GPS Software Attacks More Dangerous Than Jamming and Spoofing, Experts Say

Security researchers from the Carnegie Mellon University, in collaboration with experts from Coherent Navigation, have identified new attack vectors against the Global Positioning System (GPS).

Numerous studies have demonstrated the fact that GPS is vulnerable to jamming and spoofing, but by viewing the GPS as a computer system, experts have managed to develop new attacks against this infrastructure.

Their experiments have demonstrated that GPS and GPS-dependent systems are far more vulnerable than we thought.

According to the researchers, a malicious 45-second GPS broadcast is capable of taking down more than 30% of the Continually Operating Reference Station (CORS) network, which is used for safety and life-critical applications. Furthermore, it could also disrupt 20% of the Networked Transport of RTCM via Internet Protocol (NTRIP) systems.

A total of three new attack methods have been identified: GPS data level attacks, GPS receiver software attacks, and GPS dependent system attacks.

GPS data level attacks are somewhat similar to spoofing, but they can cause more damage. For instance, such an attack can remotely crash a high-end receiver.

The second types of attacks leverage the fact that GPS receivers run some kind of computer software that can be remotely compromised.

The worst thing is that, since GPS receivers are most often seen as devices instead of computers, the security holes leveraged by attackers can remain unpatched for extended periods of time.

GPS dependent system attacks exploit the fact that GPS navigation solutions are considered to be trusted inputs by high-level software.

In order to mitigate such threats, experts recommend stronger verification of GPS receiver software and the deployment of regular software updates for IP-enabled devices.

Another mitigation strategy refers to the use of Electronic GPS Attack Detection System (EGADS) that alerts users when an attack is underway, and an Electronic GPS Whitening System (EGWS) that re-broadcasts a whitened signal to otherwise vulnerable receivers.

One noteworthy thing about these types of attacks is that they don’t require sophisticated or expensive equipment. The hardware utilized by the researchers costs only about $2,500 (1,950 EUR).