EXCLUSIVE Expert reveals how Iran's missiles may have been hacked mid-flight over Israel and sent plunging into the Mediterranean Sea
A tech expert has revealed that his firm may have witnessed an 'exotic new' hack that tricked Iranian missiles into plunging into the Mediterranean Sea during the Iran-Israel war.
The war between Iran and Israel, which began in mid-June following a series of Israeli strikes on military, nuclear and civilian positions, saw both nations fire salvos of missiles and drones at each other.
Like many missile systems found across the world, Iranian missiles rely on Global Navigation Satellite System (GNSS) data to find their way to their targets.
Sean Gorman, the co-founder and CEO of Zephyr.xys, a tech firm that is working to improve location services on mobile phones, believes that he and his team witnessed a new defensive tactic that involved tricking missiles into flying against their programming.
Spoofing normally works by sending a powerful radio signal that is stronger than GNSS signals from satellites, forcing a device to listen to the fake information.
This means that devices believe they are at a false location.
Ordinarily, spoofed GNSS data looks, to the device, like it has instantly teleported to another location.
But Sean believes that what he and his team have seen is a highly sophisticated version of this meant to mimic the arcing flight paths of missiles and send them to safer locations.
Sean believes that what he and his team have seen is a highly sophisticated spoof meant to mimic the arcing flight paths of missiles
Sean said: 'Missiles are guided munitions. They all track latitude and longitude and elevation the same way we navigate in our cars or the same way aeroplanes navigate.
'You're basically providing that same navigation system in ammunition so that it lands in exactly the right place. Jammers and spoofers have been incredibly effective at preventing guided munition from landing where you where they wanted to land and maybe where you instead getting it to go somewhere else or to fail.'
Sean said that his team began tracking spoofing and jamming practices while volunteering in Ukraine, and found that phones loaded with their software were good at tracking these types of attacks.
Following an American government grant to further this research, phones loaded with Zephyr software were sent across the world to places known for their frequent electronic interference attacks.
One mobile phone with Zephyr's app made its way to Haifa in northern Israel, which like many cities in the nation, came under fire from Iranian missiles.
It was through this mobile phone that Gorman and his team noticed a peculiar signal that different from spoofing and jamming techniques seen in the past.
Sean told MailOnline: 'The phone was in Haifa and the positions that the phones were reporting were off in the ocean. And instead of it being teleported to a fixed location, instead we see this arc.
'There was a synthetically generated position that went in a curve. It's one measurement from one phone, but it's a new behaviour or pattern that we haven't seen.'
He added that while he wasn't 100% sure this was a new 'push spoofer... it's certainly not a pattern that we've seen before in that you know'.
This arcing pattern is likely to have been developed to trick the drone into following the fake data.
'If you're teleporting with a big jump and it's fixed, that would be a much different pattern than a guided munition that is on a trajectory. You want that thing to think it's still on the trajectory. It continues on the path that the spoof operator is pushing,' Sean said.
'They don't realise they're being spoofed because they're continuing to go on a trajectory. That would fool a drone.'
While it's not clear from Sean's analysis exactly who perpetrated the hack, the signal is believed to have come from the Middle East.
Many nations around the world are developing this kind of technology, Sean said, with the invasion of Ukraine being one of the key crucibles.
He said: 'There are lots of countries that have sophisticated technical engineers and specialty within GNSS. And each of those countries are constantly trying to evolve their [rivals'] electronic warfare capabilities.
'We see this with the Russians and Ukrainians, who are constantly iterating and trying to defeat each other's countermeasures in this kind of cat and mouse game.
'Countries are investing and trying to provide countermeasures and defeats of those countermeasures so they can still operate in a battle situation like we're seeing in the Middle East.'
But with the increased competition for these types of techniques comes the risk it will be used outside a military context, even in the Iran-Israel war.
Last week, Frontline tanker Front Eagle and dark fleet tanker Adalynn collided last week near the Strait of Hormuz.
The two oil tankers were brought to a halt, following a fire on the desk of the Front Eagle which was later extinguished.
But in the days leading up to the collision, the UK's Maritime Trade Operations issued a warning that 'increasing electronic interference' was being reported in the STrait of Hormuz.
