An American bat-wing RQ-170 Sentinel—a U.S. military drone—was flying over Iran en route to its Afghanistan base in December when, Iranian military engineers claim, they reconfigured the drone's global-positioning-system coordinates to fool it into landing, intact, on Iranian soil. The U.S. military claims the drone simply malfunctioned.
On Feb. 22, GPS industry experts from around the world gathered in Teddington, U.K., to discuss the system's vulnerabilities. Bob Cockshott, a director at Britain's Intelligent Communications Technology Knowledge Transfer Network and a conference attendee, says "spoofing," or intentionally generating fake GPS signals to redirect the drone, “is within the capabilities of a bright electronics or software grad.”
"Spoofing" is defined by a Zurich Information Security Center study as “making GPS receivers in range believe that they reside at locations different than their real physical locations.”
Todd Humphreys, a specialist in GPS technology at the University of Texas, says with $1,000 of commercial parts and specially developed software, he was able to build a spoofing device as a grad student. “We’ve tested against 12 GPS receivers, and none of them had any ability to defend,” says Humphreys. “They’re all designed to blindly trust the signals.”
Cockshott says that spoofing is “relatively easy to do,” given advances in technology. For example, YouTube.com hosts video that demonstrates how an iPhone can be spoofed: http://youtu.be/ShRPXkpW1mM. Further, it is easy to find on the web an app—for example, http://www.sinfuliphonerepo.com/—that lets you spoof an iPhone’s calculation of its current location; spoofing in this way, some users may want to disguise their location or mislead a system into recording they were present somewhere else.
Higher-level spoofing has more sinister possibilities than tricking an iPhone, such as easing "a GPS-based clock away from the correct time," says Cockshott. "Fooling the GPS-based time reference in financial [institutions] could cause a jump in time that could shut down the financial time reference,” says Cockshott. Financial trading companies, operating on a GPS-based clock that allows real-time trading worldwide, could be either tampered with or shut down entirely if the GPS clock were deceived, says Cockshott.
Cockshott says another threat to the GPS is jamming, which already is being done. "GPS signals are extremely faint. Denial of service with a jammer is easy to do," he says. Most cases of jamming found by Cockshott and his team are anti-tracking devices for protecting privacy. “Like a delivery truck driver blocking his company’s [positioning] signal for a half hour so he can go see his girlfriend,” says Cockshott.
Humphreys and his team put together a document that explains the best way to guard against spoofing attacks. “It’s as simple as authenticating civil GPS signals,” says Humphreys. All GPS satellites that have gone up since 2005 are equipped with an extensibility built into their signals, he says. “We are asking that two navigation satellites send out cryptographic signatures,” Humphreys notes, which would make the positioning stream unpredictable. “As long as you can predict the signal, then you can spoof.”
In February 2011, the Dept. of Homeland Security's Homeland Infrastructure Threat and Risk Analysis Center conducted a comprehensive risk assessment on the use of civil GPS; however, its findings have yet to be released. Since it is mostly the private world at risk, Humphreys says he fears the government will not spend the several million dollars required to enact preventative measures against spoofing.