
 
... Its like the spoofers' spoofing equipment has to be able to "see" the satellites to work. Then (I think) because of the error checking protocols, as each satellite passes out of view, its time code gets corrected (or something like that...)

I found an article on GPS spoofing that says its a transmitter simply overpowers the relatively weak RF signal from the satellites with a fake GPS signal. So, its only effective within "line-of-sight". It sounds to me like its not really that different in general concept from spoofing VOR stations.
 
Last edited:
Already here. Cheap illegal devices from China. Commonly used by truckers to hide activity/location (see link below on NJ experiences circa 2013). The GPS system is built on extremely delicate (weak) electronic satellite signals. GPS jammers are like a hot steak knife to butter. The airport in the article had to adapt their system to the New Jersey highway (located close proximity to airport), due to prevalence of jamming devices. Imagine coming in on short final, and losing all GPS related navigation capability, because a vehicle with GPS jammer happens to be passing by on the nearby highway. Keep the VORs operational, along with two highly proficient human crew in the cockpit (and AI guard rail for good measure), in order to keep the complex U.S. aviation system safe and resilient.

 
I found an article on GPS spoofing that says its a transmitter simply overpowers the relatively weak RF signal from the satellites with a fake GPS signal. So, its only effective within "line-of-sight". It sounds to me like its not really that different in general concept from spoofing VOR stations.

But if that transmitter is on a satellite transmitting the stronger signal, "line of sight" covers quite a large area. Obviously that's a military application. My last CO always kept the standard that advanced electronics would be broken during a real war and we needed to be ready to fall back to manual systems. Every officer and some enlisted learned to use a sextant, among other things.

There's a naval unit in the SE US that conducts training on GPS corruption and every so often those of us here get NOTAMS about GPS being unreliable. It's usualy offshore or in the FLs and I think they're based out of ... Jacksonville? Charleston?
 
Jamming and spoofing are different animals.

The main limitation of jamming is range. Radio waves lose power at the square of the distance from the transmitter. Jammers capable of affecting a dome of more than a few hundred feet in radius are large and require massive wattage.

Spoofing is much more sophisticated and typically the province of state entities, Iran being the obvious perpetrator here. But spoofing still requires proximity to the target receiver, which is why this is happening in the middle east and not Chicago.

There are countermeasures to both threats, including relatively inexpensive antenna filters.

No country has the capability to jam or spoof US airspace from outside our borders. They can probably shoot down our satellites, but that would mean this:

Screenshot_20231123-080250.png
 
Actual spoofing and jamming vulnerabilities and capabilities would tend to be classified.

at the very least, it is foolish to openly discuss them.

unless you want to spread disinformation, sending an adversary down a rabbit hole.
 
GPS is interesting, in the the signal strength is below the noise floor. So very low signal needed to spoof as the actual signal is so weak
 
Actual spoofing and jamming vulnerabilities and capabilities would tend to be classified.

Yes. The military has SAASM and M-code receivers that are resistant to spoofing, and when I was working I had some familiarity as we used them in missiles that had GPS guidance modes, but the technology is classified and AFAIK not in commercial use. Nevertheless, since we do have the technical know-how to defend against spoofing, if this becomes a widespread problem I would expect to see the technology migrate to civilian use.

Threats and countermeasures and counter-countermeasures are always evolving, usually faster than we can launch new satellites, so keeping up can be a challenge.
 
As long as we have ILS and of course the VOR approaches I don't see them completely going away. Although I do have to fly a bit to reach airports that still offer the ILS etc.
 
I would think smarter GPS receivers could detect spoofing just by monitoring your position, if a new position detected is a jump because spoofing was turned on it.
And WAAS ground stations should also be able to detect it.
 
I would think smarter GPS receivers could detect spoofing just by monitoring your position, if a new position detected is a jump because spoofing was turned on it.
And WAAS ground stations should also be able to detect it.
Yes. Systems could easily be built such that a sudden change in GPS solution is not passed on to the inertial nav system. It's just that (apparently) the installed base of GPS-linked INS's (or at least some of them) do not perform this validity check and so are vulnerable, and it takes lots of time and $$$ to replace avionics. In the meantime, this remains a vulnerability.
 
Last edited:
Every time the subject of GPS/ILS/VOR/LORAN/etc. jamming or spoofing comes up, a badly-damaged collection of neurons fires off in my brain, trying to remind me of some old movie that used this idea. I have a dim memory about some nefarious villain overriding whatever radio signals were guiding the planes, essentially making it seem like the airport was 200 feet lower than it was and causing them to smash into the ground or something. I want to say Die Hard 2, but the plot summaries I looked at don't seem to mention that bit, so I guess it was a different movie.
 
