GPS Spoofing – Unicorn Team, Qihoo 360 China

by | Aug 24, 2016 | Blog

Blog Editor’s Note: Recently a video using a Rohde & Schwarz signal generator to cheat Pokemon Go went viral. We hear that the opportunity to spoof Pokemon Go and roam the world from your couch caused a lot of talk about GPS spoofing generally at this year’s Def Con hackers’ conclave in Las Vegas.  Here is the posting on YouTube for last year’s presentation on inexpensive GPS spoofing that brought the capability to the consumer level. 

DEF CON 23 – Lin Huang and Qing Yang – Low cost GPS simulator: GPS spoofing by SDR

Published on Dec 25, 2015

It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low. It may influence all the civilian use GPS chipset. In this presentation, the basic GPS system principle, signal structure, mathematical models of pseudo-range and Doppler effect will be introduced. The useful open source projects on Internet will be shared with attendees.

Speaker Bios:
HUANG Lin is a wireless security researcher, from Unicorn Team of Qihoo 360 China. Before entering Qihoo, she worked for telecom operator Orange, for 9 years, as a wireless researcher. Her interests include the security issues in wireless communication, especially the cellular network security, and also other problems in ADS-B, GPS, Bluetooth, Wifi, and automotive electronics.

See Video of Entire Presentation