Thursday, October 02, 2008 Hijacking Satellite Navigation Sending false signals to GPS receivers could disrupt critical infrastructure. By Erica Naone The Global Positioning System (GPS) lies at the heart of an increasing number of technologies, from vehicle navigation systems to the power grid. And yet, although the military version of GPS includes security features such as encryption, civilian signals are transmitted in the clear. Now, researchers at Cornell University and Virginia Tech have demonstrated a relatively simple way to fool ordinary GPS receivers into accepting bogus signals using a briefcase-size transmitter. Paul Kintner, a professor of electrical and computer engineering at Cornell, who worked on the project, warns that society is becoming dependent on GPS for an ever-broadening list of applications, including management of the power grid and tracking criminals under house arrest. "I'm just amazed at the way people are using these GPS systems," Kintner says. "Ten years from now, there will be more ways that we just don't know about--it migrates into our technological fabric, and we become dependent on it." Kintner and his group, which recently presented details of the spoofing attack at the Institute of Navigation's Global Navigation Satellite Systems (GNSS) meeting in Savannah, GA, did not start out looking for a way to subvert GPS. They were working on a software-based GPS receiver to help them understand the effects of solar flares on GPS satellites. But as their design progressed, Todd Humphreys, one of the researchers in the group, realized that the same system could be used to spoof ordinary GPS signals. Here's how GPS works: roughly 30 satellites orbit the earth, broadcasting signals that can be picked up by a receiver virtually anywhere on the planet. By collecting signals from several satellites and measuring the time delay between each signal, GPS receivers can calculate their exact position and receive very precise time signals. The software GPS device built at Cornell can receive and transmit any GPS signal. To attack a target receiver, the device need only be placed nearby. It would start out simply retransmitting ordinary satellite signals without any modifications. After a few seconds, the target receiver should focus on the signal coming from the device, because it's the clearest source. At that point, the device could begin modifying transmissions, altering the signals little by little until the target receiver shows any time and position the attacker chooses. Kintner says that an attacker could use fake GPS signals to disrupt the power grid, potentially causing power spikes and even damaging generators. The same trick could let criminals under house arrest move around freely, he adds. Out of position: Researchers have found that a software-based GPS device (shown above) can fool GPS receivers into accepting erroneous positional information. The attack could disrupt critical infrastructure, they warn.  Credit: Paul Kintner and Steve Powell, School of Electrical and Computer Engineering, Cornell Univers The Global Positioning System (GPS) lies at the heart of an increasing number of technologies, from vehicle navigation systems to the power grid. And yet, although the military version of GPS includes security features such as encryption, civilian signals are transmitted in the clear. Now, researchers at Cornell University and Virginia Tech have demonstrated a relatively simple way to fool ordinary GPS receivers into accepting bogus signals using a briefcase-size transmitter. Paul Kintner, a professor of electrical and computer engineering at Cornell, who worked on the project, warns that society is becoming dependent on GPS for an ever-broadening list of applications, including management of the power grid and tracking criminals under house arrest. "I'm just amazed at the way people are using these GPS systems," Kintner says. "Ten years from now, there will be more ways that we just don't know about--it migrates into our technological fabric, and we become dependent on it." Kintner and his group, which recently presented details of the spoofing attack at the Institute of Navigation's Global Navigation Satellite Systems (GNSS) meeting in Savannah, GA, did not start out looking for a way to subvert GPS. They were working on a software-based GPS receiver to help them understand the effects of solar flares on GPS satellites. But as their design progressed, Todd Humphreys, one of the researchers in the group, realized that the same system could be used to spoof ordinary GPS signals. Here's how GPS works: roughly 30 satellites orbit the earth, broadcasting signals that can be picked up by a receiver virtually anywhere on the planet. By collecting signals from several satellites and measuring the time delay between each signal, GPS receivers can calculate their exact position and receive very precise time signals. The software GPS device built at Cornell can receive and transmit any GPS signal. To attack a target receiver, the device need only be placed nearby. It would start out simply retransmitting ordinary satellite signals without any modifications. After a few seconds, the target receiver should focus on the signal coming from the device, because it's the clearest source. At that point, the device could begin modifying transmissions, altering the signals little by little until the target receiver shows any time and position the attacker chooses. Kintner says that an attacker could use fake GPS signals to disrupt the power grid, potentially causing power spikes and even damaging generators. The same trick could let criminals under house arrest move around freely, he adds.