Time is On My Side: Forging a Wireless Time Signal to Attack NTP Servers


Radio timing service, such as GPS, BPC, JJY, WWVB, DCF77, WWVH have been widely used as a basic time source for industry or individual systems. These signals are used by millions of people to synchronize consumer electronic products like wall clocks, clock radios, and wristwatches. NTP sever also use these signals to get a precise time.

In this presentation we show how these signals can be forged with a low cost circuit. If hackers take this device to the target region and emit the fake signal, people who use clocks or watches that synchronize these signals would be disrupted. In addition, NTP servers that uses radio timing service as a reference clock can also be easily attacked by spoofing the fake timing signal.

Consumer devices that use these wireless signals to adjust time affected by this attack including Casio, Citizen and Garmin watches that use low frequency signals and GPS signals to synchronize time automatically.  For industrial applications, a lot of NTP server products including Meinberg’s Stratum 1 NTP server are affected. All internet devices synchronized with this server will fall into chaos.

Location: Track 1 Date: May 27, 2016 Time: 10:45 am - 11:45 am Yuwei Zheng Haoqi Shan