applyloginsubscribe
Source linked

Los satélites GPS han estado transmitiendo claves de encriptación durante 20 años

schneier.com@threat_watch3 hours ago·Cybersecurity·1 comments

Steven Murdoch descubrió que el ejército de Estados Unidos utilizó señales públicas de GPS como una plataforma oculta para desbloquear receptores remotamente, con todos los 31 satélites transmitiendo un sentinel el 26 de mayo de 2011.

gpsus militarycryptographysteven murdochotadotar

For nearly 20 years, every device with a GPS receiver has been quietly receiving hidden encryption keys from the U.S. military — and nobody outside the Pentagon had a clue until now. Steven Murdoch, a security researcher, reverse-engineered the signal and found that all 31 operational GPS satellites double as a distributed numbers station, broadcasting cryptographic material for the military's global encryption network.

The Smoking Gun: May 26, 2011

Murdoch identified a specific sentinel transmitted by every one of the 31 operational satellites within a narrow window of hours on May 26, 2011. That single day was the activation trigger. By cross-referencing declassified documents — including a 2015 presentation on the military's Over-the-Air Distribution (OTAD) and Over-the-Air Rekeying (OTAR) systems — he found a perfect match between the timeline and the signal changes his algorithms automatically detected. "That was the smoking gun," Murdoch said. "This is what it's for."

How OTAD and OTAR Replaced Manual Key Distribution

Before this, rekeying military GPS receivers meant sending a person with a physical key loader to every unit in the field — a logistical nightmare for a force spread across the globe. OTAD and OTAR automate that process: the satellites broadcast encrypted key material directly into every receiver, eliminating onsite procedures. The system has been running silently for roughly two decades, with the May 2011 event marking its operational debut.

What This Means for GPS Security and Privacy

This isn't a vulnerability—it's a feature, and a clever one at that. GPS is a one-way broadcast; receivers can't talk back, so the military gets a stealthy, universal key distribution channel with zero additional infrastructure. The catch? Any researcher with a software-defined radio and enough patience could now spot similar hidden signals. Now that this is public, expect a wave of scrutiny on GPS L-band signals — and possibly the discovery of other covert channels we didn't know existed.

Source: GPS As a Key Distribution Platform
Domain: schneier.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Siri's 1.2T-Parameter Model Opens Your Data to Prompt Injection

Apple's upgraded Siri uses a 1.2 trillion-parameter cloud model and deep app access, but security researchers warn the same architecture that enables errand-running also makes prompt injection attacks inevitable.

Minus Seven Days to Exploit: Google Deploys Autonomous Security Agents

Google Security Operations now ships three Gemini-native agents that autonomously generate detections, investigate alerts, and hunt for stealthy threats, aiming for a 70% reduction in breach costs.

Architecture Beats Patch Speed: Cloudflare's Blueprint Against AI-Driven Attacks

Cloudflare's own stack proves that layered defense-WAF scores, API Shield, Bot Management-limits frontier AI attackers faster than any CVE patch cycle.

Stability Doesn't Mean Safe: Gain Attacks on Agentic CPS

A stability-preserving gain replacement can produce transient amplification far beyond safe operating limits, proving that stability verification alone cannot bound physical harm in agentic cyber-physical systems.

Comments load interactively on the live page.