Spoofing attack explained

In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.[1]

Internet

Spoofing and TCP/IP

See main article: IP address spoofing and ARP spoofing. Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message,[2] leaving them vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network. Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message.

Domain name spoofing

The term 'Domain name spoofing' (or simply though less accurately, 'Domain spoofing') is used generically to describe one or more of a class of phishing attacks that depend on falsifying or misrepresenting an internet domain name.[3] [4] These are designed to persuade unsuspecting users into visiting a web site other than that intended, or opening an email that is not in reality from the address shown (or apparently shown).[5] Although website and email spoofing attacks are more widely known, any service that relies on domain name resolution may be compromised.

Referrer spoofing

See main article: Referer spoofing. Some websites, especially pornographic paysites, allow access to their materials only from certain approved (login-) pages. This is enforced by checking the referrer header of the HTTP request. This referrer header, however, can be changed (known as "referrer spoofing" or "Ref-tar spoofing"), allowing users to gain unauthorized access to the materials.

Poisoning of file-sharing networks

See main article: Spoofing (anti-piracy measure).

"Spoofing" can also refer to copyright holders placing distorted or unlistenable versions of works on file-sharing networks.

E-mail address spoofing

See main article: Email spoofing.

The sender information shown in e-mails (the From: field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails and leads to problems such as misdirected bounces (i.e. e-mail spam backscatter).

E-mail address spoofing is done in quite the same way as writing a forged return address using snail mail. As long as the letter fits the protocol, (i.e. stamp, postal code) the Simple Mail Transfer Protocol (SMTP) will send the message. It can be done using a mail server with telnet.[6]

Geolocation

Geolocation spoofing occurs when a user applies technologies to make their device appear to be located somewhere other than where it is actually located.[7] The most common geolocation spoofing is through the use of a Virtual Private Network (VPN) or DNS Proxy in order for the user to appear to be located in a different country, state or territory other than where they are actually located. According to a study by GlobalWebIndex, 49% of global VPN users utilize VPNs primarily to access territorially restricted entertainment content.[8] This type of geolocation spoofing is also referred to as geo-piracy, since the user is illicitly accessing copyrighted materials via geolocation spoofing technology. Another example of geolocation spoofing occurred when an online poker player in California used geolocation spoofing techniques to play online poker in New Jersey, in contravention of both California and New Jersey state law.[9] Forensic geolocation evidence proved the geolocation spoofing and the player forfeited more than $90,000 in winnings.

Telephony

Caller ID spoofing

See main article: Caller ID spoofing. Public telephone networks often provide caller ID information, which includes the caller's number and sometimes the caller's name, with each call. However, some technologies (especially in Voice over IP (VoIP) networks) allow callers to forge caller ID information and present false names and numbers. Gateways between networks that allow such spoofing and other public networks then forward that false information. Since spoofed calls can originate from other countries, the laws in the receiver's country may not apply to the caller. This limits laws' effectiveness against the use of spoofed caller ID information to further a scam.[10]

Global navigation satellite system spoofing

A global navigation satellite system (GNSS) spoofing attack attempts to deceive a GNSS receiver by broadcasting fake GNSS signals, structured to resemble a set of normal GNSS signals, or by rebroadcasting genuine signals captured elsewhere or at a different time. [11] Spoofing attacks are generally harder to detect as adversaries generate counterfeit signals. These spoofed signals are challenging to recognize from legitimate signals, thus confusing ships' calculation of positioning, navigation, and timing (PNT). [12] This means that spoofed signals may be modified in such a way as to cause the receiver to estimate its position to be somewhere other than where it actually is, or to be located where it is but at a different time, as determined by the attacker. One common form of a GNSS spoofing attack, commonly termed a carry-off attack, begins by broadcasting signals synchronized with the genuine signals observed by the target receiver. The power of the counterfeit signals is then gradually increased and drawn away from the genuine signals.[13]

