Posted by on Sep 14, 2016
Meeting Oleg Petrovsky, a senior anti-malware researcher at HPE Security research, is an experience. This tall, softly spoken fellow, now based in New York State, has a bright and unforgiving curiosity.
Oleg’s keenness of mind shines throughout his VB2016 paper. This is a researcher on a mission: raise awareness of the inherent vulnerabilities in the GPS system and provide recommendations and advice to help others uncover and prevent attacks.
Oleg will describe and categorize GPS attack methods that can be achieved with a limited budget and with a high rate of repeatability, including delayed retransmissions, record and playback, and direct signal synthesis.
During the presentation a number of countermeasures against GPS spoofing will be discussed, proposed and demonstrated.
With VB2016 in Denver less than a month away, VB chatted with Oleg to get a better understanding of why this research is so important to society.
Virus Bulletin: What attracted you to this subject, Oleg?
Oleg Petrovsky: GPS technology is not new. The latest version of GPS infrastructure has been widely used by the military since the 1990s. Over the past 15 years, with the advent of cheaper and more sensitive GPS receivers, GPS technology has secured its place in many civilian applications.
One notable aspect has to do with the core functionality. Twenty-year-old technology is still in use. The problem is that the civilian portion of it was not designed to deal with the current GPS threat landscape.
It is important to realize how vulnerable GPS is to malicious attacks. The possibility of attacks on GPS systems has been theorized since the early 2000s, but it has largely been left to state-sponsored actors or academic researchers to unveil its vulnerabilities due to the costs involved.
This was fine until affordable Software Defined Radio (SDR) technologies became generally available. That’s when the possibility of GPS attacks turned into a very real threat.
VB: Can you just give us a quick recap on GPS technology and how it is used?
OP: Most people don’t stop to think how dependent they have become on GPS technology.
GPS technology is already incorporated into many ubiquitous services that are taken for granted, with increasingly more applications leveraging it.
Power grid nodes are one example. They partially rely on GPS atomic clocks for the power grid networks synchronization. The same applies to the cell phone towers and real-time financial markets transaction services.
Another interesting example is the Automatic Identification System (AIS) used for tracking ships at sea. As part of its service, it relies on GPS to determine the location of a vessel.
More recent examples of GPS use include unmanned aerial and ground systems, self-driving cars, car tracking units used for mileage monitoring and insurance purposes, augmented reality games, and more.
VB: And why would you say that GPS technology is vulnerable?
OP: GPS technology in its current form dates back to the early 90s, and many things that were considered to be secure back then are no longer fit for purpose.
In addition, the GPS core was predominantly conceived for military applications. The military portion of the GPS signal is still way more secure than its civilian counterpart. It seems that the GPS for civilian use hasn’t been as important to secure.
Despite a number of academic articles and proof-of-concept demonstrations, we're still largely unaware of GPS-attack vectors. I thought it would be a good idea to raise awareness of the subject and show how easily an attack can be carried out using limited and readily available resources.
I also would like to start a discussion in the community on possible mitigations of such threats.
To encourage research investment, I plan to show a few demonstrations recorded earlier in a controlled environment, such as hijacking a consumer drone by spoofing the GPS signal with a moderately priced equipment setup.
VB: That will be a great demo to see. But what type of person today would use GPS technology for nefarious purposes?
OP: There are many scenarios in which altering GPS signal can lead to disastrous consequences, such as taking a ship or a drone off-course, or disrupting a power or a cell service grid.
Adversaries can fake a geographical location for a number of personal gains, such as altering mileage, location and speed tracking devices for insurance purposes; gaining an edge in augmented reality games; and falsifying evidence pertinent to law enforcement organizations.
Adversaries could range from state-sponsored terrorist cells to avid Pokémon Go players.
VB: Have you presented at VB before?
OP: Last year I presented on the security of unmanned aerial systems. Interestingly enough, I theorized that an attacker could take control of a drone by spoofing the GPS signal in its flight path. This led me to this year’s presentation.
VB: A question from left field now: which five people across history would you invite to the ultimate dinner party?
OP: That is a tough one! I don’t think I would be able to manage a party with these Titans, but I certainly would have loved to learn from them, and even have them as my mentors. In no particular order, and amongst many deserving others: the Dalai Lama, Richard Feynman, Jeri Ellsworth, Richard Branson and Roger Waters.
VB: I love the idea of the Dalai Lama and Richard Branson conversing - imagine the topics that would come up! One last question: what do you do to relax when not out saving the world?
OP: I play a bit of guitar, learn to dance the Argentine tango, and do some rock climbing when I have time.