Every time the subject of GPS/ILS/VOR/LORAN/etc. jamming or spoofing comes up, a badly-damaged collection of neurons fires off in my brain, trying to remind me of some old movie that used this idea. I have a dim memory about some nefarious villain overriding whatever radio signals were guiding the planes, essentially making it seem like the airport was 200 feet lower than it was and causing them to smash into the ground or something. I want to say Die Hard 2, but the plot summaries I looked at don't seem to mention that bit, so I guess it was a different movie.
I think it was from the movie Gladiator.

But seriously, I do think it was from Die Hard 2.
 
Yeah, DH2 was very realistic, in the climax he removes the fuel cap, and then lights the fuel trail which follows the bad guys plane into the sky which then explodes.
I found that very amusing.!!

Several of my friends asked me if that could really happen.
 
Every time the subject of GPS/ILS/VOR/LORAN/etc. jamming or spoofing comes up, a badly-damaged collection of neurons fires off in my brain, trying to remind me of some old movie that used this idea. I have a dim memory about some nefarious villain overriding whatever radio signals were guiding the planes, essentially making it seem like the airport was 200 feet lower than it was and causing them to smash into the ground or something. I want to say Die Hard 2, but the plot summaries I looked at don't seem to mention that bit, so I guess it was a different movie.
Yes, it was Die Hard 2. The bad guys turn a dial which somehow moves the glideslope's origin to be underground instead of at the actual glideslope antenna. Which has multiple obvious plot hole problems, one being that of course this isn't possible (the closest that could possibly happen would be to change the angle of the glideslope).

Adjusting the angle of the glideslope (and the vertical width and several other parameters) is done fairly regularly to stay within tolerance. But doing so typically means physically adjusting antennas and/or power levels, not just turning a big knob. :D

About the only aviation thing they got right in this movie is when the Tech Ops guy figures out a way to talk to the planes over the outer marker. That's actually sort of within the realm of possibility, and I was kind of impressed that the writers came up with it (after the abysmal glideslope scene).

I'll be on a trip this week for work with a few guys who are smart on this sort of thing. I'll see if we can come up with a better, realistic way for the bad guys to screw with the ILS.
 
No country has the capability to jam or spoof US airspace from outside our borders.

That we know of. The ability to spoof the GPS network from an airborne or space based platform isn't a radical stretch and could conceivably already be in play without our knowledge.
 
The super bowl of GPS jamming and counter measures is going on in Ukraine right now.

The Russians have invested massive $$ in EW since the first gulf war, when GPS was first demonstrated as a game changer. Despite that, neither side has been able to protect themselves from GPS-guided drones and precision munitions. The result is operational stalemate, where everything that moves is seen, hit, and killed.
 
Yes, it was Die Hard 2. The bad guys turn a dial which somehow moves the glideslope's origin to be underground instead of at the actual glideslope antenna. Which has multiple obvious plot hole problems, one being that of course this isn't possible (the closest that could possibly happen would be to change the angle of the glideslope).

Adjusting the angle of the glideslope (and the vertical width and several other parameters) is done fairly regularly to stay within tolerance. But doing so typically means physically adjusting antennas and/or power levels, not just turning a big knob. :D

About the only aviation thing they got right in this movie is when the Tech Ops guy figures out a way to talk to the planes over the outer marker. That's actually sort of within the realm of possibility, and I was kind of impressed that the writers came up with it (after the abysmal glideslope scene).

I'll be on a trip this week for work with a few guys who are smart on this sort of thing. I'll see if we can come up with a better, realistic way for the bad guys to screw with the ILS.
Watch it again; the methodology is no good, but the premise holds water. The bad guy tech turns a knob that says “altimeter.” He then does the light pen thing to the profile view of the approach plate (that’s the unrealistic part, but could be hand-waived if you consider it a custom program designed to validate this nefarious act). But if you look carefully, what he’s doing is giving them a bad altimeter, which essentially lowers the TDZE to 103’, instead of ~300’, on a CAT II approach. High to low look out below, so if DA were predicated on baro altitude (it’s not for CAT II), you can see how it’d be problematic.

The plot hole is the lack of a radar altimeter onboard or even an inner marker to advise the doomed flight that it’s reached DH. But if you overlook that, breaking out at 100’ right on top of the runway when you think you still have 300’ of altitude to go is actually a good way to have a hard enough landing to break things.