Sean said this event pointed to an increasing willingness for warring parties to use spoofing and jamming techniques that could have wider effects on civilians and commercial routes.
'We're increasingly seeing this happen all over the globe and cause issues with global commerce with supply chains, with aviation. So even outside of the military context, we're seeing this more and more in our daily lives.
'Jamming and spoofing are both prolific, though we see spoofing less frequently and it's a bit harder to detect than jamming.
'So while it was interesting to see spoofing activity happening they're both risks to civilian and commercial operations.'
'Collisions could be an issue both from an aviation standpoint, as well as a maritime standpoint', Sean said, adding that the ability to 'detect spoofing will be critical for civilian safety. That'll be a really important area of R&D investment and where what we'll need technological capacity both on a civilian and a defence perspective.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
9 hours ago
- Reuters
Germany seeks Israeli partnership on cyberdefence, plans 'cyber dome'
BERLIN, June 29 (Reuters) - Germany is aiming to establish a joint German-Israeli cyber research centre and deepen collaboration between the two countries' intelligence and security agencies, German Interior Minister Alexander Dobrindt said on Sunday. Germany is among Israel's closest allies in Europe, and Berlin has increasingly looked to draw upon Israel's defence expertise as it boosts its military capabilities and contributions to NATO in the face of perceived growing threats from Russia and China. "Military defence alone is not sufficient for this turning point in security. A significant upgrade in civil defence is also essential to strengthen our overall defensive capabilities," Dobrindt said during a visit to Israel, as reported by Germany's Bild newspaper. Dobrindt, who was appointed by new German Chancellor Friedrich Merz last month, arrived in Israel on Saturday. According to the Bild report, Dobrindt outlined a five-point plan aimed at establishing what he called a "Cyber Dome" for Germany, as part of its cyberdefence strategy. Earlier on Sunday, Bavarian Prime Minister Markus Soeder called for the acquisition of 2,000 interceptor missiles to equip Germany with an "Iron Dome" system similar to Israel's short-range missile defence technology.
The Sun
10 hours ago
- The Sun
Major Google warning as hundreds of millions of devices ‘cut off' – leaving your devices exposed to sinister crooks
GOOGLE has issued a major warning as hundreds of millions of devices "cut off", leaving them vulnerable to sinister crooks. The tech giant has announced that users with outdated software will no longer be able to access Google Chrome. 1 Anyone using an Android device running below version 10.0 will lose access to the site starting this August. Millions of users still rely on outdated software due to limited manufacturer updates, abandoned devices from carriers, and other factors. Still, these devices can't keep up with today's technology. It follows Google's move in 2023, when it ended support for devices running Android 7.0 Nougat, introduced in 2016. The announcement comes as the tech giant prepares to launch Chrome 139, expected in the first 7 to 10 days of the month. The biggest impact for users of outdated Android versions is missing out on vital security updates. Users with Android versions below 10.0 should try to upgrade to continue using Google Chrome. If an upgrade isn't possible, replacing the outdated device is the best option. Otherwise, your device could be left exposed to cybercriminals while browsing the web. Google said in a support document: "Chrome 138 is the last version of Chrome that will support Android 8.0 (Oreo) and Android 9.0 (Pie). "You'll need to ensure your device is running Android 10.0 or later to continue receiving future Chrome releases. "Older versions of Chrome will continue to work, but there will be no further updates released for users on these operating systems." It comes after the tech giant issued an alert to anyone who uses the browser on their PC. A concerning bug has been found on the popular app which could lead to hijacking of your device. The bug has been given a "zero-day" mark which indicates that the vulnerability is being actively used by hackers in the wild. Google has acted swiftly to address the issue and has now patched the browser to prevent it from any further attacks. Google said: "Google is aware of reports that an exploit for CVE-2025-4664 exists in the wild. "The Stable channel has been updated to 136.0.7103.113/.114 for Windows, Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks." However, the fix will only work after it has been downloaded and installed on your browser. Vsevolod Kokorin, a security researcher at Solidlab, was the first to discover this most recent Chrome issue and confirmed that it may result in an account takeover by cybercriminals. It is now crucial to make sure you are using the most recent version of Chrome if you use it as your primary web browser. To accomplish this, just select "About Chrome" after clicking on the Chrome in the toolbar.
