GPS Flaw: Security Expert Says He Won’t Fly April 6

Link articolo originale

Archivio di tutti i clip:
clips.quintarelli.it
(Notebook di Evernote).

GPS Flaw: Security Expert Says He Won’t Fly April 6

Paul Wagenseil ·
Senior editor, security and privacy

Mar 7, 2019

Don’t look now, but there’s another Y2K-like computer-calendar problem on the way, and this one arrives in just one month: April 6, 2019.

Credit: Andrey Armyagov/ShutterstockThat’s the day millions of GPS receivers will literally run out of time, rolling over their time counters back to zero, thanks to limitations in timekeeping for older GPS devices. Many navigation systems may be affected, such as on ships or older aircraft, although your smartphone will be fine. 

But because GPS satellites are also crucial to digital timekeeping used by websites, electrical grids, financial markets, data centers and computer networks, the effect of April 6 may be even more wide-ranging.

“I’m not going to be flying on April 6,” said one information-security expert during a presentation at the RSA 2019 security conference in San Francisco this week.

MORE: 25 Things You Didn’t Know Could Be Hacked

To be fair, this has happened once before, on Aug. 21, 1999, and planes didn’t start crashing then. But today, we’re much more dependent on GPS to time everything that happens on Earth down to the last nanosecond. 

“The effects would be more widespread [today] because so many more systems have integrated GPS into their operations,” said Bill Malik, the Trend Micro vice president who said he wouldn’t fly April 6, in a private conversation with Tom’s Guide.

“Ports load and unload containers automatically, using GPS to guide the cranes,” Malik said. “Public-safety systems incorporate GPS systems, as do traffic-monitoring systems for bridges. Twenty years ago these links were primitive. Now they are embedded. So any impact now will be substantially greater.”

Getting ready without making a fuss

Governments and GPS device makers do know about this and have quietly been trying to get everything patched. The Department of Homeland Security issued a memorandum in April 2018 warning “federal, state, local, and private sector organizations” to check with the manufacturers of their GPS devices and/or to update the firmware of their GPS devices before April 6. The European Union Aviation Safety Agency has issued a similar memo.

FalTech GPS, a British company that makes GPS signal repeaters for indoor use, said in a blog post that “some GPS receivers, or other systems that utilize the date and time function, may not be able to cope.”

“Financial markets, power generating companies, emergency services and industrial control systems may be affected, as well as fixed-line and cellular communications networks,” the post continues. But it adds that “since this is the second time a GPS week rollover will occur, many manufacturers will have been aware of it in advance and newer receivers will continue through and beyond the rollover date without issue.”

We reached out to Greg Milner, author of “Pinpoint: How GPS Is Changing Technology, Culture and Our Minds” (2017), which examines the history of GPS and its impact on society. (Disclosure: Milner is a longtime friend of this correspondent.)

“The last time this happened (1,024 weeks ago), there was very little disruption, so although many of the receivers in use today weren’t around then, there shouldn’t be many problems,” Milner told us. “That includes aviation-grade receivers.”

“This comes from talking to a few of the GPS security people I know, including real alarmists when it comes to GPS spoofing,” he added.

The latest navigational systems for commercial passenger aircraft in North America are not vulnerable to this GPS bug. But older flight-management systems that use GPS, such as those used by older passenger planes, private aircraft and cargo planes, may well be. 

Errors in GPS can tell aircraft (or cars or ships) that they’re miles from where they actually are, or even that they’re in the Gulf of Guinea off the coast of Nigeria, the “zero point” for GPS systems. (Most aircraft can also navigate using radio beacons from the ground, but that’s hard to do over large stretches of open water.)

The heart of the problem

The problem lies in the way GPS devices and satellites calculate time. Starting with the date of January 6, 1980, GPS devices count weeks, and the counting was originally contained in a 10-bit number field in the GPS device software. Two to the tenth power is 1,024, meaning that all GPS devices can count up to about 19.7 years — Aug. 21, 1999 when calculated from January 1980.

On that date, most GPS devices flipped the odometer and started counting from zero. But it’s been another 19.7 years since August 1999, and it’s time to start over again.

The U.S. Naval Observatory, which manages the Universal Time Code (UTC) for the U.S. government, has a brief PowerPoint presentation online warning that “UTC timing displayed and/or time tags of receiver data containing PNT [positioning, navigation and timing] information could jump by 19.7 years.”

“Any month/year conversion could also fail,” the Naval Observatory presentation added. “Navigation solution should be OK, but associated time tags could be incorrect thus still corrupting navigation data at the system level.”

There’s a bit more to worry about. Over the past 20 years, many individual GPS device and receiving-system manufacturers have restarted the clock on their own, usually to compensate for a device-specific error, and they could encounter time-rollover problems at any given in the next 20 years.

“The failure is not limited to April 6/7 2019,” the U.S. Naval Observatory presentation says. “A common fix for week-number ambiguity [in some GPS devices and receivers] was to hard-code [a] new pivot date, which shifts [the April 6 rollover] event to [an] unknown date/time in future.”

So that this doesn’t happen again any time soon, GPS devices made in the past decade use 13 bits for the week counter, yielding a total of 8,192 weeks or 157 years. Those devices will not have to restart time until 2137, by which time our descendants will have created a whole new set of technological problems.

If you like this post, please consider sharing it.

Leave a Comment

Your email address will not be published. Required fields are marked *