Global Positioning System “transmits timing information in atomic clock precision to receivers”–in short, this is what you see in movies or TV shows that detectives use to track down the location of bad guys or people they just want to track and get a hold of. Though it’s a cool technology, there’s still security issues regarding this–meaning it’s not really accurate since it can easily be spoofed or jammed, thus, giving a false location.
In July, a research team in the University of Texas proved just how easy it was to hack a DHS drone using a less than $1,000-worth of tool. They spoofed a critical GPS on the drone and were able to send new commands to the drones. The DHS was able to gain back control over the drone, but still, knowing it can be done, just proves how easily GPS can be tapped.
In a recently published paper, “GPS Software Attacks [PDF],” the authors discussed how they were able to attack professional and consumer GPS receiver by using a hardware that cost as much as a high-end laptop or about $2500.
The various types of attacks that can be applied to GPS are GPS Data level attack which is more advance than spoofing as it can crash high-end data receiver, GPS Receiver Software attack such as applying remote access to infiltrate it since GPS receivers are like computers, and GPS Dependent System attack which exploits latent bugs that depend on time and date.
They used the attacks on several settings such as manipulating positioning, navigating and timing so those who are under house arrest and wear ankle bracelets can go anywhere without setting off the alarm; manipulate reference stations to amplify attacks by re-transmitting faulty information to dependent system; and manipulating downstream systems.
The point of the paper is not to teach people how to hack GPS but to let people know that it is not secured enough and that it should be taken cared of just by simply deploying Electronic GPS Attack Detection Systems (EGADS) that, as the name implies, detects when GPS is under attack or being hacked. Also, the researchers want it to be known that attacking GPS is not all about infiltrating the hardware signal analysis but GPS has to be considered as a computer and protect it as such – which most GPS manufacturers are failing to do, thus, rendering their system vulnerable to attacks.