New Research on GPS Reveals Major DoS Vulnerability
In a world where global positioning is key in a wide range of critical operations such as missile launches, space missions, or rescue operations, attacks against the GPS system can have unforeseen consequences.
In a joint paper, security researchers from the Carnegie Mellon University and GPS specialists from Coherent Navigation have described new attack mechanisms that can paralyze GPS devices and take them out of order.
Since the GPS positioning systems rely on radio waves to communicate with satellites, they are known to be vulnerable to jamming (by sending strong white noise to mask the satellite signal) or to spoofing (receiving forged signals that result in mapping a bogus location). New research however shows that sending specific signals can cause the GPS receiver to lock or malfunction, taking it completely out of business.
To achieve the denial of service condition, researchers spoofed the signal a satellite usually sends, but, rather than encoding the position of the satellite on the orbit, they made it look as if the satellite was located in the center of the Earth. The wrong satellite position caused an exception in the GPS software that leads to restarts. Since the distance between the satellite and the Earth rarely changes, the information becomes persistant in the device’s memory, which results in endless reboots.
“Our surface includes higher level GPS protocol messages than previous work, as well as the GPS OS and downstream dependent systems. We develop a new hardware platform for GPS attacks, and develop novel attacks against GPS infrastructure,” wrote the researchers in the paper. “For example, we show that remote attacks via malicious GPS broadcasts are capable of bringing down up to 30% and 20% of the global CORS navigation and NTRIP networks, respectively, using hardware that costs about the same as a laptop”.
Fortunately, satellites send data for civillian and military GPS devices differently. Since military signals are encrypted and validation is performed before decoding, no military devices are subject to this type of attacks.