Navigations systems are vulnerable to hackers
The calculation of time with the aid of GPS is based on the technology’s underlying principle: in order to determine its position, the receiver measures the exact time a signal takes to travel between several satellites and the receiver itself. The number of satellites circling the Earth in high orbit exceeds 24. In every location on Earth, users make contact with at least four of them.
The satellites continuously transmit their precise orbit parameters in their signal. Thus, the receiver knows exactly where the signal is coming from. Moreover, each satellite has an atomic clock on board and can indicate the precise time when its signal was transmitted. The further from the receiver the satellite is located, the longer it takes for the signal to arrive. Based on the known parameters, i.e. transmission time and transmission location of the four satellites, the location of the receiver is identified — this process takes place while the receiver’s local time is simultaneously determined.
If an attacker wants to manipulate the system, he can use a satellite simulator for the purpose. The handy box, which the IT experts from Bochum also use for research purposes and which is routinely used for testing GPS receivers, generates satellite signals and transmits them via an antenna. The signals fake authenticity so well that most receiver devices do not notice any difference: a circumstance that attackers may use to persuade the receiver that it is situated at a different location than its actual one. This vision is bound to make many people think of horror scenarios, such as hijacked airplanes, misrouted armored cars or electronically tagged criminals disappearing underground.
Ruhr-Universitaet-Bochum notes that when proposing their solution, Pöpper and Jansen considered what happens when a vehicle or a machine uses not one but several receivers at the same time, which are situated at a distance from each other. If they receive genuine satellite signals, the receivers’ calculated position data differ slightly from each other, reflecting the difference between their actual positions. If, however, an attacker transmits signals using a simulator, they appear deceptively authentic and are identical for each individual receiver. The attack can only be detected by comparing the individual receiver locations to each other, because now all receiver devices believe to be in the same (wrong) position, which is not actually the case. This is because the relative reception times of several signals which are transmitted via the satellite simulator are identical in several receiver devices. This is not the case when legitimate satellite signals are received, because they are transmitted from different positions in earth orbit.
“We have already demonstrated that this is how we can detect attacks. At present, we are figuring out technical details, such as the minimum distance that is required between the receiver devices to make sure that they don’t identify their positions as identical when receiving authentic signals due to inaccuracies that will inevitably occur,” says Pöpper. In order to find that out, Kai Jansen took the trouble to climb to the roof of the IC building with his equipment, because signal reception is reliable here. According to the current level of knowledge, the minimum distance between the devices should range between two and three meters. If the receivers are placed closer together, the error rate increases. “This can be easily realized in large vehicles or machines, such as trucks or ships, because here the receivers can be positioned at a sufficiently great distance from each other. However, this solution doesn’t apply in mobile phones, electronic tags or other areas.”
This is reason enough for Pöpper and her team to continue their research in this field.
— Read more in Raffaela Römer, “Easy prey for hackers: navigation systems. Make a U-turn when possible,” RUBIN Science Magazine (22 January 2016)
