GPS Software Attacks

Tuesday, December 11, 2012 @ 04:12 PM gHale

There are new attack vectors coming in against the Global Positioning System (GPS), new research says.

Numerous studies have demonstrated GPS is vulnerable to jamming and spoofing, but by viewing the GPS as a computer system, experts have managed to develop new attacks against this infrastructure.

Botnet Hides on Tor Network
New Attacks from ‘Gameover’ Gang
Nitol Botnet Shares China Code
Cloud Ripe for Botnet Attacks

Their experiments have demonstrated GPS and GPS-dependent systems are far more vulnerable than previously thought, said researchers from the Carnegie Mellon University, in collaboration with experts from Coherent Navigation.

A malicious 45-second GPS broadcast is capable of taking down more than 30% of the Continually Operating Reference Station (CORS) network, which officials use for safety and life-critical applications, researchers said. Furthermore, it could also disrupt 20% of the Networked Transport of RTCM via Internet Protocol (NTRIP) systems.

Researchers identified three new attack methods: GPS data level attacks, GPS receiver software attacks, and GPS dependent system attacks.

GPS data level attacks are somewhat similar to spoofing, but they can cause more damage. When that happens, such an attack can remotely crash a high-end receiver.

The second types of attacks leverage the fact GPS receivers run some kind of computer software that is possible to remotely compromise.

The worst thing is people see GPS receivers as devices instead of computers, security holes leveraged by attackers can remain unpatched for extended periods of time.

GPS dependent system attacks exploit the fact GPS navigation solutions end up thought of as trusted inputs by high-level software.

In order to mitigate such threats, experts recommend stronger verification of GPS receiver software and the deployment of regular software updates for IP-enabled devices.

Another mitigation strategy refers to the use of Electronic GPS Attack Detection System (EGADS) that alerts users when an attack is underway, and an Electronic GPS Whitening System (EGWS) that re-broadcasts a whitened signal to otherwise vulnerable receivers.

One noteworthy thing about these types of attacks is they don’t require sophisticated or expensive equipment. The hardware utilized by the researchers costs $2,500.

Leave a Reply

You must be logged in to post a comment.