Global Positioning System's Friendly Hack

Researchers at the Cornell University and Virginia Tech are worried about the risks and implications of hacking the Global Positioning System, and so they tried and managed to “spoof” it, revealing its security-related flaws.

Following the computer hacking model that is known and fought against since the early days of the Internet, the Global Positioning System may also be exposed to such virulent attacks. But, perhaps more than hacking major computer networks, “spoofing” the GPS may have serious consequences on a worldwide scale, since it's responsible for lots of crucial aspects, from navigation to national power grids.

Brent Ledvina from Virginia Tech, who aided in the development of a hacking software that would indicate the weak elements of the whole system, reveals the concerns, “The average person doesn't realize how much infrastructure is based on GPS and how vulnerable it is, but the truth is that a lot can be done about these vulnerabilities”. He explained that the GPS works based on triangulating the signals received from around 30 satellites placed on the Earth's orbit, and tracks down the location of any object in reference to the duration in which a signal reaches its receiver. It is so accurate that its error margin is of hundreds of nanoseconds.

A regular hack implies using a stronger signal that jams the real one, which renders the GPS device unusable. But a real clever one makes the victim unaware of the attack, by issuing a fake GPS signal, similar to the original, which yields slightly different location or timing. “Everything looks completely normal, but the spoofer is controlling your position in time and space,” added Ledvina. Even a delay of few microseconds could have dire implications that the creators of the system hadn’t even thought of during the 1970s. For example, a 10 microsecond switch-off could cause GPS-using power generators to explode. Larger variations could determine plane crashes, bank time-stamping financial transactions going wrong, or police activities rendered useless.

As Paul Kintner from the Cornell University states, “Apparently fisherman are required to carry a GPS monitoring unit and already have made crude attempts at spoofing. There are likely more examples of where people do not want to be tracked that would gladly pay for a spoofer”. Luckily, Ledvina explained that building their suitcase-sized spoofer costs about $1 million.