Researchers Detect Big Flaws in GPS

According to a researchers at Carnegie Mellon University and Coherent Navigation, a 45 second message broadcast could have a crippling effect on consumer and professional receivers. The findings, which included GPS receivers from brands such as Garmin, GlobalSat, Magellan, uBlox, Locosys and iFly, are especially worrying as critical services today rely on a functioning and reliable GPS network: "Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack," the researchers concluded.

While the project group said that they are currently the only ones to know about the spoofing vulnerability of GPS, the necessary equipment to attack the network is obtainable for little money. All attacks were targeted on the software layer of GPS receivers and were able to cause substantial damage in the form of system crashes, synchronization errors, or even remote wipes of GPS devices.

The researchers suggested that GPS receivers require a much better data and OS-level defense aimed at identifying untrusted code: "One immediate best practice would be for GPS receiver manufacturers to build and deploy automated software update mechanisms. At present, users typically must go to the manufacturers home page, download the update, and then transfer it to the receiver. Other recommendations include receivers white-listing programs that can run, and implementing modern OS defenses such as ASLR and DEP."

They also proposed GPS "whitening systems" that "takes in a potentially anomalous or malicious signal, and retransmits a known good signal."

Contact Us for News Tips, Corrections and Feedback

  • mayankleoboy1
    Apple Maps :whistle:
    Reply
  • warezme
    Uh, the flaw is in the upload and file access system of the receiver itself being vulnerable. That could be greatly mitigated by the user only downloading their software from a secure manufacture site. I have a Garmin Nuvi and found out I can get all sorts of "voices" and junk from lots of sources. While this is more open, it makes the device vulnerable to this type of hacking.
    Reply
  • redeye
    not good at all... but does the "military GPS" have this problem?. if not, theN "license" Emergency services to use the "military" GPS... PROBLEM solved... off course if the military does not want to this ... WERE ALL DOOMED, I SAY, WERE ALL DOOMED. LOL... and SOL.
    but any sane person does not trust GPS 100% of the time.
    (look outside and at your surrounding people!)
    and use the internet to get maps... (second source helps)
    (but this could be a feature, the white house (or government builds) would be protected by having this kind of "jammer" to Deactivate any gps's...
    Reply
  • izmanq
    nah, i don't believe this news :p what attack ? i think gps only calculating distance from satellites signal, maps are downloaded offline.
    Reply
  • jaquith
    Great another a-hole found a way to hack something. Make 'destructive hacking' a felony with 5 year automatic years in jail. Treat these folks as Terrorists with the same (lack of) rights.

    Next all military use to only use encrypted GPS signals including Drones. Second all Cell towers to have GPS terrestrial triangulation receivers to deploy the police quickly and arrest the trash. Lastly all GPS chips to have sales limited and tracked.
    Reply
  • djscribbles
    jaquithGreat another a-hole found a way to hack something.
    If by A-hole, you mean a security researcher who is interested in uncovering a vulnerability and publishing a synopsis of it to draw attention to the need for action before it's discovered by someone with malicious intentions and used to do serious harm...

    then yeah, what a jerk...
    Reply
  • razor512
    I always trust my GPS, for example with my iphone, I found that I could get to work faster by taking the Brooklyn bridge across the english channel in order to get into the L.A. metropolitan area during rush hour.
    Reply
  • madooo12
    well that's why there's GLONASS, plus the article says that the problem is not with GPS itself but with the receiver devices, it's like saying a CPU is flawed because you're running a flawed OS
    Reply
  • jaquith
    9436648 said:
    then yeah, what a jerk...
    They became 'jerks' and 'a-holes' the second they published the actual wiring Diagram & How To in their (public) PDF; see page 5 - http://users.ece.cmu.edu/~dbrumley/courses/18487-f12/readings/Nov28_GPS.pdf . Why don't you rely on a tad more than this excerpt.

    NOW!!! -- anyone else can easily follow their spoofing...yeah what a help!!

    Q - will you still be laughing once a airplane, drone, and/or etc kills an innocent person?
    Reply
  • sonofliberty08
    they remotely upload virus to your GPS device and it will explode when u reach your destination - die hard :p
    Reply