Even though GNSS is one of the most relied upon navigational systems, it has demonstrated critical vulnerabilities towards spoofing attacks. GNSS satellite signals have been shown to be vulnerable due to the signals’ being relatively weak on Earth’s surface, making GNSS signals ultimate targets for spoofing attacks. Furthermore, it has been suggested that the systems are continuously and recklessly deemed trustworthy even though there, at present, are no means of protecting the systems, signals, or safely guarding vessels against malicious spoofing attacks. [14] Resultingly, the reliance upon systems such as GNSS has opened the door for outside attackers to send malicious commands that could result in the loss of human lives, environmental contamination, navigation accidents, and financial costs. [15] [16] [17] However, seeing as more than 80% of global trade is moved through shipping companies, relying upon GNSS systems for navigation is necessary even though maritime vessels will be vulnerable to spoofing attacks with limited countermeasures.[18]

All GNSS systems, such as the US GPS, Russia's GLONASS, China's BeiDou, and Europe's Galileo constellation, are vulnerable to this technique. It has been suggested that in order to mitigate some of the vulnerabilities the GNSS systems face concerning spoofing attacks, the use of more than one navigational system at once is recommended.[19]

It was suggested that the December 2011 capture of a Lockheed RQ-170 drone aircraft in northeastern Iran was the result of such an attack.[20] GNSS spoofing attacks had been predicted and discussed in the GNSS community as early as 2003.[21] [22] [23] A "proof-of-concept" attack was successfully performed in June 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals by a group of aerospace engineering students from the Cockrell School of Engineering at the University of Texas in Austin. The students were aboard the yacht, allowing their spoofing equipment to gradually overpower the signal strengths of the actual GPS constellation satellites, altering the course of the yacht.[24] [25] [26]

In 2019, a British oil tanker called Stena Impero was the target of a spoofing attack that directed the ship into Iranian waters where it was seized by Iranian forces. Consequently, the vessel including its crew and cargo were used as pawns in a geopolitical conflict. Several shipping companies with vessels navigating around Iranian waters are instructing vessels to transit dangerous areas with high speed and during daylight. [27]

On October 15, 2023, Israel Defense Forces (IDF) announced that GPS had been “restricted in active combat zones in accordance with various operational needs,” but has not publicly commented on more advanced interference. In April 2024, however, researchers at University of Texas at Austin detected false signals and traced their origin to a particular air base in Israel run by the IDF.[28]

Russian GPS spoofing

In June 2017, approximately twenty ships in the Black Sea complained of GPS anomalies, showing vessels to be transpositioned miles from their actual location, in what Professor Todd Humphreys believed was most likely a spoofing attack.[26] [29] GPS anomalies around Putin's Palace and the Moscow Kremlin, demonstrated in 2017 by a Norwegian journalist on air, have led researchers to believe that Russian authorities use GPS spoofing wherever Vladimir Putin is located.[26] [30]

The mobile systems named Borisoglebsk-2, Krasukha and Zhitel are reported to be able to spoof GPS.[31]

Incidents involving Russian GPS spoofing include during a November 2018 NATO exercise in Finland that led to ship collision (unconfirmed by authorities).[32] and a 2019 incident of spoofing from Syria by the Russian military that affected the civil airport in Tel Aviv.[33] [34]

In December of 2022 significant GPS interference in several Russian cities was reported by the GPSJam service; the interference was attributed to defensive measures taken by Russian authorities in the wake of the invasion of Ukraine.[35]

GPS Spoofing with SDR

Since the advent of Software Defined Radio (SDR), GPS simulator applications have been made available to the general public. This has made GPS spoofing much more accessible, meaning it can be performed at limited expense and with a modicum of technical knowledge.[36] Whether this technology applies to other GNSS systems remains to be demonstrated.

Preventing GNSS spoofing

The Department of Homeland Security, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC) and the National Coordinating Center for Communications (NCC), released a paper which lists methods to prevent this type of spoofing. Some of the most important and most recommended to use are:[37]

  1. Obscure antennas. Install antennas where they are not visible from publicly accessible locations or obscure their exact locations by introducing impediments to hide the antennas.
  2. Add a sensor/blocker. Sensors can detect characteristics of interference, jamming, and spoofing signals, provide local indication of an attack or anomalous condition, communicate alerts to a remote monitoring site, and collect and report data to be analyzed for forensic purposes.[38]
  3. Extend data spoofing whitelists to sensors. Existing data spoofing whitelists have been and are being implemented in government reference software, and should also be implemented in sensors.
  4. Use more GNSS signal types. Modernized civil GPS signals are more robust than the L1 signal and should be leveraged for increased resistance to interference, jamming, and spoofing.
  5. Reduce latency in recognition and reporting of interference, jamming, and spoofing. If a receiver is misled by an attack before the attack is recognized and reported, then backup devices may be corrupted by the receiver before hand-over.

