If you’re like me, you’ve become obsessed with using GPS to find your way around town. Personally, I’d peg the accuracy of my GPS usage, locally and while on business travel, at roughly 85 percent, which is pretty darn good.
GPS isn’t infallible, of course. Just ask the woman in Port Jervis, New York who, on Nov. 5, blindly obeyed GPS, and drove her car down a muddy bank into the Neversink River. She’s not alone. GPS-myopic drivers have steered vehicles into bodies of water, up staircases, into buildings, onto golf courses and even off cliffs.
Relacted article: How Russia’s election meddling relates to power grid hacks
But here’s something to consider: could a GPS hack have factored into any of these mishaps? I learned about the two primary forms of GPS attacks — GPS jamming and GPS spoofing — from speaking with Vlad Gostomelsky, a security researcher at Spirent Communications.
Precise time, location
Gostomelsky explained how GPS is a worldwide network used for positioning and timing. A number of satellites encircling earth send timing signals to each individual receiving device, like your smartphone. Your iPhone or Android device uses these signals to calculate your precise location at a precise time.
“GPS is really important because we use it to get an exact time for financial transactions and for server logs,” Gostomelsky says. “And it’s used extensively for navigation both for car GPSs and for smart vehicles.”
As consumers, we use GPS for travel, shopping, personal finances and entertainment. And GPS is a primary navigation tool for aircraft and ocean vessels.
GPS jamming is exactly what you’d expect; the hacker takes steps to deny the reception of GPS signals in a certain radius. In a GPS spoofing caper, the attacker introduces a faked signal that causes the receiver’s app to display the wrong time, an erroneous location, or both.
This is a serious exposure, folks. For the moment, we appear to be in an experimental phase. And no one appears to be in a position to connect the dots, to see if these glitches in GPS programs might be due to the user inadvertently straying into an area where a jamming or spoofing incident is under way.
Worse yet to come
When you consider the ubiquitous use of GPS — by consumers and especially by the military — as well as the comparative ease of executing GPS attacks, there is cause for concern. “I don’t think things are going to get better until it gets far worse,” Gostomelsky told me.
The Federal Communications Commission is the primary agency tasked with overseeing GPS. But Gostomelsky says the agency has limited resources to properly police GPS.
Inattentive drivers causing property damage is one thing. But strong circumstantial evidence has started to emerge highlighting how GPS attacks could become a strategic weapon in nation-state conflicts.
In September, two large ships sailing into Russian waters reported their GPS navigation systems going hay wire, telling them the vessels were sitting on the tarmac at Sochi Airport, some 12 miles inland. The 2014 Olympics were held in Sochi. Experts speculated that the ships sailed into a GPS jamming zone set up to protect Russian President Vladimir Putin’s summer home from surveillance and drone attacks.
Even more worrisome, there have been four navigation accidents involving a U.S. warships this year, including two deadly collisions: the USS John S. McCain collided with an oil tanker off Malaysia, which left ten sailors missing and five injured, and seven sailors died when the USS Fitzgerald was hit by a cargo ship near Japan.
The Navy uses a military-hardened version of GPS. And while Navy officials insist there is no evidence the GPS systems were attacked, the technology to jam or spoof GPS guidance systems is well understood and not terribly difficult to obtain.
I suspect Gostomelsky is right. More high-profile examples of GPS jamming and spoofing are inevitable in 2018. For a deeper drill down on our conversation, please listen to the accompanying podcast.
This is a Security Bloggers Network syndicated blog post authored by bacohido. Read the original post at: The Last Watchdog