First off, at Slate this week Ryan Gallagher ponders the implications of GPS tracking technology when used not by law enforcement but by private investigators and private citizens. Texas law, he notes, forbids private citizens from using GPS trackers, but a Texas company would sell you the device and let you do it yourself:
Other PI companies were reluctant to directly help me track the vehicles but instead offered to sell or rent me GPS tracking equipment. This would mean any unlawful use of the tracker would be on my shoulders and not those of a PI. In one instance, even after I informed Texas-based LP Dynamics that I was looking to track two vehicles, one of which had no ownership connection to me, I was offered "2 passive GPS units" for $125 each. A company representative emailed: "Just place on a vehicle, remove when you want and download to your computer to see where they have been." When I later contacted the company for this story, CEO Michael Morrison emailed that "we are a licensed private investigation corporation and not an attorney." Morrison rightly stated that LP Dynamics follows Texas law "to the letter" because the penal code covers only the installation of tracking systems but not the sale of the devices. This could be considered something of a legal loophole.Next, as increasingly we find GPS embedded in everything - indeed, with Google even experimenting with a driverless car based on real-time GPS - it's disturbing to learn how easily GPS can be spoofed. Last year, Iran spoofed GPS signals to and from a CIA drone to cause it to land in Iran instead of Afghanistan. The Iranians took advantage "of weak, easily manipulated GPS signals, which calculate location and speed from multiple satellites."
Civilian signals appear even easier to exploit. Logan Scott of LS Consulting recently noted on Inside GNSS that:
in June of this year, Todd Humphreys and his team at the University of Texas at Austin demonstrated the controlled capture of a small, civil drone aircraft at White Sands Missile Range using a well-known RF spoofing attack protocol. The significance of this test is not that it demonstrated ground-breaking technology — it didn’t. The significance of the drone exercise resides in the concrete demonstration of how insidious a successful spoofing attack can be.Go here to see a video from the UT-Austin scientists detailing exactly how they "hijacked" a drone aircraft, controlling it from up to half a mile away. Explaining the implications of the experiment, Humphreys told a Congressional committee recently that "Civil GPS signals have a detailed structure ... but no built-in defense against counterfeiting or spoofing." See a presentation (pdf) and a recent paper (pdf) from Humphreys and his team on "Assessing the Civil GPS Spoofing Threat." Evaluating the array of potential counterpapers, they summarized the threats thusly:
- Bad news: It’s straighforward to mount an intermediate-level spoofing attack
- Good news: It’s hard to mount a sophisticated spoofing attack, and there appear to be inexpensive defenses against lesser attacks
- Bad news: There is no defense short of embedding cryptographic signatures in the spreading codes that will defeat a sophisticated spoofing attack
In light of these developments, Scott argues that, "GPS is a double-edged sword; on the one hand, an extraordinarily useful utility that is inexpensive to use, but on the other hand, a system technology that introduces major and often times poorly understood vulnerabilities." The dangers from GPS hacks and/or failures to drones or other GPS-based syatems are myriad::
Routine software and map updates provide opportunities to infect civil GPS receivers with targeted malware. Even if the GPS receiver is working fine, a man-in-the-middle attack may simply inject false positions into the system data stream — in short, lie about position. Cell phone apps for conducting this sort of attack are readily available. To hijack a UAV, an attacker might alter its waypoint database or disrupt its command and control links, while leaving its GPS receiver alone. Just about any component of an integrated system might be suborned, especially if it connects to a network.Thinking aloud, criminal justice implications for spoofing technology might include offenders released with GPS tracking anklets. It would be the rare, tech-savvy offender who figured out the how-tos on their own, but once it's been done once, there could be a sea of wannabe script-kiddies itching to follow their lead. Readers are invited to suggest other areas where GPS spoofing might disrupt law enforcement strategies.
Another technological vulnerabilitiy of GPS stems from the use of jamming devices, which Fox News in 2010 said are "Illegal, Dangerous, and Very Easy to Buy." Car thieves in the UK have used GPS jammers to aid in their getaway. Even if GPS jamming is illegal for Americans, other countries or organized crime gangs can disrupt even military-grade GPS signals with relatively simple technology:
North Koreans have used Russian-made, truck-mounted jamming gear near the border to disrupt low-power GPS signals in large swaths of South Korea. By broadcasting powerful radio signals on the same frequencies as the satellites, the jammers drown out the GPS signals. ...Finally, this author identifies more, big-picture vulnerabilities of GPS, many of them stemming from the product's perceived success: It works so well, so consistently, that the mechanics of how it might fail are poorly understood and the security technologies to counter attacks on GPS systems are underfunded and dispersed among an array of jurisdictions. Fascinating stuff. As GPS becomes embedded in systems from transportation to energy to security to finance to communications and an array of consumer products, it's a bit disturbing that preventive techniques for thwarting GPS attacks at present appear rudimentary. So far, I'd say exploitation of GPS vulnerabilities has been limited more by lack of ambition among the criminal class than by the technological difficulties of overcoming this relatively simple technology.
[T]he jamming has occurred three times in the past two years and has coincided with joint U.S.-South Korean military exercises.