While the whole thing is interesting (mostly because of the design of the spoofer rather than it being anything else that's new) this headline is deliberately misleading.
And the conclusion has been the same for a while. GPS-only NAV is very susceptible to degradation. Blended solutions are the only path forward with GPS.
> As of September 17, 2015 the Federal Aviation Administration has published 3,567 LPV approaches at 1,739 airports. This is greater than the number of published Category I ILS procedures.
The aircraft would have to be within a few hundred foot bubble of Central Moscow in order to receive the spoofed signal. There are already major problems if an airplane picks up that spoofed signal and tries to land based on it.
Easier to protect a train line than all the roads in a country (and indeed, they are often protected). No physical trespass required, remote activated.
Except rail lines aren’t protected, and couldn’t feasibly be protected. An autonomous car could easily be protected from this simply by using local sensors for collision avoidance, which I think is the norm, as opposed to what this headline misleadingly (heh) suggests.
In the UK railways are mostly protected. Now, that may be a simple fence, which someone could climb over, but then they may find themselves reported, or caught on CCTV. It's a very obvious, very visible thing to do, and in urban areas railways are indeed protected pretty well. And remote triggering something like that is non-trivial.
Roads are everywhere, most of them completely unprotected, and you don't actually have to physically and visibly interfere with the road.
Is it also easier to protect all train lines in the country?
It seems a bit foolish to compare a single train line to all roads instead of all train lines to all roads.
Really? $10 won't buy you much in terms of steel. You'd probably need a lot more than just a crowbar. I'm not saying trains are invulnerable to debris on the tracks, just that they are designed to handle small stuff on the tracks.
Yes. They are designed for that stuff. Here's the biggest accident (in France) from having a large object on the tracks: 80 ton oversized load. Only the engine car derailled.
Trainset involved: 70 (Sud-Est)
Service: train 736, Grenoble to Paris
Location: PN 74, Voiron
Injuries: 2 dead, 60 injured
[Edit: date: 23 September 1988]
A special road transport with a weight of 80 tons became stranded on level
crossing 74. Train 736, rounding a curve toward the crossing, ploughed into it
at 110 km/h (68 mph). The large mass of the road vehicle made this crash much
worse than it might otherwise have been; the engineer and one passenger died,
and many more were injured when the first trailer was ripped open by debris.
Only the leading power unit derailed. This wreck, the most violent to date,
became a reference for the design and crash testing of safety features for the
next generation of TGV, as embodied by today's Duplex trainsets. These newer
trains have several deformable sections, at the front and rear of the power unit
and at the front of the first trailer, to manage and absorb crash energy without
damage to passenger compartments. Trainset 70 was never returned to service, and
the trailing unit 23140 became a spare in the Sud-Est fleet.
Stop shopping at the hardware store and go to an actual steel supplier. If you don't need a lot of material then don't be picky and just by a drop to avoid a cut fee (and revise your design for whatever material you get).
>A $225 GPS spoofer can send sat-nav-guided vehicles into oncoming traffic *
* by fooling the vehicle into driving the wrong way through a one-way street.
That's a serious asterisk. I think there are much more interesting worst-case applications for this, like kidnapping, randsom, misdirecting emergency responders etc. Some of those are mentioned by the article, but the headline just causes doubt and disappointment.
Google/Apple/whatever directions send delivery vehicles down roads with under-height structures all the time and they rarely get can-opened. GPS directions are inaccurate enough in urban environments that people have to pay enough attention for this attack to not work very well. People will generally defer to the local signage when it comes to which lane you need to be in for a turn and which way you can't drive down a street or how tall a bridge actually is.
considering that GPS has civilian and military parts of the signal, are the messages not signed by, i don't know, U.S. military or something? how come it is easy to spoof?
so that no device under any circumstances can be spoofed. what kind of risk is there in crafted signatures if right now you're 100% vulnerable to spoofing without any effort required to produce said signatures?
You could say this about any legacy network. Like the mobile phone network. The designers just didn't think about it/it was expensive/it's expensive to fix/there's legacy hardware.
well if the hardware is advanced enough to do encryption, it is certainly is capable of producing signatures. are GPS satellites not upgradeable? maybe they didn't think about it 40 years ago, but in the last decade - it's about time..
I was going to say "GPS predates signing", but it turns out that the first GPS launch and the invention of RSA signing were in the same year: 1978. Of course the signing technology was also considered to be subject to US export control for decades ...
Besides, signing doesn't necessarily help - the easiest way to GPS spoof is simply to re-broadcast the signals received at a nearby point at higher power, so the victim receiver thinks it's at that point.
