GPS World

Tag: hacking

  • How worried are you hackers will discover our locations?

    For consumer navigation and location-based services, how worried should we be about hackers discovering or corrupting our locations?

    Three industry experts gave their opinions on this issue — now it’s your turn!

    Go to env-gpsworld-integration.kinsta.cloud/july poll and register your vote. Do so by July 20 and you’ll be entered into a drawing for a $50 Visa gift card.

    For the record, here’s how the experts weighed in.

    Janice Partyka
    Headshot: Janice Partyka

    Janice Partyka, Contributing editor, GPS World; Principal, JGP Services

    A: Very worried. Just about any connected device can be hacked, including iPhones or Android phones, regardless of fingerprint recognition technology or complex passwords. Hackers can listen to conversations or access the location positioning via flaws in a portion of mobile networks called Signaling System 7. Hackers using common software-defined radio tools have discovered a cheap way to make a GPS emulator to falsify the GPS location of smartphones and in-car navigation systems.

    Paul McBurney
    Headshot: Paul McBurney

    Paul McBurney, Founder, CEO, Gopherhush Corp.

    A: Mobile phone users will share location-based information of business travel mileage, driving
    behavior for usage-based car insurance, toll-road usage, or even time cards. The best way for the receiving party to protect against location hacking or even errant fix data is to require cross-checking of the location data with multiple location sources based on GNSS, OS network location, Wi-Fi and Bluetooth reference points, and even the phones sensors. It’s RAIM against hacking.

    Todd Humphreys
    Headshot: Todd Humphreys

    Todd Humphreys, Professor, Director, Radionavigation Lab, University of Texas

    A: We usually don’t mind some people knowing our position some of the time, but it’s uncomfortable to think that a hacker or a government could accurately track our position whenever they want. Your credit card number is a lot more valuable to the average hacker than your location, so the danger of location theft is low, unless you’re the special target of someone’s profiling or blackmail scheme. As for a hacker corrupting a location, this is a serious problem that needs addressing if connected cars are ever to trust one another’s data.

  • Inexpensive Hack Spoofs GPS in Smartphones, Drones

    Researchers at Qihoo 360, a Chinese Internet security firm, say they have found a way to make a GPS emulator that can falsify the location of smartphones and in-car navigation systems, reports Forbes. The system is inexpensive compared to expensive, sophisticated GPS emulators that can cost thousands of dollars.

    Qihoo’s researchers hacked a Tesla Model S in 2014, taking control of the car’s lock, horn and flashing lights.

    Qihoo lead researcher Lin Huang is the first Chinese woman to present at the yearly hacker conference Defcon, held in Las Vegas on Aug. 6-9. Huang said her team used common software-defined radio (SDR) tools to create their module and software. They also used open-source software found on Github that had come from researchers at a Chinese university, along with their own code.

    The SDR tools used include HackRF, described by Forbes as the $300 wireless Swiss army knife for hackers. The small board can move between radio frequencies, and read and transmit to a broad range of radio frequencies. On smartphones, the attack targets navigation signals delivered at the chipset level, on both Apple or Android smartphones.

    Huang suggests that chipset manufacturers consider introducing new software that can better detect GPS spoofing.

    One potential target of such spoofing is a drone., which could be commandeered by the spoofer and taken into restricted airspace. Alternatively, it’s possible to make drones believe they’re in a no-fly area.

    The Qihoo team demonstrated such attacks using the free and open source GNU Radio, among other tools, to alter the GPS coordinates on a DJI Phantom 3. In a video at Forbes,  filmed from a drone-mounted camera, the hackers force a UAV to crash land.

    The researchers said the weaknesses could be fixed by DJI and other drone makers, but they would have to do so at the GPS chip level, meaning any drones already out there are unlikely to receive an update.