The Case For Automotive GNSS Cybersecurity Measures

Brief introduction:  GNSS – (Global Navigation Satellite System),          Including GPS-USA, BeiDou-China, Galileo-Europe, and GLONASS-Russia

As the use of ADAS and Autonomous Driving technology grows in automotive, so does the dependency on navigation and safety technologies that accommodate it. One of the core technologies used for navigation is GNSS – Global Navigation Satellite System.

GNSS plays a critical role in next-generation positioning systems as the only source of absolute position, navigation, and time.

GNSS is a general term to describe the different satellite technologies providing positioning, navigation, velocity and timing (PNT, or PVT). These satellite networks include GPS, BeiDou, Galileo and GLONASS among others. All of these satellite networks are commonly used across multiple commercial applications.

Automotive and road applications are the largest users of GNSS technology, adding to about 50% of GNSS cumulative revenue, according to the European GNSS Agency.

GNSS – Safety-Critical Automotive Positioning, and The Spoofing Problem

Spoofing is the action of replicating GNSS signals.  A spoofer can fool a receiver into thinking that it is elsewhere in either time or location. The generating and transmitting of falsified GNSS signals at a slightly stronger level than the authentic signals causes the targeted GNSS receiver to accept the fabricated signals. Furthermore, the arrival of cheap Software Defined Radios (SDR), costing as little as $300, combined with the availability of open source code has made spoofing far more accessible to anyone.

Since the backbone of automotive position, navigation, time and velocity is dependent on real and secure GNSS data, the spoofing threat is considered dangerous for the safety of using ADAS and driverless-based cars. In automotive, positioning and time information is increasingly used for safety-critical features. GNSS is now the main input for safety-critical automotive positioning and is used in safety critical systems like speed control – thus GNSS resiliency is becoming an aspect of functional safety in cars. GNSS is now an important part of both ADAS systems available today, and the level 2 – 5 autonomous vehicles. GNSS also determines the exact timing of actions and communications (V2V & V2X and other functions), thus is critical beyond the single car – for the network, fleet and infrastructure supporting the vehicles.

In our ongoing independent tests of several current cars, from leading manufacturers, using advanced ADAS capabilities – disturbing vulnerabilities of the different GNSS systems have been found. By using a simple off-the-shelf software defined radio, Regulus’ researchers were able to remotely affect different aspects of the driving experience including navigation, mapping, power calculations, speed control (including autonomous acceleration and deceleration) and even the car’s suspension system.

The Cost of Ignoring GNSS Vulnerability

The Fiat Chrysler\Harman Cybersecurity Lawsuit

During the summer of 2015, Wired Reporter Andy Greenberg was driving a Jeep Cherokee while being hacked by Chris Valasek and Charlie Miller, two cybersecurity experts. This exposed a cybersecurity vulnerability across multiple vehicles,  leading to 1.4 million cars being recalled.

Almost 4 years later, in January 2019, Fiat Chrysler Automobiles and HARMAN (a Samsung Electronics subsidiary) are at the center of the biggest (est. $440M) automotive cybersecurity lawsuit in history. Both companies are charged with knowing about a cybersecurity vulnerability within their cars, and still releasing them to the public. The US court system sent a clear message to the automotive industry: a car should never be sold without proper cybersecurity.

$300 GNSS spoofer available online

Spoofing Incident at Geneva Motor Show

On March 14, 2019, a GNSS spoofing attack was performed inside Geneva Motor Show. According to the report, companies affected include AUDI, Peugeot, Renault, Rolls-Royce, Volkswagen, Mercedes-Benz, and BMW.

This was the largest scale GNSS spoofing attack on cars ever recorded.

The Risk of Not Being Prepared

These two recent occurrences were a big wake-up call for automakers worldwide. The mass spoofing of vehicles demonstrates the vulnerability that exists, regardless of car, model, etc. As we have seen in the recent developments in the Fiat Chrysler/Harman (Samsung) lawsuit, regarding known automotive cyber vulnerabilities, these incidents put the automakers in substantial legal liability requiring them to implement solutions for their GNSS vulnerabilities so that drivers and passengers know they are safe from GNSS hacking.

Best Practices for GNSS Safety

Standard GNSS receivers are merely designed to provide navigation data and typically do not have the ability to detect security breaches, such as spoofing attacks. There are no solutions today for the commercial market that detect and mitigate spoofing attacks.
As the spoofing threat is now in the hands of non-military hackers, a solution to identify and mitigate GNSS spoofing attacks is needed.

Spoofing Detection and Mitigation

One of the key concepts to negate the harmful effects of spoofing is detection. If a GNSS receiver is capable of telling whether the signals received are real or false, this provides the first line of defense against spoofing. The receiver could stop transmitting fake data into the car’s navigation sensor fusion, hence preventing false information from corrupting the system.

The next step in GNSS cybersecurity is mitigation. This means the GNSS receiver can differentiate between real and fake signals, and lock-on to the real signals coming from satellites, even under a spoofing attack.

The Regulus Pyramid GNSS

Regulus has been developing the Pyramid GNSS technology enabling the detection and mitigation of spoofing. The Regulus Pyramid GNSS technology is diverse, aiming at the different GNSS product levels – from a resilient, stand-alone Pyramid GNSS Receiver, fortified to defend against spoofing attacks, to a software solution compatible with the most common commercial GNSS receivers on the market, and even GNSS chip level detection and mitigation.

The Regulus Pyramid GNSS receiver can detect whether a GPS signal is coming legitimately from satellites or a spoofed source. This protection is critically important to ensure the safety of all vehicles, since both regulators and manufacturers see GNSS resiliency as an aspect of functional safety in cars.