GPS World

Tag: spoofer

  • GNSS spoofing will attain virus status, warns expert

    Figure 6. Performance of a typical spoofed case with live data: spoofing detection statistic, threshold, and related probability density functions.

    As manufacturers convert machines and appliances into remotely controllable objects (the Internet of Things), the potential for spoofing expands, perhaps exponentially. Hackers could interfere with the data supplied to autonomous cars or tracks, remotely forcing them to crash.

    Although the dangers of GPS spoofing have been pointedly discussed in may technical papers and articles in GPS World since the early 2000s, manufacturers have not devoted much attention to them because there weren’t many devices making use of location-based technologies, according to associate professor Dinesh Manandhar of the University of Tokyo.

    With the proliferation of GPS-capable smartphones and other networked devices, “anyone can become a target of the attack,”  Manandhar told the Japan Times in a recent interview.

    “Too many things today use GPS as a reliable source of location information,” Manandhar said.  “People trust the location information from GPS satellites like God. When PCs became common for many people, the sudden outbreak of computer viruses became an issue around the world, and anti-virus software become an essential tool for everyone to protect their data,” he added. “The same thing is now happening around GPS. We need a system to fight back against the risk.”

    Manandhar cited some possible examples of spoofing, both by consumers — “You can falsify your smartphone’s information and make it look like you are going back and forth between Tokyo and Hawaii within just three minutes,”  and by sophisticated criminals. “Let’s say I were a top manager of a major bank. I could access all the information while sitting at my desk, but I wouldn’t be able to access it from the room next to it. But people could get access to such information if they disguised the location information received by computer.”

    Manandhar and many other researchers around the world are developing and testing anti-spoofing techniques, but it is a long step from demonstrated results to integration into products reaching market. “The products we are designing today are ones that we will use five years later. So we must assume the possible risks and prepare for the threats that might jeopardize our society in the future.”

    Manandhar co-authored the article “Opening Up Indoors: Japan’s Indoor Messaging System, IMES” in the May 2011 issue of GPS World. The graphic heading this news story is drawn from “GNSS Spoofing Detection: Correlating Carrier Phase with Rapid Antenna Motion,” the Innovation column in the June 2013 issue.

  • Inexpensive Hack Spoofs GPS in Smartphones, Drones

    Researchers at Qihoo 360, a Chinese Internet security firm, say they have found a way to make a GPS emulator that can falsify the location of smartphones and in-car navigation systems, reports Forbes. The system is inexpensive compared to expensive, sophisticated GPS emulators that can cost thousands of dollars.

    Qihoo’s researchers hacked a Tesla Model S in 2014, taking control of the car’s lock, horn and flashing lights.

    Qihoo lead researcher Lin Huang is the first Chinese woman to present at the yearly hacker conference Defcon, held in Las Vegas on Aug. 6-9. Huang said her team used common software-defined radio (SDR) tools to create their module and software. They also used open-source software found on Github that had come from researchers at a Chinese university, along with their own code.

    The SDR tools used include HackRF, described by Forbes as the $300 wireless Swiss army knife for hackers. The small board can move between radio frequencies, and read and transmit to a broad range of radio frequencies. On smartphones, the attack targets navigation signals delivered at the chipset level, on both Apple or Android smartphones.

    Huang suggests that chipset manufacturers consider introducing new software that can better detect GPS spoofing.

    One potential target of such spoofing is a drone., which could be commandeered by the spoofer and taken into restricted airspace. Alternatively, it’s possible to make drones believe they’re in a no-fly area.

    The Qihoo team demonstrated such attacks using the free and open source GNU Radio, among other tools, to alter the GPS coordinates on a DJI Phantom 3. In a video at Forbes,  filmed from a drone-mounted camera, the hackers force a UAV to crash land.

    The researchers said the weaknesses could be fixed by DJI and other drone makers, but they would have to do so at the GPS chip level, meaning any drones already out there are unlikely to receive an update.