Researchers Detect Big Flaws in GPS

According to a researchers at Carnegie Mellon University and Coherent Navigation, a 45 second message broadcast could have a crippling effect on consumer and professional receivers. The findings, which included GPS receivers from brands such as Garmin, GlobalSat, Magellan, uBlox, Locosys and iFly, are especially worrying as critical services today rely on a functioning and reliable GPS network: "Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack," the researchers concluded.

While the project group said that they are currently the only ones to know about the spoofing vulnerability of GPS, the necessary equipment to attack the network is obtainable for little money. All attacks were targeted on the software layer of GPS receivers and were able to cause substantial damage in the form of system crashes, synchronization errors, or even remote wipes of GPS devices.

The researchers suggested that GPS receivers require a much better data and OS-level defense aimed at identifying untrusted code: "One immediate best practice would be for GPS receiver manufacturers to build and deploy automated software update mechanisms. At present, users typically must go to the manufacturers home page, download the update, and then transfer it to the receiver. Other recommendations include receivers white-listing programs that can run, and implementing modern OS defenses such as ASLR and DEP."

They also proposed GPS "whitening systems" that "takes in a potentially anomalous or malicious signal, and retransmits a known good signal."

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
15 comments
    Your comment
    Top Comments
  • jaquithGreat another a-hole found a way to hack something.


    If by A-hole, you mean a security researcher who is interested in uncovering a vulnerability and publishing a synopsis of it to draw attention to the need for action before it's discovered by someone with malicious intentions and used to do serious harm...

    then yeah, what a jerk...
    16
  • Apple Maps :whistle:
    10
  • Other Comments
  • Apple Maps :whistle:
    10
  • Uh, the flaw is in the upload and file access system of the receiver itself being vulnerable. That could be greatly mitigated by the user only downloading their software from a secure manufacture site. I have a Garmin Nuvi and found out I can get all sorts of "voices" and junk from lots of sources. While this is more open, it makes the device vulnerable to this type of hacking.
    0
  • not good at all... but does the "military GPS" have this problem?. if not, theN "license" Emergency services to use the "military" GPS... PROBLEM solved... off course if the military does not want to this ... WERE ALL DOOMED, I SAY, WERE ALL DOOMED. LOL... and SOL.
    but any sane person does not trust GPS 100% of the time.
    (look outside and at your surrounding people!)
    and use the internet to get maps... (second source helps)
    (but this could be a feature, the white house (or government builds) would be protected by having this kind of "jammer" to Deactivate any gps's...
    -4