
GPS Hacking, Part 1 - cujanovic
http://en.wooyun.io/2016/02/04/41.html
======
mentat
It irks me that this person stole the comparison chart then had the gall to
watermark it. Original here: [http://www.taylorkillian.com/2013/08/sdr-
showdown-hackrf-vs-...](http://www.taylorkillian.com/2013/08/sdr-showdown-
hackrf-vs-bladerf-vs-usrp.html) Flagged this because of that.

~~~
leoedin
Looking through the drops.wooyun.org website, it appears that every image
posted is watermarked. It seems to be a blogging platform targeted towards
hackers, with lots of authors represented. I imagine that the watermarking is
an automated process applied to every image uploaded to the platform.

Of course, the author should have given attribution.

------
CraigJPerry
This is a technical but pretty readable treatment of the same topic:
[https://www.blackhat.com/docs/eu-15/materials/eu-15-Kang-
Is-...](https://www.blackhat.com/docs/eu-15/materials/eu-15-Kang-Is-Your-
Timespace-Safe-Time-And-Position-Spoofing-Opensourcely-wp.pdf)

------
Cyph0n
Very interesting stuff. BladeRF looks amazing; I might have to grab one to
play around with. I might even have a look at the HDL code to see how they
built it.

[https://github.com/Nuand/bladeRF](https://github.com/Nuand/bladeRF)

------
alvern
I was captivated until "2.1 Search for girls through Wechat People Nearby"

That just pushed the creepy a little too much.

------
kaik
Honest question, I assume playing with this is completely illegal in the US??
I guess you can get in real trouble if you are catched faking GPS signals?
Does anyone know what are the regulations for something like this?

~~~
devillius
The FCC rules for Amateur radio which is defined in Part 97 clearly states
that an amateur may not disrupt radio location services. The frequency for the
GPS Signals, high UHF is not close to any privileges available, amateur
operators included. In short, don't do this unless you're testing / putting
out very low power. Better yet, get an RF enclosure.

Here is a graphic of the spectrum available in the US:
[https://www.ntia.doc.gov/files/ntia/publications/2003-alloch...](https://www.ntia.doc.gov/files/ntia/publications/2003-allochrt.pdf)

~~~
ac29
Here is a much newer chart (Jan 2016):
[https://www.ntia.doc.gov/files/ntia/publications/january_201...](https://www.ntia.doc.gov/files/ntia/publications/january_2016_spectrum_wall_chart.pdf)

~~~
devillius
Awesome. Thank you. I didn't realize they had a new version of the chart out
now.

------
monkmartinez
RF and all the hacking I see in this domain are nothing short of fascinating.
I will never trust my GPS watch again!

Further, imagine all the havoc one of these systems could bring. You could
basically forge every Strava segment in your area to be at the top of the
leader board. Heck, you don't even have to be in the area. Go to a race and
just slightly zap every device that runs/cycles by. These are just the "haha",
non-life changing ideas. There are some really shitty ideas too...

Wow... hack all the things!

------
mseebach
Very interesting.

I wonder if it's possible to detect and protect against a spoofed GPS signal
by cross-referencing with trusted/canonical online data (eg. NTP and almanac
data from NASA)?

~~~
michaelt
Only against imperfect spoofing.

A GPS receiver in Los Angeles sees the same set of signals as a receiver in
San Francisco - just the relative arrival times of the signals are different
by, at most, a single-digit number of milliseconds.

So an attacker just needs to do a replay attack, and all the almanac stuff
checks out fine because it's a perfect replica of the authentic signal.

------
noipv4
Did someone use it with a self driving cars like Telsa ;)

~~~
nacs
I'm pretty sure the self-driving system wouldn't rely on GPS much, especially
considering how inaccurate GPS can be (and that's when you can actually get a
signal).

~~~
mikeash
I believe there are two places where Tesla's system uses GPS.

One is to slow down for curves in the road. I'm not entirely sure why they
don't just sense the curves with the camera, but there are reports of spurious
slowing due to out of date maps, and I've seen it myself when the system
thinks I'm taking an exit ramp that crosses over the highway and I'm actually
driving under it. Not really a problem if this gets faked out.

The other some sort of input to the lane keeping system, perhaps to resolve
ambiguity if the camera isn't quite sure where the lanes goes up ahead. The
other sensors are by far more important in the calculation, so I don't think
this would do much either.

Currently, there's no connection between the route in the navigation system
and the autopilot system (e.g. it won't take exits for you if you're going
that way) so you can't spoof it to make it go somewhere else. Pretty much the
best you could do is confuse the driver with bad directions.

------
coin
-1 for disabling pinch zoom on mobile devices

