GPS Spoofing

Professor Todd Humphreys explains how it may be possible to intentionally fool your GPS into thinking you're somewhere else...
02 May 2010

Interview with 

Professor Todd Humphreys, University of Texas


Helen -  We've already heard from Meera how we can end up getting lost if you don't keep the maps in your sat nav updated, but GPS is potentially susceptible to something a lot more sinister.  It can actually be intentionally fooled.  Professor Todd Humphreys is from the University of Texas in Austin, and he joins us now.  Thanks for joining us on the Naked Scientists.

Todd -   Hi, Helen.  Nice to be here.

Helen -   Now first of all, what are we talking about here?  We're calling this "spoofing" of GPS.  What's that all about?

Todd -   Well, it's that the GPS signals that civilians have access to are not secure signals and that means that they don't have any encryption or authentication.  So there's no way for you or me to know for sure where they originate.  They might be coming from the satellites, that's the most likely scenario, but they could also nowadays be coming from someone who is generating counterfeit signals.

Helen -   So counterfeit signals is something that we should be worrying about?  Is this happening already?

Todd -   It's not something that's happening as far as we know except in some controlled experiments.  But the incentives are building.  There are places now charging GPS civilian Receiverroad charges based on your GPS positioning and fisheries are managing fleets by GPS positioning.  People are put under house arrest with GPS ankle bracelets.  And so, the incentives are building for some hacker to mislead you into thinking that you are actually in South London when you're in North London.

Helen -   So this sounds to me a little bit like when we had computers and we didn't yet know anything about computer viruses.  Almost that there's a potential for someone to come along and mess around with the GPS and potentially cause some problems.  But so far, we're okay and the idea is that we should be pre-empting those problems.

Todd -   That's right and the analogy with computers is a good one.  There was a time, perhaps 20 years ago or more when we didn't have to worry about computer security.  But that time has passed and now we're realising that we must also pay attention to navigation and timing security.

Think of it like the story from the Little Red Riding Hood when the big bad wolf came in and devoured little red riding hood's grandmother and then dressed in her clothes and adopted a fake voice.  It was good enough to convince little red riding hood to come in to the house and that's what we call GPS "spoofing" when we impersonate or counterfeit these GPS signals so cleanly that you can't distinguish them from the authentic signals.

Helen -   And you've been doing research into how you might become the wolf?  How you might actually produce these spoof signals?  Can you tell us something about how you go about doing that and how spoofing works?

Todd -   Sure.  Well first of all, some justification.  There were some government reports here in the US, warning about the possibility of spoofing attacks maybe a decade ago, but there was very little information about what a sophisticated attack would look like.  And so, some researchers and I came to conclude that we couldn't just speculate about how to defend against an attack.  We'd have to go through the exercise of building a spoofer in order to come understand more intimately the signatures left behind by attack. 

So a team of us from Cornell University and Virginia Tech looked over some early defences that had been proposed and we concluded they were weak and we figured a way to circumvent almost all of them.  So we took the next step and decided that we've had to develop a sophisticated spoofer ourselves and in truth, it only took us about 3 months and we had a portable spoofer that could align its signals with the authentic signals. We've tested it against iPhones and Garmins and just any receiver that we've tested it against, it has successfully duped into thinking that it's some other place or some other time.

Helen -   What sort of range are we talking here?  How far away can you dupe an iPhone or a GPS unit?

Todd -   Well the range we've used is close proximity.  That makes it easiest.  That way, you don't have to figure out your relative position between you and the target, but you can theoretically spoof from a distance as long as you know a three-dimensional vector between you and the target.

AeroplaneHelen -   And the sort of devices that you've come up with, presumably they could be sneaked onto an airplane perhaps and then start causing trouble from up there?

Todd -   Well, we don't want to get into doomsday scenarios but that's definitely a possibility.  And so, we're working hard to come up with defences against spoofing so that one can detect an attack.  Say, you can detect that if the big bad wolf's pointy ears are sticking out then it doesn't look quite like grandma.

Helen -   Absolutely and presumably you're not doing this research because you want to spoof.  You want to figure out how to stop this from happening.  So how do we go about detecting if this started to happen and what can we do to try and stop it?

Todd -   Well, like I said, there are signatures that are left behind by anything but the most sophisticated spoofers.  So if a juvenile attack is mounted, you can almost always tell that something's wrong.  Unfortunately, with the sophisticated type spoofers that we've developed, you leave behind very little clues that you're under attack.  And so, it turns out that only cryptographic methods are really robust against spoofing and we're trying to develop cryptographic methods to piggy back on the military signals which are themselves encrypted.  And in fact, we're trying to convince US authorities and Galileo authorities to make sure that the public has access to encrypted civilian signals.

Helen -   Okay, let's say that this does start to happen and this at one point does become some sort of a threat.  We have our computers and we can install anti-virus software onto our computers.  Are we going to be able to do eventually something similar, do you think, can we retro-fit our hand units or satellite navigation systems, or are we going to have to really start again with something new?

Todd -   You probably won't be able to retrofit existing devices but we're developing devices, software based GPS receivers, they could be retro-fit, and we're developing techniques that could be employed in those receivers to act as anti-virus software acts against computer viruses.  They've actually been very effective in our tests in the laboratory and what we can show is that while we can't prevent spoofing completely, what we can do is make it very challenging for a "would-be" spoofer to mount a successful attack.

Helen -   That's fantastic.  Well thank you very much.  That was Todd Humphreys from the University of Texas, giving us an idea about how GPS units can be duped with fake signals and leave us in the wrong position, and not where we thought we were!


Add a comment