They definitely did their homework and it’s unlikely that it would cascade as far as it did (especially if there was the RA, which is required equipment), but it’s not an implausible method.

IMG_1605.jpeg
Edit for clarity and to say that whoever did that graphic really did their homework. IZUMI is still a fix off 19L, and though it’s no longer there, I’ll bet JAROB was the old outer marker. Elevations and distances check out as well. The only glaring oversight there is the runway number - 25L. Back then the only major airport to have a 25L, I think, would have been LAX.
 
Last edited:
Yes. The military has SAASM and M-code receivers that are resistant to spoofing, and when I was working I had some familiarity as we used them in missiles that had GPS guidance modes, but the technology is classified and AFAIK not in commercial use. Nevertheless, since we do have the technical know-how to defend against spoofing, if this becomes a widespread problem I would expect to see the technology migrate to civilian use.

Threats and countermeasures and counter-countermeasures are always evolving, usually faster than we can launch new satellites, so keeping up can be a challenge.
And on top of having SAASM, we had Doppler nav backup if the GPS should become unreliable.

 
Yes. Systems could easily be built such that a sudden change in GPS solution is not passed on to the inertial nav system. It's just that (apparently) the installed base of GPS-linked INS's (or at least some of them) do not perform this validity check and so are vulnerable, and it takes lots of time and $$$ to replace avionics. In the meantime, this remains a vulnerability.
I don't understand what they're getting at.

I've flown several airliners with IRS and GPS updating. The GPS data never goes back to the IRU (up to 3 IRUs per airplane). The IRUs maintain a position but that position drifts progressively through the entire flight. Each FMC (planes have up to three) maintains its own position. Each FMC updates its position from acceleration data from the associated IRU, VHF azimuth and DME, and GPS inputs. Bad GPS data will cause issues with the GPS updating to each FMC position but the FMS will recognize a problem as the GPS position diverges from the IRU and VHF updating.

With jamming, we'll get a GPS Fail message and each FMS will revert to VHF updating. Our ANP will slowly degrade to what the VHF updating is able to provide. I've never encountered spoofing but don't see how it would be anything other than an FMC error message and we can always deselect GPS updating if it is causing a problem.

IRS=Inertial Reference System
IRU=Inertial Reference Unit
FMS=Flight Management System
FMC=Flight Management Computer
ANP=Actual Navigation Performance
VHF Updating=Rho/Rho, DME/DME, Rho/DME updating for VOR, LOC, and DME ground stations
 
Yes, it was Die Hard 2. The bad guys turn a dial which somehow moves the glideslope's origin to be underground instead of at the actual glideslope antenna. Which has multiple obvious plot hole problems, one being that of course this isn't possible (the closest that could possibly happen would be to change the angle of the glideslope).

Adjusting the angle of the glideslope (and the vertical width and several other parameters) is done fairly regularly to stay within tolerance. But doing so typically means physically adjusting antennas and/or power levels, not just turning a big knob. :D

About the only aviation thing they got right in this movie is when the Tech Ops guy figures out a way to talk to the planes over the outer marker. That's actually sort of within the realm of possibility, and I was kind of impressed that the writers came up with it (after the abysmal glideslope scene).

I'll be on a trip this week for work with a few guys who are smart on this sort of thing. I'll see if we can come up with a better, realistic way for the bad guys to screw with the ILS.
I think there is also a Tom Clancy novel that has GPS spoofing/jamming as part of its plot line.
 
breaking out at 100’ right on top of the runway when you think you still have 300’ of altitude to go is actually a good way to have a hard enough landing to break things.
I’ve always thought it would be a firm landing, but not do much for damage.
 
I don't understand what they're getting at.

I've flown several airliners with IRS and GPS updating. The GPS data never goes back to the IRU (up to 3 IRUs per airplane). The IRUs maintain a position but that position drifts progressively through the entire flight. Each FMC (planes have up to three) maintains its own position. Each FMC updates its position from acceleration data from the associated IRU, VHF azimuth and DME, and GPS inputs. Bad GPS data will cause issues with the GPS updating to each FMC position but the FMS will recognize a problem as the GPS position diverges from the IRU and VHF updating.

