One of the drawbacks of our increasingly connected world is the proliferation of new wireless connections to hack. More worrying is when hackers finding cheaper and more accessible ways to exploit those vulnerabilities.
For some time it’s been possible to spoof the location of a smartphone or any other device that is connected to a global position system (GPS), but to do so required a sophisticated and often expensive GPS emulator that can cost thousands of dollars.
Now a team of researchers at Chinese Internet security firm Qihoo 360 claim they’ve found a way to make a GPS emulator that can falsify the GPS location of smartphones and in-car navigation systems, more cheaply. (Qihoo’s researchers famously hacked a Tesla Model S last year, taking control of the car’s lock, horn and flashing lights.)
Lead researcher Lin Huang, who will be the first Chinese woman to present at the Defcon security conference later today, says her team used common software-defined radio (SDR) tools to create their module and software. They also used open-source software found on Github that had come from researchers at a Chinese university and some of their own code.
The SDR or radio tools that Huang used include HackRF, once described byForbes as the $300 wireless Swiss army knife for hackers. The small, relatively cheap board can move between radio frequencies, read and transmit to a broad range of radio frequencies – from the low range used by FM radio to the higher frequencies of WiFi or other more cutting edge protocols.
On smartphones the attack targets navigation signals being delivered at the chipset level, meaning there’s little difference if the device is made by Apple or an Android vendor.
“This is a very low-cost way,” to make a GPS emulator, Huang said on the sidelines of the annual security conference in Las Vegas, speaking with some help from a translator. “This method increases the risk for GPS devices.”
Huang was planning to use a volunteer from the Defcon audience to demonstrate the hack at work but will have to resort to using a video instead due to legal restrictions.
There aren’t many known examples of malicious GPS spoofing till now. In 2011 an Iranian government-sponsored hackers are thought to have diverted and landed an American stealth drone made by Lockheed Martin after it flew into Iranian airspace. The Iranian specialists were able to hijack the drone thanks to GPS spoofing techniques, according to a report in the Christian Science Monitor.
In 2013 researchers from the University of Austin, Texas were able to send a 213-foot yacht off course at sea using a custom-made GPS spoofing device. Prof. Todd Humphreys led the experiment to show the risks of attacks on navigation systems.
Like any security researcher who’s found a new exploit, Huang claimed dramatic consequences to the development. “Hackers can give the wrong GPS position, for example, to a drone,” she said. “If you use GPS to drive a car it can change you to a different location… [or direct the victim] to go down a cliff. Whatever they want you to do. It is very dangerous.”
Huang specializes in wireless communication systems as well as software defined radio tools like the ones she used to create her bargain-basement GPS spoofer.She suggests that chipset manufacturers should consider introducing new software that can better detect GPS spoofing, and that GPS satellites also bear responsibility for defending against such attacks.