Researchers have for the first time demonstrated that it’s possible to spoof turn-by-turn GPS road navigation to send users to specific wrong locations.
Although generalised spoofing attacks on GPS are well-understood – using false signals to confuse targets or send them off course in places such as the high seas – precisely controlling where they go in complex environments such as cities has until now been considered extremely difficult.
For road navigation, for example, it’s easy to tell someone’s GPS to turn left but if there’s no turning at that location they’ll realise something is wrong and quickly start ignoring the instructions.
The ultimate goal of an attacker would be to model the road system in real time, redirecting targets stealthily without them realising that it is happening.
According to All Your GPS Are Belong To Us, published by researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft, this kind of sophisticated spoofing attack is now within reach.
All the attackers would need is a GPS spoofer built around a Raspberry Pi and other components costing $223 (£170) allied to an algorithm capable of generating spoofed alternative routes to send to the receiver (a smartphone SatNav app, say) in real time.
There is one limitation with this kind of attack – the spoofing device would either need to be controlled from another vehicle within 40-50 metres of the target or attached to it with instructions sent remotely.
However, that being overcome, carefully-conducted tests in simulated and real-world conditions found that the attack design worked well enough to send 38 out of 40 targets to locations of the researchers’ choosing.
Being able to send someone to a specific location could be exploited for kidnap, robbery, or simply to endanger them. For example:
If the attacker aims to endanger the victim, the algorithm can successfully craft special attack route that contains wrong-ways for 99.8% of the trips.
Alternatively, more general deviation attacks could be used to confuse or waste the time of emergency services.
There was a time when this might have been seen as a problem affecting only individuals using in-vehicle turn-by-turn SatNav. However, mobile navigation is becoming central to more recent developments such as taxi sharing (Uber) as well as autonomous vehicles.
Countermeasures?
The researchers have left the makers of mobile navigation systems with some work to do in terms of defence.
This can be achieved in a number of ways, none of which will be cheap or necessarily quick to come to fruition. The first is signal authentication, a way of detecting and shutting out the spoofing signal.
A second possibility is not to rely on a single data source such as the US GPS network when making navigation decisions, for example adding a second or third satellite navigation network – the EU’s emerging Galileo or Russia’s GLONASS or even Wi-Fi – to verify navigation.
That would at least force attackers to spoof data signals from more than one system, a slightly more complicated undertaking. This could be backed up with gyroscopic dead reckoning – the sort that’s been in use by aircraft for many years.
Interestingly, the one the researchers see the most promise in is computer vision-based location verification – that is enabling mobile navigation systems to verify where they are in relation to the map using visual landmarks.
We live in a world where in a mere two decades SatNav and mobile navigation systems have almost entirely liberated travellers from the inconvenient world of paper maps. Reading All Your GPS Are Belong To Us it’s hard not to conclude that this has led people into a complacent world where its accuracy and freedom from interference is simply taken for granted.
The next generation of mobile navigation systems look as if they may need to become a lot more complicated and expensive. Might not want to throw away those old-world paper maps just yet.