News & Analysis
Comment
fredrodriguez11
Technology advances have created a lot of concern over its security. Thanks for ...
iniewski
Agreed...directionality is hard and likely requires hardware changes, not ...
Expert, lawmakers at odds over GPS security
Rick Merritt
7/25/2012 9:30 AM EDT
Securing GPS receivers
With the door to authenticated civilian GPS effectively closed, Humphreys and other researchers are turning their attention to a grassroots campaign. There’s a laundry list of defenses--detailed in his testimony last week--that can be implemented by GPS receivers.
“The first thing engineers can do is pay attention to auto gain controls in receiver front ends that can tell you the power levels of the incoming GPS signals,” said Humphreys.
GPS signals are very weak. Hackers trying to create fake signals to control a system are most likely to use readily available GPS test systems that emit significantly more powerful signals.
An op amp responsible for auto gain control could deliver a GPS signal voltage readout to a baseband chip. The baseband could then do a relatively straightforward calculation to determine whether the signal was coming from a tester or a satellite.
The measure would not detect a more sophisticated GPS spoofer such as the units the Austin lab has developed using software radios based on Texas Instruments’ DSPs.
So far only one company supports auto gain control, but it is too coarse to detect GPS tester signals, he said.
Several other fixes could be implemented at the receiver, such as using multiple antennas. But most of them are not suitable for mobile systems because they require too much physical space.
The fixes do not appear to be on the radar screen for consumer GPS chip makers such as Broadcom and Qualcomm. “They are probably aware of it but they have taken no steps as far as I can tell,” Humphreys said.
Ostensibly, the threat to consumer gadgets such as smartphones and car navigation devices is relatively low. Hackers likely would not be motivated to get the average driver lost on the way to his hotel or weekend party.
However, a GPS hack potentially could be used to compromise other aspects of a device. For example, at the Black Hat conference this week, one security expert will show how hackers could spoof near-field communications signals to access data on a smartphone.
The bigger threat is to “critical national infrastructure gear that typically uses higher end chips that still are not protected,” many of them supplied by NovAtel of Calgary, Canada, he said.
“If you could just build some paranoia using these receiver techniques, we would be leagues ahead of where we are today,” he said.
The Texas lab got interested in the drone problem after Iran broadcast pictures of a U.S. drone spy plane it captured last December. Iranians claimed they used a spoofing attack to capture the drone.
The lab was able to secure funding—and use of a White Sands, New Mexico facility-- from the U.S. Department of Homeland Security to determine the level of vulnerability of civilian drones.
“It was months of hard work,” said Humphreys. “We showed these drones nav systems are hackable by their exposed GPS stream, and once you spoof it, you can have your way with a drone,” he said.
With the door to authenticated civilian GPS effectively closed, Humphreys and other researchers are turning their attention to a grassroots campaign. There’s a laundry list of defenses--detailed in his testimony last week--that can be implemented by GPS receivers.
“The first thing engineers can do is pay attention to auto gain controls in receiver front ends that can tell you the power levels of the incoming GPS signals,” said Humphreys.
GPS signals are very weak. Hackers trying to create fake signals to control a system are most likely to use readily available GPS test systems that emit significantly more powerful signals.
An op amp responsible for auto gain control could deliver a GPS signal voltage readout to a baseband chip. The baseband could then do a relatively straightforward calculation to determine whether the signal was coming from a tester or a satellite.
The measure would not detect a more sophisticated GPS spoofer such as the units the Austin lab has developed using software radios based on Texas Instruments’ DSPs.
So far only one company supports auto gain control, but it is too coarse to detect GPS tester signals, he said.
Several other fixes could be implemented at the receiver, such as using multiple antennas. But most of them are not suitable for mobile systems because they require too much physical space.
The fixes do not appear to be on the radar screen for consumer GPS chip makers such as Broadcom and Qualcomm. “They are probably aware of it but they have taken no steps as far as I can tell,” Humphreys said.
Ostensibly, the threat to consumer gadgets such as smartphones and car navigation devices is relatively low. Hackers likely would not be motivated to get the average driver lost on the way to his hotel or weekend party.
