According to a researchers at Carnegie Mellon University and Coherent Navigation, a 45 second message broadcast could have a crippling effect on consumer and professional receivers. The findings, which included GPS receivers from brands such as Garmin, GlobalSat, Magellan, uBlox, Locosys and iFly, are especially worrying as critical services today rely on a functioning and reliable GPS network: "Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack," the researchers concluded.
While the project group said that they are currently the only ones to know about the spoofing vulnerability of GPS, the necessary equipment to attack the network is obtainable for little money. All attacks were targeted on the software layer of GPS receivers and were able to cause substantial damage in the form of system crashes, synchronization errors, or even remote wipes of GPS devices.
The researchers suggested that GPS receivers require a much better data and OS-level defense aimed at identifying untrusted code: "One immediate best practice would be for GPS receiver manufacturers to build and deploy automated software update mechanisms. At present, users typically must go to the manufacturers home page, download the update, and then transfer it to the receiver. Other recommendations include receivers white-listing programs that can run, and implementing modern OS defenses such as ASLR and DEP."
They also proposed GPS "whitening systems" that "takes in a potentially anomalous or malicious signal, and retransmits a known good signal."