With jamming, we'll get a GPS Fail message and each FMS will revert to VHF updating. Our ANP will slowly degrade to what the VHF updating is able to provide. I've never encountered spoofing but don't see how it would be anything other than an FMC error message and we can always deselect GPS updating if it is causing a problem.
I don't fly airliners, but I do have some familiarity with GPS and inertial navigation systems in other vehicles. I, too, was surprised to hear that (apparently) in some planes the two nav sources are closely coupled. Had someone told me this story in conversation at a cocktail party, I'd have been strongly skeptical.

But...it is possible (and I could understand why it would be designed this way) for a GPS to "constantly" (or once a minute or once every 5 min or whatever) be feeding its solution to the inertial system to mitigate inertial drift. If the GPS solution were suddenly lost, then the inertial system would start with the last "good" fix from the GPS and propagate from there using its own inertial sensors. This would be a good design to mitigate risks from the plane's GPS system malfunctioning or from the GPS constellation's signal being lost (due to jamming, etc.). However, if there is no validation that the GPS solution is sensible, then the system could be vulnerable to the "spoofing" attack described in the story: Generate signals on the ground that look like legitimate GPS satellite signals, at higher signal strengths so they override the legitimate signals, but tweak them so that it causes nearby GPS receivers to spit out bad position solutions. This presents a different situation than the "no GPS signal" situation: The GPS gladly spits out bad data that it thinks is correct, which the INS gladly consumes thinking it's correct, and suddenly all of your onboard navigation is telling you you're somewhere that you're not. (The story characterizes this situation as "unthinkable" or "thought to be impossible", which seems a little ridiculous to me--it seems obviously possible, in fact.)

The story in the OP indicates that apparently some planes' avionics do indeed work this way. Again, that surprises me, but it's certainly believable. It also seems like this is not a universal problem, because the story talks about some dozens of events over a period of time. Clearly not every plane flying in the area is affected this way.

I'm not familiar with "ops.group", but the original story links to them as the primary technical source. There is some more detail there about what the aircrews experienced during these spoofing events:
 
Last edited:
But...it is possible (and I could understand why it would be designed this way) for a GPS to "constantly" (or once a minute or once every 5 min or whatever) be feeding its solution to the inertial system to mitigate inertial drift.
The INS position is never corrected. It drifts. We navigate based on the active FMC position. The FMC positions, one for each FMC, are updated based on acceleration data from the IRS (ded reckoning) and position updates from VHF and GPS.

which the INS gladly consumes thinking it's correct, and suddenly all of your onboard navigation is telling you you're somewhere that you're not.
The INS doesn't consume anything. They feed data to the FMS, flight control computers, and air data reference units. The FMCs do receive inputs and they give an alert if the different positions disagree by a significant amount.
 
The INS position is never corrected. It drifts. We navigate based on the active FMC position. The FMC positions, one for each FMC, are updated based on acceleration data from the IRS (ded reckoning) and position updates from VHF and GPS.


The INS doesn't consume anything. They feed data to the FMS, flight control computers, and air data reference units. The FMCs do receive inputs and they give an alert if the different positions disagree by a significant amount.
Yes, I understand that's how it works in your aircraft. It (apparently) doesn't work that way in all aircraft.
 
Doesn't the INS at least get an initial position? Or is the INS only providing velocity and acceleration?

(man, it's been a long time since I've thought about loosely-coupled and tightly-coupled GPS/INS systems/architectures...)
 
That's how it works on Boeings. I don't know how it works on Airbus.
There are planes with GPS and inertial nav systems from manufacturers other than Boeing and Airbus. From the links I provided above:

Embraer Legacy 650: We nearly entered Iran airspace with no clearance

One of the new reports received since Monday was from an Embraer 650 crew enroute from Europe to Dubai. They tell us, “In Baghdad airspace, we lost both GPS in the aircraft and on both iPads. Further, the IRS didn’t work anymore. We only realized there was an issue because the autopilot started turning to the left and right, so it it was obvious that something was wrong. After couple of minutes we got error messages on our FMS regarding GPS, etc. So we had to request radar vectors. We were showing about 80 nm off track. During the event, we nearly entered Iran airspace (OIIX/Tehran FIR) with no clearance.

Challenger 604: Required vectors all the way to Doha

Another new crew report received since our first warning informs us: “Nearing north of Baghdad something happened where we must have been spoofed. We lost anything related to Nav and the IRS suggested we had drifted by 70-90 miles. We had a ground speed of zero and the aircraft calculated 250kts of wind. The FMS’s reverted to DR (Dead Reckoning) and had no idea where they were.

We initially took vectors to get around the corner at SISIN. Nav capability was never restored, so we required vectors all the way from Iraq to Doha for an ILS. We never got our GPS sensors back until we fired up the plane and went back to home base two days later.
 