1978 RSA invention is when it happened in public domain, 5 years before that a guy at GCHQ invented a similar asymmetric scheme, which i'm sure was well in use by 1978.
replay attack does make sense, but isn't it identified uniquely by time? i mean the content of the payload is basically very accurate time. if a device notices the time doesn't change - it can detect spoofing.
yeah, you're right, it's sort of a brain in the jar problem, isn't it. but it does seem like it's not that hard to detect because of latency between A and B, though it would require a pretty accurate clock on GPS device.
No! Differential latency from the satellites is entirely how GPS works, and there is no way of having an accurate enough clock to be able to spot that without (a) it being an atomic clock and (b) synced to the satellite time at a known location.
But accuracy of GPS signal is in microseconds, so if you suddenly detect a change in level of milliseconds (latency between A and B) - that would totally imply spoofing shenanigans?
Yes, which would manifest as a sudden movement of place detected. What I'm not sure about is what this looks like as you approach the jammer and its signal gradually overwhelms some or all of the signals; does it just look like multipath error.
Obviously I don’t know what I’m talking about, but it seems like such attack is only undetectable by cold gps device that has been offline for longer than some period of time, long enough to explain time shift by clock drift.
It would be fairly easy to rebroadcast continuously, then it's a valid signal, just in the wrong place.
Receiving the same signal over and over would be suspicious, but unless you have some other method to determine time and position, what are you going to do?
Obviously sat-nav guided systems should not rely on unprotected satellite navigation alone. You need complementary systems.
EU's GNSS has PRS (Public Regulated Service) is authenticated and can be used in sensitive applications for civilian uses. US has GPS modes that are protected but they seem to be only for military.
There is also Wide Area Augmentation System (WAAS) and European Geostationary Navigation Overlay Service (EGNOS). They augment GPS/Golnass and Galileo and provide integrity and more accuracy.
Typically new sat-nav systems have multi-constellation capability and they can receive from from GPS/GNSS/Golnass. Even new smartphones have that capability. Of course, if all of them are unprotected, you can spoof them all parallel.
51 comments
[ 3.9 ms ] story [ 108 ms ] threadI see what you did there... ;)
Sounds very dangerous. If an aircraft was landing in poor visibility they could use that to make t crash.
https://en.wikipedia.org/wiki/Localizer_performance_with_ver...
> As of September 17, 2015 the Federal Aviation Administration has published 3,567 LPV approaches at 1,739 airports. This is greater than the number of published Category I ILS procedures.
https://www.youtube.com/watch?v=PRlxSF5bwTI
What about autonomous trains? Cause that would off the rails.
Edit: Relevant XKCD. Causing crashes isn’t hard period. https://m.xkcd.com/1958/
Roads are everywhere, most of them completely unprotected, and you don't actually have to physically and visibly interfere with the road.
They aren't protected. We know this from the numbers of deaths that occur each year on the railways.
In the UK there's an order of magnitude more roads than railways. In the US there are two orders of magnitude more.
It's open source jihad (I assume pretty similar to normal open source) and looks around $20 to make, p35
https://azelin.files.wordpress.com/2017/08/inspire-magazine-...
direct link to paper: https://people.cs.vt.edu/gangwang/sec18-gps.pdf
* by fooling the vehicle into driving the wrong way through a one-way street.
That's a serious asterisk. I think there are much more interesting worst-case applications for this, like kidnapping, randsom, misdirecting emergency responders etc. Some of those are mentioned by the article, but the headline just causes doubt and disappointment.
Google/Apple/whatever directions send delivery vehicles down roads with under-height structures all the time and they rarely get can-opened. GPS directions are inaccurate enough in urban environments that people have to pay enough attention for this attack to not work very well. People will generally defer to the local signage when it comes to which lane you need to be in for a turn and which way you can't drive down a street or how tall a bridge actually is.
From what i can understand, this separation of concerns is a safer option
Besides, signing doesn't necessarily help - the easiest way to GPS spoof is simply to re-broadcast the signals received at a nearby point at higher power, so the victim receiver thinks it's at that point.
There is recent work on doing this: https://web.stanford.edu/group/scpnt/gpslab/pubs/papers/Lo_I...
replay attack does make sense, but isn't it identified uniquely by time? i mean the content of the payload is basically very accurate time. if a device notices the time doesn't change - it can detect spoofing.
Receiving the same signal over and over would be suspicious, but unless you have some other method to determine time and position, what are you going to do?
EU's GNSS has PRS (Public Regulated Service) is authenticated and can be used in sensitive applications for civilian uses. US has GPS modes that are protected but they seem to be only for military.
There is also Wide Area Augmentation System (WAAS) and European Geostationary Navigation Overlay Service (EGNOS). They augment GPS/Golnass and Galileo and provide integrity and more accuracy.
Typically new sat-nav systems have multi-constellation capability and they can receive from from GPS/GNSS/Golnass. Even new smartphones have that capability. Of course, if all of them are unprotected, you can spoof them all parallel.