GPS is probably one of the most frequently used governmental technologies of our decade. It is used by millions of people worldwide on a daily basis for everything from getting directions to tracking loved ones or even setting phone notifications based on location. Most people don’t even stop to think about everything that goes on behind the scenes. GPS simply works. But, what if it didn’t?
Pretty much all GPS technologies are vulnerable to GPS spoofing–or the act of sending fake signals to a GPS device to trick it into believing that it is located somewhere else. But, until now GPS spoofers were a little on the expensive side to create or purchase and so the threat, while there, was minimal for most devices. But, Chinese security researchers demonstrated recently that with the right know-how anyone could build a GPS spoofer. All you need is around $300 and some coding knowledge.
The exploit was discovered by researchers at Chinese Internet security firm Qihoo 360 and lead researchers Lin Huang presented the findings at a Defcon Security Conference at the beginning of August. According to Forbes, the team used common software-defined radio (SDR) tools and open-source software found in Github along with their own code in order to spoof a GPS module.
Now, don’t get me wrong… just because it can be done doesn’t mean that we should all stop using our GPS units or start worrying that there’s a spoofer on every corner. For your average civilian, this really isn’t going to change all that much. After all, common sense and a backup plan (like a paper map and compass) ought to be something that we’re all using in addition to GPS units anyway. However, as far as GPS being used on a more commercial or even governmental capacity, this exploit has some pretty far-reaching consequences. After all, there have already been several examples of possible GPS spoofing or hacking attempts on military drones and equipment and the low cost means that it will only become more accessible.
I haven’t seen any official reactions from any governmental bodies on this newest threat to one of the nation’s most widely-used services, but the Resilient Navigation and Timing Foundation has released a series of recommendations to help strengthen the GPS system. You can check it out here.
Huang also recommended that GPS chipset manufacturers should work on better software to detect GPS spoofing and that the GPS satellites themselves also bear some responsibility for defending against spoofing attempts.
To learn more about it, check out this Forbes article.