As Jammertest 2024 is fast approaching, let’s have look at what is planned for this year’s test.
From Japan in the east to the USA in the west, industries meet in Norway to test how modern GPS/GNSS technology withstands jamming, meaconing, and spoofing attacks. The event Jammertest takes place near the village of Bleik on Andøya, 69 degrees North, in September and bring together authorities, international technology suppliers, and research environments from all around the world to test their technology’s resilience to GNSS-hacking in what is the world's largest open, real life jamming test.
Jamming is interference or blocking of, among other things, mobile and GPS signals, while spoofing is the sending of false signals to deceive the recipient receiving these signals. Meaconing is the rebroadcasting of legitimate signals with the intention of deceiving receivers.
Increasing dependence on PNT services
Critical societal and national functions are increasingly dependent on services that can bring accurate position, navigation, and time (PNT). These functions are today largely provided through global navigation satellite systems (GNSS), but sometimes in combination with other PNT sources. Throughout the test week, over 200 tests will be conducted, exploring aspects such as sensor fusion, RFI countermeasures, combinations of GNSS and other PNT sources, and much more.
Here are some takeaways from Jammertest 2023.
"Buses, drones, ships, planes, and other equipment were subjected to jamming, meaconing, and spoofing attacks," says Nicolai Gerrard, senior engineer at the Norwegian Communications Authority. He further explains, "Participants have also tested new antenna technology, tested appropriate combinations of antennas and receivers, special technology like super correlation, RFI detection technology, and those who were here last year have improved their systems and tested these improvements this year".
By exploring how jamming in different combinations affects different technologies, one can investigate relationships in the underlying systems and discover which parameters indicate which attacks, he explains. Each year's results reinforce the observations made during last year's test and provide more valid data for future work.
“Many participants also collected a large amount of data to take home for analysis and further use. For example, Ericsson has said that they are now implementing insights from their data collection on Andøya into their equipment, and ESA is now using recorded GNSS-RFI signals to conduct even more laboratory tests”, adds Gerrard.
This year's tests will differ from last year's in that more areas and, therefore, possibilities are included. Other news include more focus on meaconing, (simulation of) unintentional interference is included and SBAS spoofing. Several tests are also more complex, and there are more people and organizations involved this year.
Also, a part of the planning has been to collect and adapt to participants feedback and input from from previous tests.
Details about Jammertest 2024
During the tests, five different types of transmission equipment will be used:
- Jamming with low power jammers (of the type that can be procured from the Internet)
- Jamming with signal generators
- Meaconing from GPS receivers on the mountaintop and an amplifier and transmitter antenna system connected to it, placed further down the hill side
- Spoofing,with a stationary simulator
- Spoofing with a moving SDR spoofer
Five areas are used:
- One for planned high-power tests
- One for organized car driving tests with low-power transmissions, as well as for booking of individual and customized tests
- One for planned low power jammer tests, as well as for booking of individual and customized tests
- Jamming from an airport
- Jamming onboard ship(s) out at sea
Details about the tests:
Low-power jammers are a mix of several different L1-only jammers, L1&L2, and L1&L2&L5/E6, all with relatively wide frequency bands and typically sweep modulations, except for one that used frequency hopping. The jammers range from cheap "eBay jammers" to military graded handheld equipment.
For the high-power jammer, three modulations are used: an unmodulated CW signal (the carrier wave of GPS L1), a sweep signal ("chirp"), and a PRN signal (modulated carrier wave with C/A code from GPS satellite #1, but without navigation message). During the tests, jamming will be done in different combinations of modulations and frequency bands, with the used bands being E6, E5b, L5, G2, L2, B1l, G1, and L1. Jamming is done with an elevation angle from the mountain down towards Bleik.
Spoofing attacks simulated GPS L1, L2, and L5 signals and Galileo E1 and E5 signals, and both incoherent and coherent attacks will be conducted (i.e., where the signals are not synchronized or are synchronized with real-time satellite data for the test position, respectively). Otherwise, spoofing attacks run in combinations with jamming, both initial jamming attacks and jamming active while spoofing is ongoing (e.g., spoofing L1/E1 with jamming on G1, L2, L5), as well as different combinations of spoofed signals.
Meaconing attacks rebroadcasting of GPS L1 and L2 signals, either used alone or in combination with jamming.
All these attack possibilities are then used in different test setups and for static and dynamic combinations of jammers and targets (participants). One example from last year was a car convoy tests with a jammer in one of the cars in the convoy or with a jammer stationary on the side of the road while the convoy passed. Another is pyramid jamming, where frequency bands are added and subtracted that are being jammed to investigate handover between the bands. A third is power ramping, where the sensitivity of the deployed equipment is analyzed.
What did we learn from 2023?
Here are some of the observations from last year´s test:
- Jamming can cause spoofing-like results (depends on how PVT is calculated in the receiver)
- Some types of spoofing activities create firmware issues that were only resolved by doing hard reboot
- Equipment sometimes behaves very differently under the same RFI
- Phase transitions often create dangerous situations (since receivers and their protective mechanisms are often built for the pure binary conditions of jamming/non-jamming). Sometimes this also creates short-term faults in equipment that initially survived the RFI period.
- There are often tell tails before the spoofing takes over, with significant PVT errors experienced
- Some multi-GNSS and/or multi-band receivers do not have proper fallback mechanisms (i.e., they usually drop out if you mess with GPS alone)
- Time spoofing can cause unforeseen consequences, for example certificate issues
Examples of what participants did during the testing:
- Improved their firmware and software algorithms (e.g., distinguishing between "spoofing now" and "jamming now") based on improvements built on last year's results
- Scientific approach to testing and evaluating many receivers and their performances under the same RFI conditions (made possible by participants having plenty of time in the booking area)
- Tested RFI detection technologies, such as TDOA
About Jammertest
From 9th till 13th og September, participants from 90 organizations and 20 different countries will again gather at Andøya to test their technology's resilience.
The Jammertest is a collaboration between the Norwegian Communications Authority, the Norwegian Metrology Service, the Norwegian Space Agency, the Norwegian Public Roads Administration, the Norwegian Defense Research Institute, the Norwegian Mapping Authority and Testnor.