Current smartphone map debacles aside, the world's logistics are more efficient than ever thanks to GPS. But on the flip side, that means the world's economy is now particularly reliant on the satellite network, and new research suggests that the GPS network is vulnerable.A new study (PDF) released by Carnegie Mellon University and Coherent Navigation is highlighting a number of flaws that could potentially degrade, if not altogether disrupt the Global Positioning System, with implications for everything from car GPS units, to first responders, air traffic control, and even military applications.The simulated attacks produced by the research team could evidently bring down up to 30 percent of the global GPS Continuously Operating Reference Stations (CORS), with additional attacks potentially bringing down 20 percent of NTRIP networks.To better explain, CORS are the ground positioning units managed by NOAA and the National Geodetic Survey–over 1,800 stations run by more than 200 organizations that work to refine the whole deal. Whereas NTRIP networks allow GPS information to be beamed online, and allow you to geo-tag your latest cappuccino foam art to the world.Meaning that, while the attacks referenced by this paper would not affect the GPS satellite network itself, they could (in theory) cripple the network’s operations by targeting what they call “dependent” systems. The security investigation focused on seven different types of receivers, ranging from standard consumer grade by Magellan and Garmin costing a few hundred dollars, to professional grade, at up to $17,500 a pop (these being the receivers often used by the CORS stations).The concept of spatial awareness is a funny one. Whereas just a few decades ago “location” to the average person might have consisted of a cross-street, today anyone with a modern mobile phone expects to be able to trilaterate the quickest walking route from the office to a Quiznos in a few seconds. This precision, which has revolutionized everything from driving directions, to package delivery services, and firefighter and police response, is thanks to GPS, a network of active satellites launched by the U.S. military, and available to commercial/civilian use.As the researchers point out, the positioning and navigation of planes, cars, trucks, and ships would all be impacted by a degradation or outright outage of accurate GPS information. What the research really seems to indicate is the need for civilian GPS signals to use the same encryption/authentication protocols that the military already uses, since without it civilian receivers simply trust the data they receive. In other words, since we all use the same system, we need to find a way to make sure we all have similar security.Theorizing attacks on GPS systems are not new of course, though this newest research points out that tests have, in the past, only focused on jamming and spoofing (or hacking) GPS controlled devices with false information -- the latter allegedly being the method Iran employed to down a sophisticated U.S. drone over its airspace. In contrast, the simultated research attacks were conducted on the receivers (the CORS stations) and the software (the NTRIP networks).The more frightening aspect of the findings presented by the researchers is the total cost of their hacking kit (described as a hybrid receiver and satellite in a box), which they were able to price in at around $2,500. Of course, that does not mean that anyone with the money can simply assemble this kit and reproduce the same attacks, as this requires very specific knowledge, but they do identify the vulnerabilities in the network that would allow malicious GPS broadcasts to disrupt normal operations.So, how likely would such attacks be? The author, Tyler Nighswander, told SC Magazine that “the good news is that as far as we know, we are the only ones with a spoofing device currently capable of the (sic) types of attacks.” GPS jamming hardware is, as you might have guessed, super illegal, and the FCC continually clamps down on the sale and marketing of any device that might interfere with these signals. Though “little" is evidently preventing potential attackers from replicating their spoofing hardware. (And maybe now some will be given the idea to try? Please, don’t do that.)For a bit of history: The modern GPS network was essentially born in May of 2000, when former President Bill Clinton struck down the Selective Availability regulation that was in place to degrade the accuracy of the military’s GPS satellite network for civil and commercial users. As the commercial accuracy of the system was instantly improved, its applications grew along with cell phone networks and the internet.Ironically, what Nighswander’s research seems to indicate is that it's the software and data portion of the GPS network that is equally vulnerable to attack, and as such they propose an attack detection system in the short-term, along with hardening of authentication protocols.
Advertisement
Advertisement