GPS spoofing kits

[Eugen Leitl]

http://news.bbc.co.uk/2/hi/science/nature/8533157.stm

Sat-nav systems under growing threat from 'jammers'

By Jason Palmer

Science and technology reporter, BBC News 

Technology that depends on satellite-navigation signals is increasingly
threatened by attack from widely available equipment, experts say.

While "jamming" sat-nav equipment with noise signals is on the rise, more
sophisticated methods allow hackers even to program what receivers display.

At risk are not only sat-nav users, but also critical national
infrastructure.

A UK meeting outlining the risks was held at the National Physical Laboratory
in Teddington on Tuesday.

The meeting was organised by the government-funded Digital Systems Knowledge
Transfer Network.

"GPS gives us transportation, distribution industry, 'just-in-time'
manufacturing, emergency services operations - even mining, road building and
farming, all these and a zillion more," David Last, a consultant engineer and
former president of the Royal Institute of Navigation, told the conference.

"But what few people outside this community recognise is the high-precision
timing that GPS provides to keep our telephone networks, the internet,
banking transactions and even our power grid online."
	
You can consider GPS a little like computers before the first virus - if I
had stood here before then and cried about the risks, you would've asked 'why
would anyone bother?' David Last, former president of the Royal Institute of
Navigation

Professor Last recalled the New Year's Day failure of a single satellite in
2004 and how it wreaked havoc with sat-nav readings.

"Satellite failures, though dramatic, are not the main problem," he said.

"The Achilles heel of GPS is the extremely weak signals that reach the
receiver."

Each satellite in a sat-nav constellation is putting out less power than a
car headlight, illuminating more than a third of the Earth's surface at a
distance of more than 20,000 km.

What that means, and what has brought this group of policy-makers, academics
and industry figures together, is that the signals can be easily swamped by
equipment back on Earth.

Criminal intent

This can be done unintentionally by, for example, pirate television stations,
or with a purpose in mind.

Military systems have been doing this "jamming" - flooding an area with a
signal at the GPS frequency - for years in a bid to frustrate enemy
navigation systems.

But small jamming devices are increasingly available on the internet.

NLB Pole Star (GLA)

The biggest danger may come not from big errors, but small ones

Low-power, hand-held versions that cost less than #100 can run for hours on a
battery and confuse sat-nav receivers tens of kilometres away.

Higher-power versions can do far worse, and at both GPS and mobile phone
frequencies.

What is more, receivers can be "spoofed" - not simply blinded by a strong,
noisy signal, but fooled into thinking their location or the time is
different because of fraudulent broadcast GPS signals.

"You can now buy a low-cost simulator and link it to Google Earth, put on a
route and it will simulate that route to the timing that you specify," said
Professor Last.

"A GPS receiver overcome by it will behave as if you're travelling along that
route."

The approach still costs in the thousands and is the preserve of what
Professor Last calls the "real techies", but he guessed that the tools could
be in the hands of criminals within a year or two.

One obvious reason to do the jamming or spoofing is that high-value cargo is
tracked with GPS, as are armoured cars and many rental cars, so that
confusing the tracking signal could spell a successful heist.

Sat-nav-based pricing for toll roads and road usage charges could be spoofed,
and a company's employees may even use the devices to block the tracking
devices imposed on company cars.

But jamming and spoofing, Professor Last said, were irresistible to the
hacker type who did it for fun.

"You can consider GPS a little like computers before the first virus - if I
had stood here before then and cried about the risks, you would've asked 'why
would anyone bother?'.

"It's the same market as the hackers."

But the hackers' fun poses a particular danger to ships, which have systems
that increasingly use sat-nav directly but also feed GPS signals into other
equipment.

Jamming trial (GLA)

In the GLA trial, GPS in the jamming zone (red triangle) reported positions
tens of km away from the true (eLoran) position

Some at the conference argued that with the growing maritime use of sat-nav,
crews were less able to revert to classic methods of map-reading and "dead
reckoning".

Alan Grant of the General Lighthouse Authorities (GLA) carried out an
experiment in 2008 to assess the degree to which ships would be affected by a
jamming signal.

Using a relatively low-power jamming signal off the eastern English coast, he
found that ships coming into the jamming area suddenly read locations
anywhere from Ireland to Scandinavia - but with ranges dependent on the ship
itself.

"The level of disruption depends on the ship - the make and model of the kit,
how it's been integrated, and down to the strength of the jamming signal," he
said.

But he suggested the more dangerous case is that of a jamming signal causing
only small errors that would not so obviously give themselves up as false
information.

The immediate solution to the problem is not clear, since the existing US GPS
and Russian Glonas systems, and the forthcoming European sat-nav effort
Galileo, are equally susceptible.

Some at the conference suggested the relative security of the eLoran
ground-based system that is already in place, but which existing consumer
devices do not pick up.

There is no reason to believe, however, that widespread adoption of eLoran or
any other standard would preclude eventual jamming efforts to thwart it.

"Navigation is no longer about how to measure where you are accurately -
that's easy," Professor Last said. "Now it's all about how to do so reliably,
safely and robustly." 

-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________ ICBM:
48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D
78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE