Softpedia – (National) GPS software attacks more dangerous than jamming and spoofing, experts say. Security researchers from Carnegie Mellon University, in collaboration with experts from Coherent Navigation, identified new attack vectors against the Global Positioning System (GPS), Softpedia reported December 10. According to the researchers, a malicious 45-second GPS broadcast is capable of taking down more than 30 percent of the Continually Operating Reference Station (CORS) network, which is used for safety and life-critical applications. Furthermore, it could also disrupt 20 percent of the Networked Transport of RTCM via Internet Protocol (NTRIP) systems. A total of three new attack methods have been identified: GPS data level attacks, GPS receiver software attacks, and GPS dependent system attacks. GPS data level attacks are somewhat similar to spoofing, but they can cause more damage. For instance, such an attack can remotely crash a high-end receiver. The second type of attacks leverages the fact that GPS receivers run some kind of computer software that can be remotely compromised. Since GPS receivers are most often seen as devices instead of computers, the security holes leveraged by attackers can remain unpatched for extended periods of time. In order to mitigate such threats, experts recommend stronger verification of GPS receiver software and the deployment of regular software updates for IP-enabled devices. Another mitigation strategy refers to the use of Electronic GPS Attack Detection System (EGADS) that alerts users when an attack is underway, and an Electronic GPS Whitening System (EGWS) that re-broadcasts a whitened signal to otherwise vulnerable receivers. One noteworthy thing about these types of attacks is that they do not require sophisticated or - 14 - expensive equipment. The hardware utilized by the researchers costs only about $2,500.
Ali Loney, on December 10, 2012