New Research on GPS Reveals Major DoS Vulnerability
In a world where global positioning is key in a wide range of critical operations such as missile launches, space missions, or rescue operations, attacks against the GPS system can have unforeseen consequences.
In a joint paper, security researchers from the Carnegie Mellon University and GPS specialists from Coherent Navigation have described new attack mechanisms that can paralyze GPS devices and take them out of order.
Since the GPS positioning systems rely on radio waves to communicate with satellites, they are known to be vulnerable to jamming (by sending strong white noise to mask the satellite signal) or to spoofing (receiving forged signals that result in mapping a bogus location). New research however shows that sending specific signals can cause the GPS receiver to lock or malfunction, taking it completely out of business.
To achieve the denial of service condition, researchers spoofed the signal a satellite usually sends, but, rather than encoding the position of the satellite on the orbit, they made it look as if the satellite was located in the center of the Earth. The wrong satellite position caused an exception in the GPS software that leads to restarts. Since the distance between the satellite and the Earth rarely changes, the information becomes persistant in the device`s memory, which results in endless reboots.
“Our surface includes higher level GPS protocol messages than previous work, as well as the GPS OS and downstream dependent systems. We develop a new hardware platform for GPS attacks, and develop novel attacks against GPS infrastructure,“ wrote the researchers in the paper. “For example, we show that remote attacks via malicious GPS broadcasts are capable of bringing down up to 30% and 20% of the global CORS navigation and NTRIP networks, respectively, using hardware that costs about the same as a laptop“.
Fortunately, satellites send data for civillian and military GPS devices differently. Since military signals are encrypted and validation is performed before decoding, no military devices are subject to this type of attacks.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 05, 2021
August 04, 2021
August 03, 2021