Home News Researchers find flaws in global GPS

Researchers find flaws in global GPS

US: Researchers have developed three attacks capable of crippling GPS infrastructure critical to the navigation of a host of military and civilian technologies including planes, ships and unmanned drones.

The scenarios developed include novel remote attacks via malicious GPS broadcasts against consumer and professional- grade receivers which could be launched using USD 2500 worth of equipment.

A 45-second crafted GPS message could bring down up to 30 per cent of the global GPS Continuously Operating Reference Stations (CORS), while other attacks could take down 20 per cent of NTRIP networks, security boffins from Carnegie Mellon University and firm Coherent Navigation wrote in a paper.

The stations provide global navigation satellite system data to support “safety and life-critical applications”, and NTRIP is the protocol used to stream that data online.

Together, attack scenarios created “serious ramifications to safety systems”.

“Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack,” the team of four researchers said.

Author Tyler Nighswander said that little was preventing attackers from replicating their custom spoofing hardware to launch the attacks.

“The good news is that as far as we know, we are the only ones with a spoofing device currently capable of the types of attacks,” Nighswander said.

“The bad news is that our spoofer would not be prohibitively expensive and complicated for someone to build, if they had the proper skillset. It”s difficult to put an exact likelihood on these attacks happening, but there are no huge [roadblocks] preventing it at the moment,” he added.

The researchers said their work differed from existing GPS jamming and spoofing attacks because it detailed a larger attack surface “by viewing GPS as a computer system”. This included analysis of GPS protocol messages and operating systems, the GPS software stack and how errors affect dependent systems.

“The overall landscape of GPS vulnerabilities is startling, and our experiments demonstrate a significantly larger attack surface than previously thought,” the researchers wrote.

Source: SC Magazine