GPS, even WAAS is received from satellites. The most likely spooking is from the ground based systems.
I wonder what the feasibility of blocking line of sight signals from below the horizon would be for the GPS receiver. Sure, you would lose some signal when turning but that is normally fairly brief. If the math pencils out, this might the cheapest mitigation.

Rim
 
GPS, even WAAS is received from satellites. The most likely spooking is from the ground based systems.
I wonder what the feasibility of blocking line of sight signals from below the horizon would be for the GPS receiver. Sure, you would lose some signal when turning but that is normally fairly brief. If the math pencils out, this might the cheapest mitigation.
The cheapest mitigation would be a few lines of code to check if the change in position makes sense. The spoofing scenario described is that the valid input signal resulting in position x,y,z is suddenly replaced by a spoofed signal resulting in a position dozens of miles away from x,y,z, and/or suddenly dropping to 0 ground speed. That's clearly not reasonable, and it's easy to write some code to come to that conclusion.

You've done the math to know how fast you've been going. You've got the memory to know the path you've been following. You can do math to make a prediction for where you'll be a second in the future. Then, do the math to see where GPS says you are at that time. Compare those two answers and if they don't agree within a reasonable tolerance, reject the GPS solution and don't pass it to the inertial system.

This is not rocket science. (Well, actually...it is. This kind of cross-check / validity check is used all the time in certain space navigation applications.)

The solution I describe would not be effective against a more subtle attack that gradually introduces error over time. However, that's a far higher level of attack sophistication beyond what is described in these reports.
 
Last edited:
I’ve always thought it would be a firm landing, but not do much for damage.

I agree. 750fpm on a 3° glideslope (assuming no flare) would probably bend some things. I suppose it depends on the airframe, too. If they’d shown it striking the nosewheel first, then porpoising and collapsing, that’d be a little more realistic, but I suppose that was beyond the limits of practical effects back then, and the majority of audiences wouldn’t have known the difference. Think about how long it would have taken to explain the weird altimeter trick, instead, the exposition we got via that graphic sufficed, even if most people read it the wrong way.

Also, they’d have been pretty low on fuel, so looking at it now, the GIGANTIC EXPLOSION is a bit ludicrous.
 
@Jim_R

Having written cross check validations I know them well. Not for GPS or avionics, but building control systems among other things.
The reason I was suggesting the route to block land based spoofing is because the course spoofing now, will get more sophisticated very quickly if data validations and cross checks are added.

Tim
 
Doesn't the INS at least get an initial position? Or is the INS only providing velocity and acceleration?
Yes, each IRU is aligned prior to departure. It then maintains its own position estimate by ded reckoning throughout the flight.

Pre-GPS, and some of those airliners are still flying in the freight world today, the FMS had only VHF updating to correct for drift. Worked well, as long as a sufficient number of ground stations were in range, with good geometry, to keep it going. Once GPS updating was added, the VHF updating is a fall back which also requires that your FMS navaid database include your current region. The early FMCs didn't have enough member for worldwide coverage.

The 757/767 could ded reckon for up to six hours (IIRC) in oceanic airspace. The busiest oceanic airspace, like the North Atlantic tracks, now requires more precision.

In 2012, I crossed the Atlantic from Florida to Dakar, Senegal in such a 767. Our database only went as far as the Caribbean so no way to update as we approached the west coast of Africa. We displayed raw data on the arrival and had a map shift of a couple of miles. Dakar has radar so it was easy to deal with. Two days later we continued to Bahrain. Our mechanic had loaded the Middle East database, but that didn't include Africa, so we had to display raw data and fly in heading mode all the way across the continent as there's no way to couple the A/P to a VOR in the 767. As we approached the Red Sea it started updating from ground stations on the Arabian Peninsula and we were back to normal ops. As far as I know, that airplane is still flying freight around with the same FMS and no GPS updating. The "DME/DME/IRU-NA" notes on RNAV procedures are for airplanes such as that one.
 
That's how it works on Boeings. I don't know how it works on Airbus.
It's more or less the same on the Airbus. At our company it seems the Airbus is more resistant to loss of GPS signals than the 777. I've lately experienced loss of GPS on the 777 for 30-45 min on a lot of flights in the area of Turkey, Iran, Azerbaijan.
More annoying unless you need to do an approach based on GPS is the spoofing which has led to quite a few EGPWS "Pull up" warnings at FL330 etc. Sure makes you wake up.
 
Back
Top