There is quite a lot of myth around GPS at the moment. Nothing wrong with it, it is standard with any technology to be misunderstood by the public at large but I am surprised not to see many comments about the lack of security of GPS in the more specialised arena. Anyway, a very quick search on Google for "GPS tampering" brings out loads of results. 234,000 to be exact (even if I don't believe that loads of them really deals with the issue).
Anyway, let assume someone wonders about how secure or unsecure GPS is. That someone is as I said more the exception than the norm. But the main misconception made at this point of the thought process is that because GPS is used by US military it is bound to be secure or tamper proof. The GPS data that the application (mobile or web) will be using is undoubtedly related to the object/person/animal I want to use the co-ordinate of. Unfortunately not.
GPS signals used by private sector or even a large portion (90%) of the federal government is unencrypted and unauthenticated. GPS for the public was never meant to by used for security or critical application yet they are used in such ways nowadays. They are even selling books about how to hack GPS.
There are four ways that these guys from Los Alamos National Laboratory (whose expertise I lean on for this note) have identified to interfere with GPS data:
1- Blocking, breaking off the antenna for example or shielding it. This is in a way on of the major usability issue of GPS, antenna has to have a good line of sight.
2- Jamming, by building a noisy RF transmitter around the antenna
3- Spoofing, using widely available GPS satellite simulators, this is the surreptitious way which the user may not be aware of
4- Physical attack. Not very surreptitious
The interesting part here is obviously point number 3 where the signal between the satellite and the device can be spoofed. The location presented to the device not being the real one. Satellite simulators are widely available and can be purchased or rented and many are highly user friendly. The Alamos guys even say that little expertise is needed in electronics, computer, rf etc... A small caveat around this as these people are not the best reference point in judging if something can be easily tackled by techno dummies. But still.
So from an application perspective, I suppose that using your GPS for a small mobile application is something which is not a problem. After all, if the data is tampered with for your, say, "find my nearest restaurant" application then you'll end up in a pizzeria rather than the curry place you were looking for. However, for a whole raft of other applications that are cropping up that are location dependant, GPS is far from being a reliable source. For a small taster, check GPS hack.
Whilst a solution that is using GSM network information and based on a SIM is less likely to be hacked into (no data available on this yet), I wonder how tamper proof A-GPS will be as it is in essence a mix of satellite based and network based technology.
Powered by ScribeFire.
Comments