An American company working with the Ukrainian military is developing a cheap and easy-to-deploy solution to sophisticated Russian electronic-warfare tactics: networks of regular cell phones running specialized software.
The software allows the cell phones to locate enemies that are using jamming equipment, and if the experiment is successful, it could help operators on the ground regain at least some advantage against better-armed foes in the era of electromagnetic warfare. From there, it could change the way cell phone network providers ensure their devices can stand up to sophisticated attacks.
Russian electronic warfare measures are having a deleterious effect on Ukrainian troops’ ability to push out the Kremlin’s invading forces—even if the Ukrainian troops are armed with high-end U.S. weapons. And it can be hard to even detect when drones or other pieces of equipment are failing because of signal jamming, GPS spoofing, or just internal problems.
Detecting and finding adversary jamming devices usually requires high-end software-defined radios, the sort of equipment the United States and other well-funded militaries can issue to their troops, but that smaller militaries with constrained budgets, like Ukraine’s, struggle to acquire in large numbers.
Around Christmas, the Ukrainian military reached out to Sean Gorman and his group at Zephr, a company that specializes in making GPS-signal reception more resilient to interference. The group sent six Android Pixel phones loaded with Zephr’s software to Ukraine in early 2024, and in April began conducting field tests near Ukraine’s frontlines in Donetsk.
“We strapped those phones to drones. We put them in cars. We set up stationary stands for them and then we’ve also been doing controlled experiments where they use their own jammer, so we know the location of it,” Gorman told Defense One. The first objective: see if regular consumer phones, working together in a network, could reveal the existence of an entity trying to jam GPS location data, even if that location data appeared to be correct on any one of the devices.
They measured how well phones that were moving—strapped to a drone and carried by car—received GPS signals, compared to phones that were static. The findings: It’s possible to detect when specific GPS receivers are experiencing an attack, by contrasting their GPS trace to that of other phones.
“We’re basically exploiting the sensors on the phone,” Gorman explained. “The most helpful sensor on the phone is the raw [global navigation satellite system, or GNSS] measurements that the phone provides. So you have AGC, the automatic gain control, you have Doppler [sensor], you have carrier phase, you have code phase,” and other data cell phones collect about their distance from satellites, cell towers, and other pieces of network equipment.
Manufacturers put these sensors in cell phones so the phone can figure out how to optimize performance, for example by detecting where the nearest cell tower is. But these measurements all play a role in the GPS processing software phones use to tell the consumer where they are. When you can get that data from a wide variety of phones, you can figure out which ones are under attack.
“With the computational AI we’re running on the back end, and the sophistication of how we’re processing most signals and software, instead of just depending on sensors or really expensive antenna arrays, there’s a heck of a lot you can do networking phones together as one big distributed antenna” Gorman said.
The tests also revealed new insights into Russian electronic warfare efforts.
Russia is spoofing GPS signals in the Baltic Sea, causing what NATO officials have described as an unsafe situation for consumer aircraft. Spoofing GPS doesn’t just block the signal. It tells the receiver that they are somewhere they are not.
Most of the time, when adversaries try to spoof GPS locations for drones, they will tell the drone that it is actually at an airport, as most consumer drones are built to try to land or retreat from restricted airspace.
On the frontlines in Donetsk, Ukraine’s soldiers often report spoofing attacks aimed at their drones. But Gorman and his team found that much of this “spoofing” activity is actually just high-powered jamming attempts. Because those attempts are occurring in the same frequency bands as GPS or GNSS, they appear like satellite signals, effectively creating phantom or ghost satellites in places where they could not possibly exist and still provide signal, such as beneath the horizon.
“This noise doesn’t resemble a typical GNSS signal, but it does contain energy at the frequencies where the receiver is looking for satellite signals. The receiver’s signal processing algorithms use correlation techniques to identify and track satellite signals. When a strong jamming signal is present, it can cause false correlations, leading the receiver to ‘think’ it’s detecting satellites that aren’t actually visible,” Gorman explained in a write up of the testing provided to Defense One.
The group, now working under a contract with the Ukrainian government, is trying to take the research a step further to not just detect jammers but triangulate their positions so the jammer can be avoided (or eliminated).
“The new techniques we are building will estimate the location of signals of interest using three inputs: 1. localization by range inferred from power 2. localization by area of effect and 3. triangulation of jammers based on angle of arrival,” Gorman said in an email.
“Each smartphone will detect the interference signal, log the last known position, and timestamp the reception, providing data points across the network. By aggregating and processing these signals centrally, the system will triangulate the jammer’s position.”
The U.S. military is investing heavily in alternatives to GPS, usually referred to as alternative position, navigation, and timing—or Alt PNT—to help people, drones, etc. figure out where they are. But investments that haven’t shown a great return in many cases.
“None of it works without an initial known position. And it’s almost impossible to get an initial known position without having GPS,” Gorman said.
This networked approach won’t replace other more expensive military systems for detecting and finding jammers, he said, but it does present a solution that can be deployed quickly and cheaply for militaries like Ukraine or other groups that could be disrupte by jamming activities, such as first responders. And while it won’t replace efforts to develop alternative position, navigation and timing methods, it might make them more effective.
“Maybe there’s a radically different way to think about this? Instead of throwing all the resources towards Alt PNT, GNSS resilience, which are all super helpful, maybe we can look at how this is now a reality? How well can we map all of this and understand an area back to where the emitters are so that we can dodge those areas and we can remove the emitters?” Gorman said.
But, he said, “There isn’t a [silver] bullet.”
Read the full article here