These installation and operation strategies and development opportunities can significantly enhance the ability of GPS receivers and associated equipment to defend against a range of interference, jamming, and spoofing attacks.A system and receiver agnostic detection software offers applicability as cross-industry solution. Software implementation can be performed in different places within the system, depending on where the GNSS data is being used, for example as part of the device's firmware, operating system, or on the application level.

A method proposed by researchers from the Department of Electrical and Computer Engineering at the University of Maryland, College Park and the School of Optical and Electronic Information at Huazhong University of Science and Technology that aims to help mitigate the effects of GNSS spoofing attacks by using data from a vehicles controller area network (CAN) bus. The information would be compared to that of received GNSS data and compared in order to detect the occurrence of a spoofing attack and to reconstruct the driving path of the vehicle using that collected data. Properties such as the vehicles speed and steering angle would be amalgamated and regression modeled in order to achieve a minimum error in position of 6.25 meters.[39] Similarly, a method outlined by researchers in a 2016 IEEE Intelligent Vehicles Symposium conference paper discuss the idea of using cooperative adaptive cruise control (CACC) and vehicle to vehicle (V2V) communications in order to achieve a similar goal. In this method, the communication abilities of both cars and radar measurements are used to compare against the supplied GNSS position of both cars to determine the distance between the two cars which is then compared to the radar measurements and checked to make sure they match. If the two lengths match within a threshold value, then no spoofing has occurred, but above this threshold, the user is notified so that s/he can take action.[40]

Voice spoofing

Information technology plays an increasingly large role in today's world, and different authentication methods are used for restricting access to informational resources, including voice biometrics. Examples of using speaker recognition systems include internet banking systems, customer identification during a call to a call center, as well as passive identification of a possible criminal using a preset "blacklist".[41]

Technologies related to the synthesis and modeling of speech are developing very quickly, allowing one to create voice recordings almost indistinguishable from real ones. Such services are called Text-to-Speech (TTS) or Style transfer services. The first one aimed at creating a new person. The second one aimed at identifies as another in voice identification systems.

A large number of scientists are busy developing algorithms that would be able to distinguish the synthesized voice of the machine from the real one. On the other hand, these algorithms need to be thoroughly tested to make sure that the system really works.[42] However, an early study has shown that feature design and masking augmentation have a significant impact on the ability to detect spoofed voice.[43]

Facial recognition spoofing

Facial recognition technology is widely employed in various areas, including immigration checks and phone security, as well as on popular platforms like Airbnb and Uber to verify individuals' identities. However, the increased usage has rendered the system more susceptible to attacks, given the widespread integration of facial recognition systems in society. Some online sources and tutorials detail methods for tricking facial recognition systems through practices known as face spoofing or presentation attacks, which can pose risks in terms of unauthorized access. To mitigate these dangers, measures such as liveness checks (verifying blinking), deep learning, and specialized cameras like 3D cameras have been introduced to prevent facial recognition spoofing. It is important to implement comprehensive security procedures like these to protect against face spoofing attempts and uphold the overall security and integrity of systems relying on facial recognition authentication.[44]

