#BHEU: Can Time Be Hacked?

Time synchronization is a fragile ecosystem that is vulnerable to being hacked, with the potential for enormous damage to be caused. This was the message of Adam Laurie, global associate partner and lead hardware hacker, IBM X-Force Red, during the keynote address on day two of Black Hat Europe 2021.

Laurie pointed out that time has been a source of fascination for centuries, underpinning the scientific theories of Isaac Newton and Albert Einstein. Nowadays, accurate, centralized time is critical for the functioning of a number of important industries. This includes navigation, forensics (who did what when), cryptocurrency and blockchain (proof of work) and the transportation of trains, airplanes and automobiles. “You can go on and on, pretty much everything depends on it,” said Laurie.

To emphasize this further, he highlighted a UK report in 2017, which estimated the cost of the time synchronization system failing to be £1bn per day. Laurie observed this would even dwarf the financial costs of COVID-19. This issue has therefore come to the attention of government and big industry.

Worryingly, there is currently an overwhelming reliance on GPS for time synchronization, which was never intended to be the de facto standard for everything. This has arisen due to its cheapness and easy availability. However, should there be a satellite failure, this would create “an existential threat to the whole ecosystem because everyone comes back to that same point,” commented Laurie.

He cited another report from 2020, which recommended diversifying sources of time to prevent a single source of failure. However, Laurie pointed out that many of the suggested alternative models, such as telco networks, are “themselves just synchronized back to GPS.”

Numerous real-world synchronization failures have highlighted the fragility of the use of GPS. One example highlighted by Laurie occurred in New York in 2019, when critical systems were not updated when the clocks were rolled over on April 6th. This caused failures in the city’s traffic light system that lasted nearly two weeks, causing chaos.

A concerning real-world scenario of how easily GPS can be manipulated occurred when a delivery driver in Ontario, Canada, purchased a cheap jammer to hide his location from his bosses. As he was near an airport, “his jamming device didn’t just hide their ability to track him, it actually grounded flights.” Considering the scale of the accidental damage caused by a cheap GPS jammer, Laurie asked, “can you go further than that and actually spoof GPS and create a different time signal?”

The answer to this is yes. For example, Laurie discovered an SDR simulation package online, which can be used to “override the time parameters transmitted in the plane and set whatever time you want. It will then create a scenario that will spoof satellites that appear visible to your local receiver, and the receiver will see the time that you have set rather than the real time.”

During the presentation, Laurie also provided a hacking demo of another source of time – low-frequency radio broadcasts – to show how easily these methods can be manipulated. He had two clocks; one synchronized to the UK atomic clock via the network time protocol (NTP) and the other controlled by radio frequency, receiving an MSF signal, adjusting itself every 10 minutes. “I was curious if I could spoof that signal,” and Laurie soon discovered that “people have written software” for this purpose. Over the course of the rest of the session, he overrode the transmission signal using a software package and produced an incorrect time.

Concluding, Laurie noted that society takes time too much for granted, although government and big industries are waking up to the fragility of the current ecosystem. Alternative cheap and easily accessible sources of synchronization are urgently required, and these must be secure as “attackers and their tools are becoming increasingly sophisticated.” Laurie added: “If you can spoof a signal and take out an entire city’s GPS clocks from a powerful transmitter, that’s clearly a big problem.”

What’s Hot on Infosecurity Magazine?