GNSS/GPS spoofing attacks targeting road navigation systems have the potential to be highly effective and efficient, according to a National Science Foundation (NSF) study published in 2018. Spoofing – a form of interference involving broadcasting fake signals to GNSS/GPS receivers – has been identified as a rising threat to industries that rely on GNSS/GPS for position, navigation, and timing.
Researchers at Microsoft, Virginia Tech, and the University of Electronic Science and Technology of China used three methods to examine the feasibility of GNSS/GPS spoofing attacks targeting road navigation systems. First, they experimented on real cars using a portable GPS spoofer. Then, they designed a computer algorithm to find attack routes within road systems, and they ran the algorithm on real taxi trip datasets from New York and Boston. Finally, they performed a user study using a driving simulator, and they attempted to deceive participants with a spoofed version of Google Maps.
In the latter experiment, 95% of participants failed to detect a spoofing attack while using the driving simulator. When instructed to drive to a given destination with the help of Google Maps, only two out of 40 participants recognized that the GPS navigation system was malfunctioning, despite inconsistencies between the GPS route and one’s visual surroundings. For instance, most participants did not notice they were passing different street signs from those outlined in Google Maps. The spoofing attack effectively fooled the vast majority of drivers.
The original route (left) and victim route (right) for the user study. Source: K. C. Zeng et al.
Spoofing road navigation systems is uniquely challenging. Unlike ships or drones, cars have roads that they must follow. To successfully manipulate a road navigation system, attackers have to send fake signals for a route that fits into the precise road map the car is traveling on. This is why the researchers in this study built a computer algorithm to identify attack routes – they wanted to see if spoofing road navigation systems was feasible given the physical constraints.
Testing the algorithm on taxi trip datasets from New York and Boston showed that attack routes are readily available and can be computed within milliseconds. This is true whether the attacker aims to endanger the victim or divert them to/from a different location. These results show that attackers have many options to lead victims astray in big cities.
Furthermore, the researchers found that a low-cost portable spoofer can effectively spoof a navigation device from 40-50 meters away. This means that attackers could either place a spoofer inside/underneath a target car or tailgate the target car to carry out an attack.
Since 2018, little has been done to address the vulnerabilities in road navigation systems highlighted in this study. Commercial vehicle and GNSS/GPS navigation system manufacturers have not adopted the necessary technology to detect and defend against spoofing attacks. Multiple experiments have built upon the NSF findings, confirming that road navigation system spoofing is a present-day problem.
In 2019, Regulus Cyber managed to spoof a Tesla Model 3’s automatic navigation system. The Regulus research team transmitted fake satellite coordinates to an antenna on the roof of the Tesla. Right after the spoofed signal took hold, the car suddenly decelerated on the highway and steered off the road to an unplanned exit. The Tesla also demonstrated aggressive braking, inappropriate lane changes, and diverting off-course.
Spoofing tests performed by Southwest Research Institute (SwRI) demonstrated that a mobile GNSS/GPS spoofing system can successfully manipulate perceived location, speed, and timing in autonomous vehicles. SwRI researchers broadcasted spoofed signals from a ground control station to a box on top of an autonomous vehicle’s GPS antenna. They were able to offset the GPS location of the vehicle by about ten meters at a time, thus forcing lane changes, off-road driving, and poorly-timed turns. The vehicle also steered inaccurately when GPS speed was altered or positional feedback was delayed by a few seconds. SwRI engineering group leader Victor Murray presented the findings at the cybersecurity conference Black Hat USA 2019, warning that current GNSS/GPS commercial systems remain largely unguarded from external interference.
Spoofing is poised to become a bigger problem as spoofing hardware becomes cheaper and industries become even more reliant on GNSS/GPS technology. The NSF road navigation study, Regulus Tesla experiment, and SwRI autonomous vehicle research show that GNSS/GPS spoofing is a real threat for road vehicles, jeopardizing the safety of drivers, passengers, and pedestrians.
With spoofing quickly becoming widespread – safety measures need to be put in place to ensure that it does not become a large scale concern. An example of this is the executive order issued by President Trump in January this year, claiming that “Because of the widespread adoption of PNT (Positioning, Navigation, and Timing) services, the disruption or manipulation of these services has the potential to adversely affect the national and economic security of the United States.”
Following this executive order, the US National Institute of Standards and Technology (NIST), requested companies to offer their insights on how GPS can be used in a safe manner. Among the commentators is Regulus Cyber and you can read our recommendations along with others in this link.
Contributed to this article:
Roi Mit – CMO @ Regulus Cyber
Jania Tumey – Marketing Intern @ Regulus Cyber
K. C. Zeng et al., “All Your GPS Are Belong to Us: Towards Stealthy Manipulation of Road Navigation Systems,” Proc. USENIX Security Symp., 2018, pp. 1527–44.
Murray, Victor C. “Legal Over-the-Air Spoofing of GPS and the Resulting Effects on Autonomous Vehicles.” Black Hat USA 2019, Southwest Research Institute, 2019, i.blackhat.com/USA-19/Wednesday/us-19-Murray-Legal-GNSS-Spoofing-And-Its-Effects-On-Autonomous-Vehicles-wp.pdf.
Trump Executive Order on Resilient PNT – https://www.whitehouse.gov/presidential-actions/executive-order-strengthening-national-resilience-responsible-use-positioning-navigation-timing-services/
SPOOFING NAVIGATION WAS NEVER EASIER
We tend to take it for granted, or not even realize we are using it, but the GPS is highly...
DEFENDING AGAINST SPOOFING AND JAMMING GPS
At the recent Air Transport IT Summit in Budapest, SITA Director of Cyber Security Vivien Eberhardt...
TWO YEARS AFTER STUDY WARNS OF GNSS/GPS SPOOFING RISK, ROAD NAVIGATION SYSTEMS REMAIN VULNERABLE WITH GOVERNMENT REGULATION STEPPING IN
GNSS/GPS spoofing attacks targeting road navigation systems have the potential to be highly...