Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Find Crippling Flaws In Global GPS

Posted by samzenpus on from the where-in-the-world dept.

mask.of.sanity writes "Researchers have developed attacks capable of crippling Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unamed drones. The novel remote attacks can be made against consumer and professional-grade receivers using $2500 worth of custom-built equipment. Researchers from Carnegie Mellon University and Coherent Navigation detailed the attacks in a paper. (pdf)"

32 of 179 comments (clear)

  1. Misleading Summary by KeithIrwin · · Score: 5, Informative

    The paper isn't really about attacking GPS infrastructure. It's about attacking GPS receivers. Some of these receivers may be part of other sorts of infrastructure. I was at CCS when the paper was presented. It's all about sending fake GPS satellite signals to receivers to exploit bugs in the software in the receivers. The work is interesting and includes attacks which can desynchronize the clocks on some devices and there was one device you could essentially brick by telling it at the satellite was at radius 0 (center of the earth) resulting in a divide by 0 overflow. I liked the paper and thought it was neat, and it could do serious damage to particular systems which rely on GPS if they have the right type of flaws in their software to be exploited by this attack, but it was not an attack against the GPS satellites or anything like that.

    1. Re:Misleading Summary by KeithIrwin · · Score: 5, Informative

      Err, I just meant divide by 0 error, not overflow. The fun bit of that attack is that the reason it effectively bricks it is that the divide by zero error crashes it and it reboots, but it logs its data into flash, so as soon as it finishes rebooting, it starts reprocessing the stored data, thus it reads the 0 again and crashes and it just gets stuck in a loop like that forever. It's a fairly fun and clever paper.

    2. Re:Misleading Summary by fermion · · Score: 2
      So that is interesting. Some GPS receivers have software errors that all bad input to brick them. It is no surprising because on thing that too many automated systems do not protect against is malicious input. This is, however, the sort of thing that be handled by a software update, if a GPS is capable of such a thing.

      I guess win one for smartphones.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
    3. Re:Misleading Summary by ne0n · · Score: 5, Funny

      If it was news you'd see it on Carver Media first. We saw this attack used in 1997 to start open hostilities between China and Britain. Luckily we had a man in the area and he managed to stop it before anybody went nuclear.

      --
      $ :(){ :|:& };:
    4. Re:Misleading Summary by KeithIrwin · · Score: 3, Informative

      Well, thanks for the kind words anyway. Honestly, I thought that modding up my second comment (which was mostly just meant as an error correction) was excessive. If I'd known it would've been modded up, I might've not made it as I don't want to be a karma whore. But, oh well, I guess I shouldn't look a gift horse in the mouth.

    5. Re:Misleading Summary by KeithIrwin · · Score: 3, Funny

      I'm pretty certain that this is how Ian has intercepted and captured at least two US drones

      Who is this drone-intercepting and capturing Ian ?

      Well, as you likely know, most bagpipes have two or three drones, and Ian is a common Scottish name, so I'm pretty sure he's a Scotsman who managed to hijack some American bagpipes in transit. Clearly, the US needs to protect them better when they're transiting through the UK.

  2. Well, duh. by girlintraining · · Score: 4, Interesting

    This isn't news. The GPS signal is very, very weak. It's actually right at the noise floor and using some rather ingenious encoding to resolve the signal. The signal itself is fully-documented for consumer equipment. Given the weak signal strength and the protocol having no encryption or validation to speak of, of course jamming is possible; Receiver selectivity dictates it'll lock on to the strongest signal, the root square law dictates that just about any terrestrial source with line of sight will be stronger than the one in space. The only problem to work out then is processing; You have to figure out where the receiver is now, and then figure out where you want it to be, and adjust all the signals it could receive from the GPS satellites simultaniously to cause it to (falsely) lock on to the new position. And considering that the timing needs to be in fractions of a millisecond to have any value at all, you need to be very exact.

    Most of the equipment is dedicated to computing what the signal needs to be.... the actual transmitter is dirt cheap.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Well, duh. by tylerni7 · · Score: 4, Interesting

      I don't think you looked at the paper really. GPS spoofing and jamming are nothing new (as is mentioned in the paper). The new aspect is that there are software attacks that can be done on the receivers. For example, one of the divide by zero errors will cause a denial of service attack on some receivers. This is vastly different from jamming, because the DoS continues even after the transmitter is shut off. Jamming would obviously stop as soon as the transmitter is turned off. That is the new, exciting, and dangerous part of all this.

    2. Re:Well, duh. by AK+Marc · · Score: 2

      Satellite runs as close to the noise floor as possible. I've used some equipment that runs with SNR in the negatives (noise above signal).

      --
      Learn to love Alaska
    3. Re:Well, duh. by Anonymous Coward · · Score: 5, Funny

      A new software attack to disable GPS functionality? - Apple maps was released months ago.

    4. Re:Well, duh. by tbird81 · · Score: 2

      Thank you for your sarcastic comment on behalf of everyone else. We're all such complete cocks that we get offended when someone explains something we're proud of working out for ourselves, because it takes away one of the few tiny achievements we will manage in our sad pathetic lives.

