If you’re anything like most people today, you probably rely heavily on GPS navigation to guide you to your destination. Even when driving around our own cities that we know well, many of us still use GPS navigation to avoid traffic along the route. But, GPS navigation works by using position data received from satellites, which opens up an opportunity for black hat hackers to introduce spoofed signals. With GPS spoofing and special “ghost” maps, security researchers were able to successfully lead drivers to a chosen destination.
Ending up somewhere other than where you intended isn’t just inconvenient, it can also be dangerous. Drivers could be guided to a specific location where they’re then ambushed. The security team, composed of researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research, was able to accomplish that by spoofing GPS signals in order to trick the driver’s navigation device into thinking it was in another place. Using specifically chosen “ghost” maps, they were even able to convince the driver that the screen was showing their actual location.
The equipment that allowed them to do that only costs approximately $250. All it takes is a Raspberry Pi, a HackRF One SDR (software-defined radio), an antenna, and a power source. The complete package is small enough to fit into a backpack. The researchers point out that this kind of attack could be prevented with GPS encryption, but that implementing that across all GPS satellites and receivers would be a massive undertaking. For now, certain GPS receivers, like the u-blox chips found in Tesla Model S cars, have spoofing protection that can help, but even those can theoretically be cracked.