Arbiter Systems 1094B GPS Clock Spoofing Vulnerability
Low RiskICS-CERT ICSA-14-345-01Sep 13, 2014
Summary
The Arbiter Systems Model 1094B GPS Substation Clock is vulnerable to GPS signal spoofing attacks. An attacker with RF transmission capability or physical proximity to the GPS antenna can inject false GPS signals, causing the clock to accept incorrect time values. The device performs insufficient validation of received GPS signals, making it susceptible to time manipulation attacks that could disrupt timestamp-dependent substation functions including event logging, fault recording, and relay coordination.
What this means
What could happen
An attacker could spoof GPS signals to manipulate the clock in your substation, causing incorrect timestamps that could disrupt SCADA logging, event sequencing, and protective relay coordination.
Who's at risk
Energy sector operators managing substations that rely on the Arbiter 1094B GPS clock for timing-critical functions: SCADA event logging, protective relay coordination, synchrophasor (PMU) timestamp alignment, and digital fault recording. Any substation using this clock for distributed automation or microgrid control is affected.
How it could be exploited
An attacker with physical proximity or RF transmission capability sends false GPS signals to the 1094B antenna. The device accepts the spoofed time and updates its internal clock without validation, affecting all dependent systems that rely on accurate timestamps.
Prerequisites
- Physical or RF proximity to GPS antenna
- GPS signal transmitter or software-defined radio equipment
- No authentication or credentials required
no patch availablephysical or RF access requiredaffects timing-critical infrastructureno authentication required
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
GPS Substation Clock: Model_1094BModel 1094BNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1WORKAROUNDUse an independent time source (atomic clock, network time protocol from internal secure server) to cross-check and validate the GPS-derived time
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGShield the GPS antenna with RF filtering or faraday cage to reduce susceptibility to external signal injection
HARDENINGRegularly audit and log all time changes on the 1094B and systems that consume its time signal
Mitigations - no patch available
0/2GPS Substation Clock: Model_1094B has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement GPS signal integrity monitoring and anomaly detection to alert on sudden time jumps or impossible time changes
HARDENINGIsolate the GPS receiver and 1094B clock on a physically separated network segment with restricted access
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ef901d6a-7a7c-4fe0-ae9c-410c0eb22a85