However, a GPS hack potentially could be used to compromise other aspects of a device. For example, at the Black Hat conference this week, one security expert will show how hackers could spoof near-field communications signals to access data on a smartphone.
The bigger threat is to “critical national infrastructure gear that typically uses higher end chips that still are not protected,” many of them supplied by NovAtel of Calgary, Canada, he said.
“If you could just build some paranoia using these receiver techniques, we would be leagues ahead of where we are today,” he said.
The Texas lab got interested in the drone problem after Iran broadcast pictures of a U.S. drone spy plane it captured last December. Iranians claimed they used a spoofing attack to capture the drone.
The lab was able to secure funding—and use of a White Sands, New Mexico facility-- from the U.S. Department of Homeland Security to determine the level of vulnerability of civilian drones.
“It was months of hard work,” said Humphreys. “We showed these drones nav systems are hackable by their exposed GPS stream, and once you spoof it, you can have your way with a drone,” he said.
|
|
|
|
|
Navigate to related information
rick.merritt
7/25/2012 9:54 AM EDT
If you deal with GPS, I'd love to hear your concerns (or lack thereof) about security.
And I invite you to check out the Web site of Todd's lab. They are doing some very interesting work.
Sign in to Reply
iniewski
7/25/2012 10:03 AM EDT
Fascinating story Rick, I guess people try to break any technology...however most of us have no personal drones yet to be affected by GPS hacking ;-)...Kris
Sign in to Reply
george.leopold
7/25/2012 11:53 AM EDT
The solar maximum which starts next year will further complicate the reliability (and security?) of space-based networks like GPS. This will be the first real test of the ability of GPS electronics to withstand the effects of increased solar radiation. My advice: Buy a road atlas!
Sign in to Reply
Doug S
7/25/2012 1:48 PM EDT
How accurately can GPS antennas determine where the signal is coming from? Since GPS receivers know (or can know if properly programmed) exactly where in the sky satellites are at a given moment, they could ignore signals coming from the wrong place.
Simply insuring a signal is coming from above the horizon would require spoofers to be airborne. Not a huge hurdle, admittedly, but at least it's an improvement.
It might also be getting whatever information they can from GLONASS as a sanity check. This further complicates things for spoofers by requiring them to spoof it as well.
Even if the satellites aren't programmed to use an authenticated source, perhaps urban areas should use one or more fixed ground sources, as with differential GPS? Those could be authenticated and unspoofable, and at least allow receivers to know when someone is trying to spoof them and go into a failsafe mode (i.e., over places like NYC or DC leave the critical areas and start circling over water or farmland until operators can take over)
Sign in to Reply
PJames
7/25/2012 6:10 PM EDT
The answer is likely that no civilian GPS receivers have that directionality ability. It's certainly possible to add, but would have cost and form factor considerations.
Sign in to Reply
iniewski
7/25/2012 6:14 PM EDT
Agreed...directionality is hard and likely requires hardware changes, not realistic...encryption easier to do...Kris
Sign in to Reply
Bert22306
7/25/2012 3:38 PM EDT
Yes, having a tight beam in the receive antenna, to receive signals only from azimuths and elevations that are known to be valid, is a technique to mitigate spoofing vulnerability. But it seems to me that adding in authentication, in a backward compatible way, is such a no-brainer that I can't fathom why anyone would be dragging his feet on making this decision.
It should not matter what the schedule for allowing drones is. Authentication is something that will have benefits in the long term. You can't think just 5 years into the future.
Sign in to Reply
gonavy
7/25/2012 3:56 PM EDT
why is it surprising to get "law-makers" and "feet-dragging" in the same thought?
Sign in to Reply
fredrodriguez11
12/17/2012 4:18 AM EST
Technology advances have created a lot of concern over its security. Thanks for sharing! GPS security hack would allow be a bridge of personal location and information. However, as far as GPS security is concern, there cannot be firewall barrier as GPS devices will need to access satellite for location information, making GPS security hack prevention more difficult. GPS security will become a concern when hackers interfere with the signals from the satellite. As a result, this will make location determination inaccurate.
http://www.rosssecuritysolutions.com/
Sign in to Reply