GPS technology is more at risk from cyber attack than ever before, security expert demonstrates at VB2016

Posted by    on   Sep 14, 2016

An interview with VB2016 presenter Oleg Petrovsky of HPE Security research.

108x153-Oleg-Petrovsky.jpgMeeting Oleg Petrovsky, a senior anti-malware researcher at HPE Security research, is an experience. This tall, softly spoken fellow, now based in New York State, has a bright and unforgiving curiosity.

Oleg’s keenness of mind shines throughout his VB2016 paper. This is a researcher on a mission: raise awareness of the inherent vulnerabilities in the GPS system and provide recommendations and advice to help others uncover and prevent attacks.

Oleg will describe and categorize GPS attack methods that can be achieved with a limited budget and with a high rate of repeatability, including delayed retransmissions, record and playback, and direct signal synthesis.

During the presentation a number of countermeasures against GPS spoofing will be discussed, proposed and demonstrated.

With VB2016 in Denver less than a month away, VB chatted with Oleg to get a better understanding of why this research is so important to society.

Virus Bulletin: What attracted you to this subject, Oleg?

Oleg Petrovsky: GPS technology is not new. The latest version of GPS infrastructure has been widely used by the military since the 1990s. Over the past 15 years, with the advent of cheaper and more sensitive GPS receivers, GPS technology has secured its place in many civilian applications.

One notable aspect has to do with the core functionality. Twenty-year-old technology is still in use. The problem is that the civilian portion of it was not designed to deal with the current GPS threat landscape.

It is important to realize how vulnerable GPS is to malicious attacks. The possibility of attacks on GPS systems has been theorized since the early 2000s, but it has largely been left to state-sponsored actors or academic researchers to unveil its vulnerabilities due to the costs involved.

This was fine until affordable Software Defined Radio (SDR) technologies became generally available. That’s when the possibility of GPS attacks turned into a very real threat.

VB: Can you just give us a quick recap on GPS technology and how it is used?

OP: Most people don’t stop to think how dependent they have become on GPS technology.

GPS technology is already incorporated into many ubiquitous services that are taken for granted, with increasingly more applications leveraging it.

Power grid nodes are one example. They partially rely on GPS atomic clocks for the power grid networks synchronization. The same applies to the cell phone towers and real-time financial markets transaction services.

Another interesting example is the Automatic Identification System (AIS) used for tracking ships at sea. As part of its service, it relies on GPS to determine the location of a vessel.

More recent examples of GPS use include unmanned aerial and ground systems, self-driving cars, car tracking units used for mileage monitoring and insurance purposes, augmented reality games, and more.

VB: And why would you say that GPS technology is vulnerable?

OP: GPS technology in its current form dates back to the early 90s, and many things that were considered to be secure back then are no longer fit for purpose.

In addition, the GPS core was predominantly conceived for military applications. The military portion of the GPS signal is still way more secure than its civilian counterpart. It seems that the GPS for civilian use hasn’t been as important to secure.

Despite a number of academic articles and proof-of-concept demonstrations, we're still largely unaware of GPS-attack vectors. I thought it would be a good idea to raise awareness of the subject and show how easily an attack can be carried out using limited and readily available resources.

I also would like to start a discussion in the community on possible mitigations of such threats.

To encourage research investment, I plan to show a few demonstrations recorded earlier in a controlled environment, such as hijacking a consumer drone by spoofing the GPS signal with a moderately priced equipment setup.


VB: That will be a great demo to see.  But what type of person today would use GPS technology for nefarious purposes?

OP: There are many scenarios in which altering GPS signal can lead to disastrous consequences, such as taking a ship or a drone off-course, or disrupting a power or a cell service grid.

Adversaries can fake a geographical location for a number of personal gains, such as altering mileage, location and speed tracking devices for insurance purposes; gaining an edge in augmented reality games; and falsifying evidence pertinent to law enforcement organizations.

Adversaries could range from state-sponsored terrorist cells to avid Pokémon Go players.

VB: Have you presented at VB before?

OP: Last year I presented on the security of unmanned aerial systems. Interestingly enough, I theorized that an attacker could take control of a drone by spoofing the GPS signal in its flight path. This led me to this year’s presentation.

VB: A question from left field now: which five people across history would you invite to the ultimate dinner party?

OP: That is a tough one! I don’t think I would be able to manage a party with these Titans, but I certainly would have loved to learn from them, and even have them as my mentors. In no particular order, and amongst many deserving others: the Dalai Lama, Richard Feynman, Jeri Ellsworth, Richard Branson and Roger Waters.

VB: I love the idea of the Dalai Lama and Richard Branson conversing - imagine the topics that would come up! One last question: what do you do to relax when not out saving the world?

OP: I play a bit of guitar, learn to dance the Argentine tango, and do some rock climbing when I have time.

See Oleg's VB2016 presentation and demonstrations on Friday afternoon, 7 October at The Hyatt Denver Hotel. Book your tickets now!



Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.