
Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems - 0xbxd
https://www.bleepingcomputer.com/news/security/researchers-mount-successful-gps-spoofing-attack-against-road-navigation-systems/
======
paulsutter
GPS messages are not cryptographically signed so of course they can be
spoofed. Who designed these things?

~~~
engi_nerd
GPS messages for civilian use are unencrypted. The US Military has access to
another set of signals that ARE encrypted.

~~~
paulsutter
Signing messages is completely separate from encryption.

Also there is no longer separate quality gps for military vs civilian use:

[https://www.cnet.com/news/celebrating-10-years-of-gps-for-
th...](https://www.cnet.com/news/celebrating-10-years-of-gps-for-the-masses/)

~~~
Kadin
There is presently no difference in _accuracy_ between military and civilian
GPS signals. The civilian / unencrypted stream is no longer intentionally
degraded, as it once was (via "Selective Availability").

But there are still multiple datastreams, and the military one is still
encrypted, and the military retains the ability to degrade or disable or
degrade the civilian/unencrypted signal if circumstances require it, although
it is hard to imagine a circumstance where this would be desirable, given the
proliferation of civilian GPS receivers among military personnel, disruption
to civil aviation / airlift capability, etc.

The military GPS signal from the Block III satellites is called "M-Code":

[https://en.wikipedia.org/wiki/GPS_signals#Military_(M-code)](https://en.wikipedia.org/wiki/GPS_signals#Military_\(M-code\))

~~~
slededit
Selective availability is no longer available on newer satellites. I assume
they can still shut off the stream though.

------
thermodynthrway
I don't think this is really news. Anyone with an SDR good enough could easy
replicate and alter GPS signals. Since the satellites are so far away,
spoofing and jamming are simple affairs. You could affect GPS for miles with
something you can carry in your pocket.

You can see a crude form of this around tall buildings. Multipath from large
structures is enough to "spoof" GPS by hundreds of meters.

~~~
dsfyu404ed
The novel part here is tacking on the map data to only generate malicious
instructions that are plausible. Not a massive hurdle but not something you do
in an afternoon either.

------
basicplus2
In the sixties a system of wires buried in the centre of the road lanes was
invented to guide autonomous vehicles.

they could have specific signals injected to specify what road and what lane
etc

This would be a far more robust and simpler way of achieving autonomous
vehicle use.

~~~
chippy
"Researchers Mount Successful Attack on Navigational Wires Buried Under Roads
Using Commonly Found Garden Implements"

~~~
Kadin
If you're fine with physically digging up roads in order to cause car crashes,
you can do that regardless of whether the vehicles on them are autonomous or
not...

------
walterbell
Is this applicable to aircraft?

~~~
Bucephalus355
Yes, but you can also navigate via radio beacons, or by simple map and
protractor if you really had too.

Obviously, planes took off and landed just fine for many years before GPS was
invented / released to the public.

Ironically the incident that caused it to be released was flight KAL 007 from
Anchorage to Seoul. Plane misnavigated into Soviet airspace and was shot down.
A congressman aboard, plus about 200 others, were killed.

~~~
tinus_hn
You can also navigate a car using a map. The point of a spoof is misdirection.

~~~
dalore
I'm pretty sure you could replace a paper map in a car with a fake paper map.
Analog spoofing.

~~~
crankylinuxuser
Someone hacking your paper, in person, means you have much larger problems.

Most hacks rely on attacks of scale. They don't care about _you_. They care
about some percentage of "you" that makes their hack work.

Of course, the very hacking has changed significantly since I started years
ago. It used to be about exploration and investigation - it was much more akin
to trespassing than anything else.

Now, it's about making money and influence control. That saddens me.

