We have already discussed that how our online connected world has become vulnerable to the hacking, which is causing our day-to-day things to turn into an easy to exploit objects.
What’s more disturbing is that hackers are discovering cheaper and easily accessible possibilities to exploit these vulnerabilities.
Now what the team of researchers over at Chinese Internet Security firm Qihoo 360 has discovered is something amazing. They have found a possibility of spoofing the location of a smartphone, in-car navigation system or any other device having a compatibility of Global Positioning System (GPS) that is connected to the GPS satellite.
Usually, this GPS spoofing technique requires some expensive and sophisticated GPS emulator that costs over thousands of dollars to manufacture. But these Chinese researchers have managed to accomplish the similar task in a minimal budget.
The team leader named Lin Huang presented the concept at DefCon 23 Security Conference last Friday. She explained that to develop their own GPS emulator her team members used a simple tool like a Software-Defined Radio (SDR) as well as an open-source software tool found on GitHub, which was actually developed by Chinese university researchers.
To further optimize the code and to make it more effective, the team members did some tweaking within the codes.
These Chinese researchers make use of HackRF board, which is a small and cheap board having the capability to interchange between various radio frequencies as well as read and transmit data to a wide range of radio frequencies. Those frequencies could be anything, from the higher Wi-Fi frequencies and innovative protocols to the lower ranging FM radio frequencies.
The researchers claimed that it is much easier to attack smartphone’s GPS signals because they are being transmitted at the chipset level. Furthermore, there is not much difference between the GPS signals of devices manufactured by Android or Apple.
Huage gave a keynote at the DefCon security conference with the help of translators. She said, “This is a very low-cost way [to construct a GPS emulator].” She further added that “This method increases the risk for GPS devices.”
Originally, Huang planned to perform her GPS hack at one of the DefCon volunteers but due to legal restrictions and other limitations she had to demonstrate using a pre-recorded video. She also becomes the first Chinese woman to present at the DefCon security conference.
Huang is a specialized researcher of a wireless communications system and has a great knowledge about the development of the software-based GPS radio tools.
Hackers can take over GPS and direct the victim to go down a cliff
During her briefing at DefCon sessions, she said that dramatic improvements are on the way to further improve the capability of these GPS emulators. Hackers can even transmit a wrong GPS data to any device, for instance, a GPS-based drone. On the other hand, if you rely too much on your in-car GPS navigation system then this GPS emulator can be used to guide you to a completely different location.
“If you use GPS to drive a car it can change you to a different location… [or direct the victim] to go down a cliff. Whatever they want you to do. It is very dangerous.”
She also suggested that the manufacturers of GPS chipset and hardware should spend some more time on researching and redesigning a system to defend against these GPS spoofing attacks. They should develop a device that can connect directly with the GPS satellite and have the ability to detect the GPS spoofing.
Report typos and corrections to firstname.lastname@example.org