Researchers from a number of renowned institutions including Virginia Tech, the University of Electronic Science and Technology of China and Microsoft Research have concluded that it is possible to spoof GPS signals and send people in the wrong direction.
The ironic part is that such an advanced technology can be spoofed using equipment worth no more than $250.
“Our study demonstrated the initial feasibility of manipulating the road navigation system through targeted GPS spoofing,” the researchers, from Virginia Tech, China’s University of Electronic Sciences and Technology, and Microsoft Research, wrote in an 18-page paper. “The threat becomes more realistic as car makers are adding autopilot features so that human drivers can be less involved (or completely disengaged).”
Previous spoofing attacks have shown how to fake the GPS coordinates of yachts, drones, and critical infrastructure equipment.
The new paper, titled All Your GPS Are Belong to Us: Towards Stealthy Manipulation of Road Navigation Systems, goes a step further by using falsified locations to manipulate navigation instructions. The paper will be presented at next month’s 27th USENIX Security Symposium in Baltimore.
The GPS spoofing device, pictured above, is most effective when it’s planted inside or directly underneath a targeted vehicle, but it can also be operated from a drone flying overhead the targeted vehicle or tailgating automobile.
The spoofer consists of the front end of an open source software-defined radio called a HackRF One, a Raspberry Pi, a battery, and an antenna.
Its frequency range covers the civilian GPS band.
The Raspberry Pi runs a secure shell server (SSH).
The researchers built their spoofer for $223.
Haunted by ghost routes
The attack uses the spoofer to send false location data to the GPS service, which for this demonstration was an Android phone running the Google Maps app.
The SSH server receives instructions issued by a remote sender that causes the spoofer to falsify the location in a way that subtly changes the directions.
Algorithms developed by the researchers help to ensure the ghost route mimics the general shape of the original route to prevent, for instance, the false directions for directing the driver from making a turn that doesn’t exist.
The malicious instructions can be issued in real time by the attackers or through a pre-written script.
The equipment can deceive GPS signals and switch original maps with ghost maps, which appear exactly like the original ones but are merely a delusion.
Researchers tested their findings in a range of attacks launched at nighttime in Chengdu, China.
They tested the research’s authenticity in a Ford Escape, and two different mobile phones models (one from Xiaomi having Android v 8.0 and the other a Huawei phone having Android v 6.0) running navigation software by Google were used.
The hack was carried out using an algorithm that scanned for map layouts replicating the real maps; once this was achieved, it became possible to insert a “ghost location” in place of the real map, which the vehicle driver will use unsuspectingly.
The entire feat was pulled-off without alerting the driver or raising any alarms; researchers further identified that their algorithm lets the attacker lure victims to any selected location.
“The algorithm crafts the GPS inputs to the target device such that the triggered navigation instruction and displayed routes on the map remain consistent with the physical road network.
In the physical world, the victim who follows the instruction would be led to a wrong route (or a wrong destination),” researchers wrote in their paper titled “All Your GPS Are Belong To Us:
Towards Stealthy Manipulation of Road Navigation Systems” available for downloading here.
The algorithm has been tested with traffic simulators across China and the US and can work in real-time using a portable GPS-spoofing tool that cost only $223.
It can be attached to any vehicle or put on a car that tracks another one from a distance of up to 50m.
Around 1547 attacking routes have been identified by the algorithm for every single target trip and the attack was found to be successful on 95 percent of all human testers.
“38 out of 40 participants (95%) follow the navigation to all the wrong destinations….If the attacker aims to endanger the victim, the algorithm can successfully craft special attack route that contains wrong-ways for 99.8% of the trips,” researchers claim.
The research is truly significant because all the GPS spoofing techniques or attacks identified so far have remained unsuccessful in deceiving humans as the fake instructions were never in-sync with the original maps.
But this one definitely does fool humans by successfully replicating the road layout immaculately.
The method is compatible with all GPS-enabled road navigation systems including those deployed on vehicles (both self-driving and normal), mobile phones, couriers and car-sharing services.