Manipulation of GPS signals used to be only possible in James Bond movies (Tomorrow Never Dies), and only possible with expensive equipment and extensive knowledge of GPS.
That changed when two Chinese security researchers, Huang Lin and Yan Qing, demonstrated at the DEFCON 23 Hacking Conference how to build a simple GPS spoofing device. They did so using only cheap, everyday products. They say it requires little to no knowledge of GPS.
With that, it seems GPS spoofing is becoming a widespread hacking technique – and is becoming a real threat to the industry of navigation. Those working with GPS inertial navigation systems may need to upgrade their system and find ways to mitigate the attacks.
The Art of Spoofing
Spoofing is the art of deceiving a location-dependent device into believing it’s somewhere other than its true location. It can be done in many ways, some extremely easy, some relatively hard.
This is neither a new concept nor all about GPS. One of the first uses of spoofing was during the first World War when the naval shore station in the UK sent German ship call signs, which later on became an established military tactic and was extended to radar and navigation signals.
GPS Spoofing Then and Now
A few years ago, spoofing worked by faithfully recreating the signals from multiple satellites, and transmitting them to capture a local GPS receiver. If the target receiver cannot tell the difference between the real and fake signals, the receiver could appear to be at a different location.
Now, it is easy to control GPS receivers using a radio, off-the-shelf components, and freely available source code. According to the Chinese researchers mentioned above, it does not require any special expertise in GPS and is a relatively straightforward and low-cost process.
To prevent attacks, experts suggest doing a spoofing simulation. This won’t stop spoofing, but it allows those working with GPS signals to develop mitigation techniques and countermeasures.
Decades ago, GPS security was more of an afterthought. Nobody knew that it would take off like this, and just like the explosion of the Internet, it was completely unexpected.