Hacking a Phone’s GPS May Have Just Got Easier
7 Aug 2015
One of the drawbacks of our increasingly connected world is the proliferation of new wireless connections to hack. More worrying is when hackers finding cheaper and more accessible ways to exploit those vulnerabilities.
For some time it’s been possible to spoof the location of a smartphone or any other device that is connected to a global position system (GPS), but to do so required a sophisticated and often expensive GPS emulator that can cost thousands of dollars.
Now a team of researchers at Chinese Internet security firm Qihoo 360 claim they’ve found a way to make a GPS emulator that can falsify the GPS location of smartphones and in-car navigation systems, more cheaply. (Qihoo’s researchers famously hacked a Tesla Model S last year, taking control of the car’s lock, horn and flashing lights.)
Lead researcher Lin Huang, who will be the first Chinese woman to present at the Defcon security conference later today, says her team used common software-defined radio (SDR) tools to create their module and software. They also used open-source software found on Github that had come from researchers at a Chinese university and some of their own code.
The SDR or radio tools that Huang used include HackRF, once described by Forbes as the $300 wireless Swiss army knife for hackers. The small, relatively cheap board can move between radio frequencies, read and transmit to a broad range of radio frequencies – from the low range used by FM radio to the higher frequencies of WiFi or other more cutting edge protocols.
On smartphones the attack targets navigation signals being delivered at the chipset level, meaning there’s little difference if the device is made by Apple or an Android vendor.
“This is a very low-cost way,” to make a GPS emulator, Huang said on the sidelines of the annual security conference in Las Vegas, speaking with some help from a translator. “This method increases the risk for GPS devices.”[big_button url=”http://www.forbes.com/sites/parmyolson/2015/08/07/gps-spoofing-hackers-defcon/”]Read More[/big_button]