GPS Flaw: Security Expert Says He Won't Fly April 6
It turns out that many GPS devices, and the systems that depend on GPS timing, have a Y2K-like bug that may cause malfunctions on April 6.
UPDATED April 12. 2019 with what actually did happen, which did involve some planes, and (hopefully finally) on Oct. 29, 2019, with the surprising news that some iPhones are belatedly affected. This story was originally published March 7, 2019.
Don't look now, but there's another Y2K-like computer-calendar problem on the way, and this one arrives on April 6, 2019.
That's the day millions of GPS receivers will literally run out of time, rolling over their time counters back to zero, thanks to limitations in timekeeping for older GPS devices. Many navigation systems may be affected, such as on ships or older aircraft, although your smartphone will be fine. (Or not -- see below.)
But because GPS satellites are also crucial to digital timekeeping used by websites, electrical grids, financial markets, data centers and computer networks, the effect of April 6 may be even more wide-ranging.
"I'm not going to be flying on April 6," said one information-security expert during a presentation at the RSA 2019 security conference in San Francisco this week.
MORE: 25 Things You Didn't Know Could Be Hacked
To be fair, this has happened once before, on Aug. 21, 1999, and planes didn't start crashing then. But today, we're much more dependent on GPS to time everything that happens on Earth down to the last nanosecond.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
"The effects would be more widespread [today] because so many more systems have integrated GPS into their operations," said Bill Malik, a Trend Micro vice president who said he wouldn't fly April 6, in a private conversation with Tom's Guide.
"Ports load and unload containers automatically, using GPS to guide the cranes," Malik said. "Public-safety systems incorporate GPS systems, as do traffic-monitoring systems for bridges. Twenty years ago these links were primitive. Now they are embedded. So any impact now will be substantially greater."
Getting ready without making a fuss
Governments and GPS device makers do know about this and have quietly been trying to get everything patched. The Department of Homeland Security issued a memorandum in April 2018 warning "federal, state, local, and private sector organizations" to check with the manufacturers of their GPS devices and/or to update the firmware of their GPS devices before April 6. The European Union Aviation Safety Agency has issued a similar memo.
FalTech GPS, a British company that makes GPS signal repeaters for indoor use, said in a blog post that "some GPS receivers, or other systems that utilize the date and time function, may not be able to cope."
"Financial markets, power generating companies, emergency services and industrial control systems may be affected, as well as fixed-line and cellular communications networks," the post continues. But it adds that "since this is the second time a GPS week rollover will occur, many manufacturers will have been aware of it in advance and newer receivers will continue through and beyond the rollover date without issue."
We reached out to Greg Milner, author of "Pinpoint: How GPS Is Changing Technology, Culture and Our Minds" (2017), which examines the history of GPS and its impact on society. (Disclosure: Milner is a longtime friend of this correspondent.)
"The last time this happened (1,024 weeks ago), there was very little disruption, so although many of the receivers in use today weren't around then, there shouldn't be many problems," Milner told us. "That includes aviation-grade receivers."
"This comes from talking to a few of the GPS security people I know, including real alarmists when it comes to GPS spoofing," he added.
The latest navigational systems for commercial passenger aircraft in North America are not vulnerable to this GPS bug. But older flight-management systems that use GPS, such as those used by older passenger planes, private aircraft and cargo planes, may well be.
Errors in GPS can tell aircraft (or cars or ships) that they're miles from where they actually are, or even that they're in the Gulf of Guinea off the coast of Nigeria, the "zero point" for GPS systems. (Most aircraft can also navigate using radio beacons from the ground, but that's hard to do over large stretches of open water.)
The heart of the problem
The problem lies in the way GPS devices and satellites calculate time. Starting with the date of January 6, 1980, GPS devices count weeks, and the counting was originally contained in a 10-bit number field in the GPS device software. Two to the tenth power is 1,024, meaning that all GPS devices can count up to about 19.7 years -- Aug. 21, 1999 when calculated from January 1980.
On that date, most GPS devices flipped the odometer and started counting from zero. But it's been another 19.7 years since August 1999, and it's time to start over again.
The U.S. Naval Observatory, which manages the Universal Time Code (UTC) for the U.S. government, has a brief PowerPoint presentation online warning that "UTC timing displayed and/or time tags of receiver data containing PNT [positioning, navigation and timing] information could jump by 19.7 years."
"Any month/year conversion could also fail," the Naval Observatory presentation added. "Navigation solution should be OK, but associated time tags could be incorrect thus still corrupting navigation data at the system level."
There's a bit more to worry about. Over the past 20 years, many individual GPS device and receiving-system manufacturers have restarted the clock on their own, usually to compensate for a device-specific error, and they could encounter time-rollover problems at any given in the next 20 years.
"The failure is not limited to April 6/7 2019," the U.S. Naval Observatory presentation says. "A common fix for week-number ambiguity [in some GPS devices and receivers] was to hard-code [a] new pivot date, which shifts [the April 6 rollover] event to [an] unknown date/time in future."