See also

Standard facilities that might be subverted

Notes and References

  1. Book: Jindal. K.. Dalal. S.. Sharma. K. K.. 2014 Fourth International Conference on Advanced Computing & Communication Technologies . Analyzing Spoofing Attacks in Wireless Networks . February 2014. https://ieeexplore.ieee.org/document/6783487. 398–402. 10.1109/ACCT.2014.46. 978-1-4799-4910-6. 15611849.
  2. Veeraraghavan . Prakash . Hanna . Dalal . Pardede . Eric . 2020-09-14 . NAT++: An Efficient Micro-NAT Architecture for Solving IP-Spoofing Attacks in a Corporate Network . Electronics . en . 9 . 9 . 1510 . 10.3390/electronics9091510 . 2079-9292. free .
  3. News: Canadian banks hit by two-year domain name spoofing scam . Finextra . 9 January 2020 .
  4. Web site: Domain spoofing . .
  5. News: Mass Spoofing Campaign Abuses Walmart Brand . threatpost . Tara Seals . August 6, 2019 .
  6. Book: Gantz, John. Pirates of the Digital Millennium. 2005. Prentice Hall. Upper Saddle River, NJ. 0-13-146315-2. Rochester, Jack B. .
  7. Günther . Christoph . 2014-09-14 . A Survey of Spoofing and Counter-Measures . Navigation . en . 61 . 3 . 159–177 . 10.1002/navi.65.
  8. Web site: VPNs Are Primarily Used to Access Entertainment. 2018-07-06. GlobalWebIndex Blog. en-GB. 2019-04-12.
  9. Web site: California Online Poker Pro Forfeits Over $90,000 for Geolocation-Evading New Jersey Play. Hintze. Haley. 2019-03-09. Flushdraw.net. en-GB. 2019-04-12.
  10. Web site: Schneier. Bruce. Caller ID Spoofing . schneier.com. 16 January 2011. 3 March 2006.
  11. News: Coffed . Jeff . The Threat of GPS Jamming The Risk to an Information Utility . Exelis . February 2014.
  12. Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928
  13. News: Coffed . Jeff . The Threat of GPS Jamming The Risk to an Information Utility . Exelis . February 2014.
  14. Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928
  15. Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing Cyber Challenges of Maritime Navigation. Journal of Marine Science and Engineering, 8(10), 776-. https://doi.org/10.3390/jmse8100776
  16. Leite Junior, W. C., de Moraes, C. C., de Albuquerque, C. E. P., Machado, R. C. S., & de Sa, A. O. (2021). A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems. Sensors (Basel, Switzerland), 21(9), 3195-. https://doi.org/10.3390/s21093195
  17. Spravil, J., Hemminghaus, C., von Rechenberg, M., Padilla, E., & Bauer, J. (2023). Detecting Maritime GPS Spoofing Attacks Based on NMEA Sentence Integrity Monitoring. Journal of Marine Science and Engineering, 11(5), 928-. https://doi.org/10.3390/jmse11050928
  18. Leite Junior . Walmor Cristino . de Moraes . Claudio Coreixas . de Albuquerque . Carlos E. P. . Machado . Raphael Carlos Santos . de Sá . Alan Oliveira . A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems . Sensors . 4 May 2021 . 21 . 9 . 3195 . 10.3390/s21093195 . free . 34064505 . 8124306 . 2021Senso..21.3195L .
  19. Androjna . Andrej . Brcko . Tanja . Pavic . Ivica . Greidanus . Harm . Assessing Cyber Challenges of Maritime Navigation . Journal of Marine Science and Engineering . 3 October 2020 . 8 . 10 . 776 . 10.3390/jmse8100776 . free .
  20. News: Exclusive: Iran hijacked US drone, says Iranian engineer. Scott Peterson . Payam Faramarzi. December 15, 2011. Christian Science Monitor.
  21. Web site: Countermeasures for GPS signal spoofing . Wen . Hengqing . Huang . Peter . Dyer . John . Archinal . Andy . Fagan . John . 2004 . University of Oklahoma . dead . https://web.archive.org/web/20120315092132/http://www.blockyourid.com/~gbpprorg/mil/gps4/Wen_Spoof.pdf . 15 March 2012 .
  22. Humphreys. T.E. . Ledvina . B. M. . Psiaki . M. . O'Hanlon . B. W. . Kintner . P.M. . 2008 . Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer . Ion GNSS . 16 December 2011 .
  23. GPS Spoofing Countermeasures. Jon S. Warner. Roger G. Johnston. December 2003. Los Alamos Research Paper . LAUR-03-6163 . 16 December 2011. https://web.archive.org/web/20120207185107/http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html. 7 February 2012. homelandsecurity.org.