      (That above paragraph was sarcastic... the following paragraph is not.)

      You're a dickhead AC. (That's a person who behaves in a selfishly annoying way for his own pleasure, not actually someone with a penis for a head. And I was not calling you the glans penis either [that's the medical term for the head of the penis].)

  3. What a nonsense by angel'o'sphere · · Score: 2, Insightful

    Planes and Ships don't rely on GPS.

    If you have a license to pilot any of them, you have learned how to navigate without.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    1. Re:What a nonsense by MichaelSmith · · Score: 5, Informative

      Well okay but I work in air traffic control and there is a high level of relience on positonal information from GPS.

      --
      http://michaelsmith.id.au
    2. Re:What a nonsense by realityimpaired · · Score: 4, Informative

      Commercial airliners are still equipped with other navigation systems, but most of them are beacon systems that are only useful when you're close to an airport. These systems are still used for landing. For long distance navigation, the non-GPS systems are almost all a distant memory. It's *possible* to navigate a plane with a compass and a clock, and if you're flying low enough (and in an area with enough airports) it's possible to navigate by switching beacons, but I wouldn't want to hazard that in a plane the size of most commercial airliners. It's the kind of thing you do (and are trained to do, or at least were when I was taking lessons) in a Cessna, not a 767.

      The real concern is that the occupants of the plane have no way of knowing that their GPS information is bad in the first place. You can have a thousand backups available to you, but if you don't know that your primary system is being fed bad information, are you going to check/trust the backup that's based on technology developed a century ago (seriously... clock/compass is how Amelia Earhart and Fred Noonan were navigating)? And assuming that the GPS actually *crashed* (in the DoS way described in TFA), you'd still have Air Traffic Control to tell you where you were... they don't use GPS, they use radar.

    3. Re:What a nonsense by Kagato · · Score: 3, Interesting

      True, but it's a daily problem for ATC in some parts of the world. North Korea jams GPS around ICN on a regular basis. Even EWR had a GPS issue for some time. They figured a trucker was using a GPS jammer to block the logger on the truck. Every time the truck would drive near the airport it would create a hassle.

    4. Re:What a nonsense by MichaelSmith · · Score: 2

      Pretty much here in Australia. I have taken to hanging out beside runway 16/34 at Tullamarine in Melbourne, recording MODE-S data. Anything medium or heavy with a normal turbine engine has ADS-B. Many turboprops do and some rotorcraft. But I also found out that tulla is a great place to pick up garbage data, probably from the maintenance facilities. I got one track with lat=0.0,lon=0.0

      --
      http://michaelsmith.id.au
  4. Boffins by PvtVoid · · Score: 2

    What the fuck is with the science press in Britain / Australia about the word "boffins"? Why does every single science article, without fail, have to have some supposedly clever pun or alliteration around the word? (Extra points for using the word astro-boffins.)

    I've gotten to the point that if I see the word "boffins" in a science article, I immediately click away. Please make it stop!

    1. Re:Boffins by mister2au · · Score: 2

      Why is that any different to researcher or expert or scientist? They are just as useless or even less useful terms

      It is an Australian article using "Australian English" or "British English" ... the term is well understood to define an academic/researcher with a very strong but narrow focus in a typical theoretical area.

      It is no more problematic than terms like futurist (who has a broader focus) or your typical engineer/scientist labels (for those who are more problem solving focused).

  5. so why don't we just name the drones? by holophrastic · · Score: 4, Funny

    heh, "unnamed" drones.

  6. $2500 Spoofing Transmitter by PPH · · Score: 2

    Also known as a HARM target.

    --
    Have gnu, will travel.
  7. Worst case by viperidaenz · · Score: 2

    Some poor bugger drives to the wrong destination.

    GPS isn't trusted. It's already known to be hackable.
    It would be news if they hacked the anti-spoofing system the military has been using for the last 6 years

    1. Re:Worst case by lannocc · · Score: 2

      Soles are imaginary anyway, so who cares?

      But I'm looking right at my shoes! Look, but don't smell.

      --
      -IOVAR Web Dev Platform
  8. You miss the point by A+nonymous+Coward · · Score: 2

    Spoofing the signals to make receivers mistake their position isn't the point of this report. It's the potential to brick the receivers which is new.

    --
    Infuriate left and right
    1. Re:You miss the point by sabri · · Score: 4, Interesting

      It's the potential to brick the receivers which is new.

      Which is why I find it interesting that 60% of the authors of the paper (3 out of 5) are employees of a commercial entity that.... creates "coherent" navigation equipment.

      Perhaps it's just one big advertisement for their solutions?

      --
      I'm not a complete idiot... Some parts are missing.
    2. Re:You miss the point by Anonymous Coward · · Score: 2, Interesting

      Or maybe they did, you know, actual research for their solutions, and rather than being selfish cunts about it, decided to actually publish their results and contributing to the research community instead of hiding everything and smashing everything that competes with it down by using vaguely written patent applications? As hard as it may be for slashdot to believe, governments and corporations can occasionally do something right.