So that this doesn't happen again any time soon, GPS devices made in the past decade use 13 bits for the week counter, yielding a total of 8,192 weeks or 157 years. Those devices will not have to restart time until 2137, by which time our descendants will have created a whole new set of technological problems.
UPDATE: Carl "Bear" Bussjaeger, a New Hampshire-based science-fiction writer, Air Force veteran and former telecommunications network technician, reached out to us via Twitter to say that the link between GPS timing and telecom networks is not direct.
"Networks don't time off GPS," Bussjaeger said in a tweet. "They time off internal/master station clocks. Those clocks periodically synchronize off GPS."
In a further conversation, Bussjaeger told us he had monitored the 1999 GPS epoch rollover as part of his telecoms job, and that there was "not so much as a bit error" on the network clocks.
"The clocks used in telecoms can free-run for days," he said. "They're very stable. GPS timing is really just a backup to the backup."
During an epoch rollover, Bussjaeger said, "geolocation could glitch, but only momentarily, if at all. A GPS unit might have to reacquire the birds [satellites] to determine its location, but it's no worse than turning on a unit and waiting for it to acquire [the satellite signal] in the first place."
"Twenty years ago, we didn't have a problem," he added. "I rather expect that clocks are better, more stable now."
UPDATE: "I would say it's legitimate to be concerned," Brad Parkinson, the retired Air Force colonel and Stanford University professor who was the lead architect of GPS, told San Francisco's KPIX-TV in an interview published April 2.
"GPS affects everything we do," he said. "It affects timing, banking, cell towers, airplanes, ships, passengers in cars ... everything that we can imagine."
"If you're driving your car and it were to suddenly say you're in the middle of the Pacific Ocean, be very suspicious," he told KPIX-TV.
However, Parkinson added that most industries using GPS are prepared for the April 6 rollover. That sentiment was echoed by Tom Patterson, vice president and chief trust officer with information-technology giant Unisys, in a statement provided to Tom's Guide.
"Air travel is not a concern," Patterson said. "The airlines are up to date on the rollover and have everything patched and ready to go."
"Consumers shouldn't be concerned with the rollover if they have relatively new GPS devices," Patterson said. "If a device is more than a decade old, they should check with the manufacturer of the device to make sure they can test their system to see if it is vulnerable.
"The risk is that, in a blink of an eye, those devices could suddenly think it's 19.7 years in the future" -- or maybe the past -- "and in some cases that could cause problems."
ROLLOVER POST-MORTEM UPDATE: April 6, 2019, came and went, and, as in 1999, no planes fell out of the sky.
But several planes had to stay on the ground. China Aviation Review tweeted round a photo of what purports to be a cockpit console screen reading "22 AUG 1999," which you may remember was the date of the previous GPS rollover.
"Multiple Boeing 787s in China experienced GPS 20 years rollover issue. Some aircrafts have to be grounded waiting for an update," the tweet read.
We haven't been able to confirm that, although Sean Gallagher at Ars Technica did confirm that the Chinese flight in the photo was delayed by four and a half hours. We also saw a report from SimpleFlying.com that "at least 15" 787s in China were grounded as result of the rollover, and a Reddit thread that said a KLM flight from Amsterdam to Bogota on April 7 was grounded due to "something to do with the data being wrong."
But we can confirm that New York City's own government-use wireless network, NYCWiN, crashed at 7:59 p.m. Eastern time April 6, exactly when the GPS rollover took place, according to the New York Times.
"Elements of our private wireless network have been disrupted by a worldwide GPS system update," the city's Department of Information Technology and Telecommunications said on April 9 or 10, according to the New York Daily News.
NYCWiN uses "377 transmitters" spread out "over 300 square miles across five boroughs" to give city agencies, including the police, fire and transportation departments "real-time access to high-speed voice, video, and data communications," according to the description on the city's official website.
Since the system down during the rollover, traffic lights have not been able to sync up in order to maximize traffic flow, and police-car mounted cameras haven't been able to upload footage, according to the New York Post.
The city apparently pays Northrop Grumman, one of the country's premier defense contractors, about $37 million yearly to keep the system up and running. NYCWiN initially went online in 2009 and cost $500 million to build out.
"We are testing the equipment right now and expect to have NYCWiN back up this weekend," a city spokeswoman told the New York Post.
VERY LATE UPDATE: It turns out that at least some smartphones were affected after all. In late October 2019, Apple warned owners of iPhone 5 devices that they would need to update to iOS 10.3.4 by midnight, Nov. 3, universal time. (That's 8 p.m. on Nov. 2 in Eastern Daylight Time, and clocks switch to Eastern Standard Time at 2 a.m. Nov. 3.)
Otherwise, web browsing, iCloud, Apple Maps and other features and apps that use GPS would cease to function properly.
The GPS "start week" used by iOS 10.3.3 and earlier seems to be 30 weeks later than that of most devices, or at least Apple's support document implies.
Presumably, the iPhone 4s and earlier devices have the same problem. Unfortunately, they can't be upgraded to any version of iOS 10.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.