  24. News: Students Hijack Luxury Yacht . Secure Business Intelligence Magazine.
  25. News: UT Austin Researchers Successfully Spoof an $80 million Yacht at Sea. Ut News. 29 July 2013. 5 February 2015 . Leahy . Cory .
  26. News: GPS freaking out? Maybe you're too close to Putin . . Henrik . Lied . September 18, 2017 . https://web.archive.org/web/20170925202637/https://nrkbeta.no/2017/09/18/gps-freaking-out-maybe-youre-too-close-to-putin/ . September 25, 2017.
  27. Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing Cyber Challenges of Maritime Navigation. Journal of Marine Science and Engineering, 8(10), 776-. https://doi.org/10.3390/jmse8100776
  28. News: Arraf . Jane . Israel fakes GPS locations to deter attacks, but it also throws off planes and ships . 2 June 2024 . . April 22, 2024.
  29. News: Mass GPS Spoofing Attack in Black Sea? . The Maritime Executive . Dana A. . Goward . July 11, 2017 . An apparent mass and blatant, GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads..
  30. News: Moscow correspondent Morten Jentoft shows GPS trouble near Kremlin . . Norwegian Broadcasting Corporation . Norwegian Broadcasting Corporation . September 25, 2017 . September 14, 2017.
  31. News: Cranny-Evans . Samuel . Russia trials new EW tactics . Janes.com . 14 June 2019.
  32. News: Russia suspected of jamming GPS signal in Finland. BBC News. 12 November 2018. 28 December 2019. BBC.
  33. Web site: Disruption of GPS systems at Ben Gurion Airport resolved after 2 months. Times Of Israel. 5 August 2019. 29 December 2019. Times of Israel.
  34. News: JOFFRE . TZVI . BOB . YONAH JEREMY . MI6 fears Iran used Russian GPS tech to send UK tanker off course - report . The Jerusalem Post . 23 July 2019.
  35. Burgess . Matt . GPS Signals Are Being Disrupted in Russian Cities . en-US . Wired . 15 December 2022 . 1059-1028.
  36. Web site: DEF CON 25 - David Robinson - Using GPS Spoofing to control time. DEFCONConference. 27 October 2017. 7 April 2018. YouTube.
  37. The Department of Homeland Security. "Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure". Retrieved November 12, 2017.
  38. Web site: Novel Timing Antennas for Improved GNSS Resilience . Erik . Lundberg . Ian . McMichael . 2018 . Mitre Corporation .
  39. Wang, Qian & Lu, Zhaojun & Qu, Gang. (2018). Edge Computing based GPS Spoofing Detection Methods. 10.1109/ICDSP.2018.8631600.
  40. Carson, N. . Martin, S. . Starling, J. . Bevly, D. . 2016 . GPS spoofing detection and mitigation using Cooperative Adaptive Cruise Control system . 2016 IEEE Intelligent Vehicles Symposium (IV), 2016- . 1091–1096 . 10.1109/IVS.2016.7535525.
  41. Shchemelinin. Vadim. Topchina. Mariia. Simonchik. Konstantin. 2014. Ronzhin. Andrey. Potapova. Rodmonga. Delic. Vlado. Vulnerability of Voice Verification Systems to Spoofing Attacks by TTS Voices Based on Automatically Labeled Telephone Speech. International Conference on Speech and Computer. Lecture Notes in Computer Science. 8773. en. Cham. Springer International Publishing. 475–481. 10.1007/978-3-319-11581-8_59. 978-3-319-11581-8.
  42. Book: Sinitca. Aleksandr M.. Efimchik. Nikita V.. Shalugin. Evgeniy D.. Toropov. Vladimir A.. Simonchik. Konstantin. 2020 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus) . Voice Antispoofing System Vulnerabilities Research . January 2020. https://ieeexplore.ieee.org/document/9039393. St. Petersburg and Moscow, Russia. IEEE. 505–508. 10.1109/EIConRus49466.2020.9039393. 978-1-7281-5761-0. 214595791.
  43. Cohen . Ariel . Rimon . Inbal . Aflalo . Eran . Permuter . Haim H. . A study on data augmentation in voice anti-spoofing . Speech Communication . June 2022 . 141 . 56–67 . 10.1016/j.specom.2022.04.005. 2110.10491 . 239050551 .
  44. Book: Hadid, Abdenour . Face Biometrics Under Spoofing Attacks: Vulnerabilities, Countermeasures, Open Issues, and Research Directions . June 2014 . 113–118 . 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops . http://dx.doi.org/10.1109/cvprw.2014.22 . IEEE . 10.1109/cvprw.2014.22. 978-1-4799-4308-1 . 9540938 .