  9. Re:You are wrong by viperidaenz · · Score: 2

    GPS is also at the heart of many military precision guided missiles and shells.

    They also don't use civilian GPS receivers and employ anti-spoofing technology in every single deployment. No missile relies entirely on GPS.

  10. Re:Well, duh. .. Speaking of "DUH..." by Anonymous Coward · · Score: 5, Interesting

    Up until about 3 years ago we in North America had another electronic navigation system in-place and operational: LORAN C.

    The loran system -though not as precise as GPS- was in many respects much more difficult to jam. Upgrades were planned that would have improved the loran system; instead, in a spectacular case of "penny wise-pound foolish" the sysetm was turned off, and its infrastructure (think 'some of the tallest antenna masts ever built' ) quickly dismantled/destroyed.

    http://en.wikipedia.org/wiki/LORAN
    From Wikipedia:
    "In November 2009, the U.S. Coast Guard announced that the LORAN-C stations under its control would be closed down for budgetary reasons after January 4, 2010 provided the Secretary of the Department of Homeland Security certified that LORAN is not needed as a backup for GPS.[19]

    On 7 January 2010, Homeland Security published a notice of the permanent discontinuation of LORAN-C operation. Effective 2000 UTC 8 February 2010, the United States Coast Guard terminated all operation and broadcast of LORAN-C signals in the USA...

    [In the quoted Wikipedia article, the following paragraph was placed BEFORE the above]
      Originally completed 20 March 2007 and presented to the co-sponsoring Department of Transportation and Department of Homeland Security (DHS) Executive Committees, the report carefully considered existing navigation systems, including GPS. The unanimous recommendation for keeping the LORAN system and upgrading to eLORAN was based on the team's conclusion that LORAN is operational, deployed and sufficiently accurate to supplement GPS. The team also concluded that the cost to decommission the LORAN system would exceed the cost of deploying eLORAN, thus negating any stated savings as offered by the Obama administration and revealing the vulnerability of the U.S. to GPS disruption.[18]"

    end of quoted Wikipedia material

    Loran and its technological successor E-loran are still available in some more enlightened parts of the world (see linked article)

    Note that I am a USian. The above is NOT one of my country's
    more shining (dare I say 'brighter') decisions.

  11. Re:Poorly Edited Summary Too by Anonymous Coward · · Score: 2, Funny

    Researchers have developed attacks capable of crippling Global Positioning System infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unamed drones.

    What happens if they run "uname -a" then?

    Seriously, you had to go that far, when they had "Global GPS" (yep, Global Global Positioning System) right in the headline?

    Seriously though Slashdot management must have zero concern about low quality, sloppy, careless editing. I would fire in a heartbeat any so-called "editor" who can't even bother to run a spell-checker at least once in a while.

    Yeah? YMBNH...

    What an insult to everyone else who is expected to actually perform and do a good job to earn their paycheck. In this economy there are PLENTY of people who would do a better job and possibly for less money than what Slashdot staff are currently making. Perhaps they should start contacting Slashdot management and making offers? The current crop of "editors" would be no competition at all.

    It is widely suspected that the current crew of /. do not receive a "paycheck" at all, but are paid in bananas, peanuts, or some such simian treat. But if you want them put away, feel free to contact the local zoo with a tip about their missing baboons....

  12. Re:Demoed at TEDxAustin by tylerni7 · · Score: 2

    The TEDxAustin talk you mentioned is focused on GPS spoofing to make a receiver think that it is somewhere else. Spoofing in that sense has been around for a long time, and while it is very cool and everything, it isn't what is novel about this paper/attack.
    This paper goes from just making a GPS receiver think it is located somewhere else to actually exploiting software vulnerabilities in GPS receivers to cause them to crash and things like that. The attacks are related, but the position based spoofing is just a subset of this work.

  13. Re:Unnamed drones by taiwanjohn · · Score: 2

    They wrote a "uname" daemon that's hosted on aerial drones. But of course there's a flame war over whether to use Kdrone or Gdrone... .

    --
    XML is like violence. If it doesn't solve your problem, you're not using enough of it. --AC
  14. Total Fucking Shocker by EmagGeek · · Score: 2

    I can't fucking believe it. Do you mean to tell me that if you have a receiver tuned to a certain frequency, and you have a transmitter on that same frequency, then you can transmit information from the transmitter to the receiver?

    Top it off though! If you have not one but two - TWO transmitters, and one is vastly more powerful than the other, then you can get the receiver to receive the stronger one over the weaker one?

    Completely fucking amazing, if you ask me. I had no idea you could do something like that. It's almost like, when I'm at a party, I can hear the people who are talking louder better than I can hear the people who are being quiet, and stand a better chance of recovering the information they are conveying.

    Wow. Whowouldathunkit?

  15. Re:Poorly Edited Summary Too by Chris+Mattern · · Score: 2

    Seriously, you had to go that far, when they had "Global GPS" (yep, Global Global Positioning System) right in the headline?

    At least he didn't say "Global GPS System".