The Sun
a day ago
- The Sun
Words you must never type on social media over devastating ‘sim swap' phone attack that can breach ALL accounts
THERE are some details you just cannot share on social media - or you could be putting yourself at risk of a devastating "SIM swap" attack, experts have warned. In the wake of the M&S cyberattack in April, where SIM swapping is believed to have played a role, consumers have been warned that the breed of attack could also wreak havoc on their own personal lives. 5 5 SIM swapping is a form of fraud that is swiftly on the rise, according to a report published in The Conversation last month, co-authored by computer science professor Alan Woodward and secure systems lecturer Daniel Gardham, both of the University of Surrey. Attacks rose by a whopping 1,055 per cent in 2024, according to the National Fraud Database. It has also allegedly been used in the hacking of former Twitter CEO Jack Dorsey in 2019. "Our mobile phone numbers have become a de facto form of identification, but they can be hijacked for nefarious purposes," the pair wrote. People typically have the same phone number for years - even after changing phones, losing their device, or having it stolen. "When a user buys a new phone, or just a new sim card for a spare device they might have, they might call their service provider to transfer their longstanding mobile number to the new sim card," experts explained. "The problem is that the service provider doesn't know if it is really them calling to transfer the number. "Hence, they launch into a series of questions to make sure they are who they say they are." These security questions are used for all kinds of accounts, and often ask for the same information. For example, "what is your mother's maiden name?", or "...the name of your first pet?" Huge Global Data Breach: 16 Billion Accounts at Risk But if someone else can know the answers to those questions after stalking your social media, it leaves you at risk of not only SIM swap fraud but other forms of hacking. "The rise of social media has made it easier than ever for scammers to piece together what was once considered private information," experts wrote. "Suddenly, someone else can make and receive calls and SMS messages using your number." That means hackers can make calls at your expense. But it's not just your phone number that can be stolen. SIM swapping can be used to breach all your other accounts through the theft of two-factor authentication (2FA) codes. Security experts recommend all consumers have the 2FA tool switched on with all their accounts. 5 Instead of just relying on a password, 2FA adds a second factor - like a code from your phone or biometric data like your fingerprint or face ID. Woodward and Gardham added: "Remember when you created your email, bank account or even online grocery shopping account and you were encouraged to set up two-factor authentication (2FA)? "You listened, but the system set your 'second factor' as your mobile phone number. "You input your username and password, and it asks for a time-limited code that it sends to you as an SMS message." Now, if you have been a victim of SIM swapping - the hackers will receive your security codes instead of you. This could potentially grant them access to all sorts of accounts, from your social media to your banking app. Efforts to improve login security have led to the rise of what are known as passkeys... Which are long sequence of random digits called cryptographic keys that are stored on your device, such as a smartphone or computer. Prof Alan Woodward and lecturer Daniel Gardham, of the University of Surrey It's important to note that even with the risks of SIM swapping, 2FA should still be enabled on all your accounts. In addition to it, however, experts are encouraging the use of passkeys - a passwordless login method that is supposed to be more secure. "Efforts to improve login security have led to the rise of what are known as passkeys," Woodward and Gardham explained. "Which are long sequence of random digits called cryptographic keys that are stored on your device, such as a smartphone or computer." Passkeys are used to log into your online account only when you unlock your phone through your PIN code, fingerprint or face ID. WHAT ARE PASSKEYS? Passkeys are the newer, safer passwords, according to tech companies and security experts. They allow you to log into your accounts using biometrics like your fingerprint or face scan. You can even use your phone's passcode. To sign into a website or app on your phone, all you need to do is unlock your phone. This also works for websites on PCs and laptops. If you're trying to sign into a website on your computer, you just need your phone nearby. You will be prompted to unlock your phone when trying to log into an account on your computer, which will then grant you access on the PC. By using unique credentials tied to your phone or other devices, you make your accounts more resistant to phishing and other password-based attacks. 5 5
