Researchers have for the first time demonstrated that it’s possible to spoof turn-by-turn GPS road navigation to send users to specific wrong locations.
Although generalised spoofing attacks on GPS are well-understood – using false signals to confuse targets or send them off course in places such as the high seas – precisely controlling where they go in complex environments such as cities has until now been considered extremely difficult.
For road navigation, for example, it’s easy to tell someone’s GPS to turn left but if there’s no turning at that location they’ll realise something is wrong and quickly start ignoring the instructions.
The ultimate goal of an attacker would be to model the road system in real time, redirecting targets stealthily without them realising that it is happening.
According to All Your GPS Are Belong To Us, published by researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft, this kind of sophisticated spoofing attack is now within reach.
All the attackers would need is a GPS spoofer built around a Raspberry Pi and other components costing $223 (£170) allied to an algorithm capable of generating spoofed alternative routes to send to the receiver (a smartphone SatNav app, say) in real time.
There is one limitation with this kind of attack – the spoofing device would either need to be controlled from another vehicle within 40-50 metres of the target or attached to it with instructions sent remotely.
However, that being overcome, carefully-conducted tests in simulated and real-world conditions found that the attack design worked well enough to send 38 out of 40 targets to locations of the researchers’ choosing.
Being able to send someone to a specific location could be exploited for kidnap, robbery, or simply to endanger them. For example:
If the attacker aims to endanger the victim, the algorithm can successfully craft special attack route that contains wrong-ways for 99.8% of the trips.
Alternatively, more general deviation attacks could be used to confuse or waste the time of emergency services.
There was a time when this might have been seen as a problem affecting only individuals using in-vehicle turn-by-turn SatNav. However, mobile navigation is becoming central to more recent developments such as taxi sharing (Uber) as well as autonomous vehicles.
Countermeasures?
The researchers have left the makers of mobile navigation systems with some work to do in terms of defence.
This can be achieved in a number of ways, none of which will be cheap or necessarily quick to come to fruition. The first is signal authentication, a way of detecting and shutting out the spoofing signal.
A second possibility is not to rely on a single data source such as the US GPS network when making navigation decisions, for example adding a second or third satellite navigation network – the EU’s emerging Galileo or Russia’s GLONASS or even Wi-Fi – to verify navigation.
That would at least force attackers to spoof data signals from more than one system, a slightly more complicated undertaking. This could be backed up with gyroscopic dead reckoning – the sort that’s been in use by aircraft for many years.
Interestingly, the one the researchers see the most promise in is computer vision-based location verification – that is enabling mobile navigation systems to verify where they are in relation to the map using visual landmarks.
We live in a world where in a mere two decades SatNav and mobile navigation systems have almost entirely liberated travellers from the inconvenient world of paper maps. Reading All Your GPS Are Belong To Us it’s hard not to conclude that this has led people into a complacent world where its accuracy and freedom from interference is simply taken for granted.
The next generation of mobile navigation systems look as if they may need to become a lot more complicated and expensive. Might not want to throw away those old-world paper maps just yet.
Epic_Null
As a GPS user, I’d just like to say – that is a scary situation. Perhaps one way to address the problem is to set up a pre-planned route while starting the GPS, then require authentication when moving away from the route (but not while, say, returning to it after a wrong turn)?
Paul Ducklin
You mean, have *some* idea where you are going before you set off, so that if you do go weirdly off course (or your satnav chooses a bizarre or anti-social path to your destination) you might realise :-)
mike@gmail.com
Yeah that’s getting harder and harder. Some people could hardly find the local grocery store if the GPS doesn’t tell them how to get there. I remember the first time I used GPS navigation, it sent me to the wrong city. Wasted 2.5 hours later, I only figure it after arriving. Definitely learned my lesson. Thankfully Garmin has gotten much better than that now.
Epic_Null
Unfortunatly, that looses effectiveness if you can’t correct your course on your own. I’ve had some pretty nasty issues with getting back on my known path, or if you can easily recognize locations. I once had a 3 hour instead of 45 minute drive home because I took the wrong way at a fork (I had forgotten to turn on my GPS and decided to try to get home without it), but the road looked sufficiently similar that I wasn’t sure if I was “just coming up” on the next section, was in the right place but missed the sign, or if I was really in the wrong place.
Had my GPS not been able to set me on course, especially through an unfamiliar area, I honestly don’t know how long it would have taken to get home at all.
The defense you suggest also wouldn’t work well when in an unfamiliar area, such as when going to a new store in the beginning of the semester, or when going to someplace like the UPS stop near my house, which is not in the most… friendly… area.
Paul Ducklin
The earth is spherical (well, allegedly and approximately) so you can’t ever get *totally* lost. You’re always within a tiny fraction of an Astronomical Unit from where you want to be.
GeriS
Did I get that right: you get to Vancouver by GPS instead of getting home to Houston and then say ‘Oh. Great. It’s an error less than 0.00213% of 1 Astronomical Unit. Well done GPS.’?
I think relying on technical devices without checking – in case of navigation at least having some check points in mind – isn’t a good choice.
Paul Ducklin
Vancouver, WA or Vancouver, BC?
GeriS
Vancouver, BC is the answer. In case of Vancouver, WA the error would have been somthing about 0.00198% of 1 au. ;-)
David C.
Another defense – review the route before you start driving. Every navigation program I’ve seen draws the route on the map. If it looks funny, or if your turn-by-turn directions start deviating from the route you previewed and approved, then it’s time to start ignoring it.
mike@gmail.com
Similar to what used to be done by printing off the direction from mapquest before leaving. Good idea!
WestCoinFall
As a former military specops I would say ordinary people are absolute stupid when relay on GPS without having paper map in a pocket, especially when traveling within unfamiliar terrain.