Blog Editor’s Note: The below is reproduced from a LInkedin post. Interesting tidbit about help available if you are having difficulty spoofing GNSS signals. Good to know, but we probably won’t be calling anytime soon.
Full disclosure – Regulus Cyber is a corporate supporter of the RNT Foundation.
Hacking Navigation Was Never Easier
We tend to take it for granted, or not even realize we are using it, but the GPS is highly integrated in our everyday lives. The most common use of GPS that affects everyday life is navigation – when you want Waze to give you directions where to drive or when you use google maps when you walk around town. GPS is also at the core of Location Based Services or LBS, such as UBER, Lyft, Grab or Gett– the driver knows exactly where you are waiting and you can see them driving to you on the app. Airplanes use GPS in order to navigate the skies and ships use it to navigate the seas. But GPS is not only for navigation or location – it has a major role in providing precise time, which affects our economy, communication systems, electrical power grids, and more others.
GPS signals are susceptible to two kinds of attacks – jamming and spoofing. Jamming is when the GPS signal is blocked, and the device receiving the GPS signals won’t get any information. For example, a ship in the middle of the ocean will disappear from both the onboard navigation system and any remote fleet monitoring station, and therefore, won’t be capable of continuing navigation based on GNSS. On the other hand, spoofing is generating fake GPS signals that overcome the real signals coming from space, allowing the attacker to take control of the target’s perceived location, time and altitude. Looking at the previous ship example, in this case the ship’s crew won’t be able to tell they are currently being spoofed and even the fleet monitoring station, as well as every other ship in the vicinity, will be affected by the hacked GPS signal, navigating based on false information.
Spoofing doesn’t only affect maritime, it affects multiple industries, in various dangerous ways. . For instance, spoofing can be used for changing location on the phone in order to create an alibi for a crime. It can be used in order to make ships and airplanes accidentally cross territorial airspace or water or collision. Spoofing the navigation system of an autonomous vehicle can make it to turn off the road or divert into the wrong lane. The dangers of GPS spoofing are endless, and are on the rise.
GPS is integrated in every aspect of our lives, but have you ever asked yourselves – how easy it is to spoof a GPS? Well the answer is that unfortunately, it is very easy. All an attacker would require is a free online available software and a free piece of hardware that can be easily bought online. The cost of the hardware is less than 100 USD and can easily operate using any laptop. Even if the software and hardware are easy to achieve, it’s still hard to hack, no? That may be the case, but there are so many videos, tutorials and guides on YouTube explaining step by step how to spoof a GPS sensor.
The main hardware needed for hacking is SDR – radio communication system that can be used for tracking aircrafts and ships, receiving broadcast radio, creating armature (ham) radio and among other things for spoofing GPS signals. There is no limitation on the purchase of SDR, anyone with an eBay or Amazon account can buy one, the same way they purchase a case for their phone. You connect it to your computer with a USB cable and you are one step closer to hack GPS.
On YouTube, if you search “how to spoof GPS” you will get over 60,000 results. Most of them are related to the Pokemon Go app, but spoofing location for this game is the same for any other location-spoofing, and if kids can follow the instructions in all of the videos to spoof their own mobile phones, so can perpetrators do it just as easily use is for nefarious purposes. Some of the videos even provide the direct links for downloading the needed software for spoofing, others show specific ways to hack an Android or an iPhone, and most of the content creators on YouTube are so nice and caring, that if you are having trouble following their video, they will answer questions and help you in the comments to successfully spoof the target device.
This rapid increase in GPS attacks is leading to governments and companies trying to find alternatives for navigation, but it is more difficult than it seems. The task of finding a technology that will completely replace the GPS is so unlikely, that the main focus for now, is to create technology to protect the authenticity and reliability of the signals.
Satellite Based Navigation and Timing is so embedded into many aspects of our daily lives and society, we can clearly say that for the foreseeable future GPS security is becoming one of the largest cyber threats worldwide. For these reasons, the need for protecting the GPS receivers is the main concern for all companies and organisations utilising satellite-based navigation and timing.