Sad Nav: How a cheap GPS spoofer gizmo can tell drivers to get lost

Eggheads reveal designs for causing navigation mischief for folks unsure of surroundings

Researchers have developed kit that masquerades as GPS satellites to deceive nearby GPS receivers and thus potentially trick drivers into heading off in the wrong direction.

The team – a trio of groups at Microsoft, Virginia Tech in the US, and the University of Electronic Science and Technology of China – detailed in a paper out this month that, by spoofing the packets of data sent to smartphones and cars' built-in navigation systems from orbiting positioning satellites, they can remotely change the routes with up to 95 per cent accuracy.

They built a radio-transmitting Raspberry Pi-based device, using just $223 of components, that blasts out fake location information and drowns out the real positioning data from the skies. Miscreants could use this equipment, while following a target in a car, to beam bogus location data to their mark and reroute their victim's journey.


Easy as Pi ... a Raspberry Pi: How the system is set up

"Our measurement shows that effective spoofing range is 40–50 meters and the target device can consistently latch onto the false signals without losing connections," the researchers write.

The sly passenger

Of course, tailgating might look somewhat suspicious, so the researchers also experimented with stashing the spoofing device in the trunk of a mark's car or under the back seat. They could then add new route details via a cellular network connection with the spoofing gizmo without needed to get so close to the target.

During testing in a Chinese parking lot, the boffins found that establishing control of the target's GPS took slightly longer if the spoofer was in the trunk (48 seconds) as opposed to under the seat, which took just 38 seconds.

Chris Roberts at Cyber Week (photo: John Leyden)

'Plane Hacker' Roberts: I put a network sniffer on my truck to see what it was sharing. Holy crap!


This isn't the first time researchers have used GPS spoofing to take over a vehicle. In 2013, a group of university students used a similar spoofing technique to send a luxury yacht off course in the Mediterranean.

In this new case, however, the process was more tricky as the cars were out on the road, rather than a body of water. The team used data from OpenStreetMap to construct routes the target could take without crashing into pedestrians or buildings.

"First, road navigation attack has strict geographical constraints. It is far more challenging to perform GPS spoofing attacks in real-time while coping with road maps and vehicle speed limits," the researchers explained.

"In addition, human drivers are in the loop of the attack, which makes a stealthy attack necessary."

But if properly conducted the spoofing attacks are highly effective. A trial carried out by 40 volunteer drivers found that 95 per cent of the time the attackers were able to trick the targets into following the bogus directions rather than the usual GPS route.

Don't trust the computer

One limitation of the attack is human familiarity with the surrounding area. The researchers noted that the spoofing is only believable in areas where the target is heavily reliant on GPS directions and unfamiliar with the route and the language used on street signs.

All the test subjects noticed that their GPS took a dive for around 30 seconds while the spoofer took over, but weren't worried – thinking it was a normal outage that most of us have experienced. But only two of the 40 participants recognized that they had been hacked by spotting that the types of roads they were driving down weren't matching the GPS readout.

These kind of attacks could be particularly harmful in an era of self-driving cars and trucks, the researchers noted. Hijacking a shipping container on the back of a truck could be as easy as slipping a spoofer under the cab and, with no human driver noting something was wrong, a criminal to could just direct the vehicle to a safe house and steal its contents.

The eggheads said the attack could be effectively stopped in a number of ways. The best solution would be to enable encryption on civilian GPS signals, however, that's a massive undertaking since it would involve upgrading the millions of GPS-enabled devices out there.

Anther method would be to have the navigation unit automatically check that landmarks along the way, such as gas stations and highway types, corresponded to the expected route. Again though, that will require a lot of new hardware and software.

A lower-tech solution would be to have the inertial sensors in the car check to see it the expected acceleration and deacceleration matched the predicted route, however, the researchers noted this would be very imprecise in practice.

In the meantime, keep your eyes open and your hands on the wheel. ®

Similar topics

Other stories you might like

  • Everything you wanted to know about modern network congestion control but were perhaps too afraid to ask

    In which a little unfairness can be quite beneficial

    Systems Approach It’s hard not to be amazed by the amount of active research on congestion control over the past 30-plus years. From theory to practice, and with more than its fair share of flame wars, the question of how to manage congestion in the network is a technical challenge that resists an optimal solution while offering countless options for incremental improvement.

    This seems like a good time to take stock of where we are, and ask ourselves what might happen next.

    Congestion control is fundamentally an issue of resource allocation — trying to meet the competing demands that applications have for resources (in a network, these are primarily link bandwidth and router buffers), which ultimately reduces to deciding when to say no and to whom. The best framing of the problem I know traces back to a paper [PDF] by Frank Kelly in 1997, when he characterized congestion control as “a distributed algorithm to share network resources among competing sources, where the goal is to choose source rate so as to maximize aggregate source utility subject to capacity constraints.”

    Continue reading
  • How business makes streaming faster and cheaper with CDN and HESP support

    Ensure a high video streaming transmission rate

    Paid Post Here is everything about how the HESP integration helps CDN and the streaming platform by G-Core Labs ensure a high video streaming transmission rate for e-sports and gaming, efficient scalability for e-learning and telemedicine and high quality and minimum latencies for online streams, media and TV broadcasters.

    HESP (High Efficiency Stream Protocol) is a brand new adaptive video streaming protocol. It allows delivery of content with latencies of up to 2 seconds without compromising video quality and broadcasting stability. Unlike comparable solutions, this protocol requires less bandwidth for streaming, which allows businesses to save a lot of money on delivery of content to a large audience.

    Since HESP is based on HTTP, it is suitable for video transmission over CDNs. G-Core Labs was among the world’s first companies to have embedded this protocol in its CDN. With 120 points of presence across 5 continents and over 6,000 peer-to-peer partners, this allows a service provider to deliver videos to millions of viewers, to any devices, anywhere in the world without compromising even 8K video quality. And all this comes at a minimum streaming cost.

    Continue reading
  • Cisco deprecates Microsoft management integrations for UCS servers

    Working on Azure integration – but not there yet

    Cisco has deprecated support for some third-party management integrations for its UCS servers, and emerged unable to play nice with Microsoft's most recent offerings.

    Late last week the server contender slipped out an end-of-life notice [PDF] for integrations with Microsoft System Center's Configuration Manager, Operations Manager, and Virtual Machine Manager. Support for plugins to VMware vCenter Orchestrator and vRealize Orchestrator have also been taken out behind an empty rack with a shotgun.

    The Register inquired about the deprecations, and has good news and bad news.

    Continue reading

Biting the hand that feeds IT © 1998–2021