What is GPS spoofing?
Global positioning system (GPS) technology is now the standard way for travelers to efficiently get from point A to point B. While GPS delivers unparalleled opportunities to businesses and individuals, there are some drawbacks to using this technology. GPS devices can be vulnerable to cyber attacks through GPS spoofing.
GPS Spoofing 101
Global navigation satellite systems (GNSS) have been around for years in many industrialized countries, and GPS is just one of those systems. GPS spoofing happens when someone uses a radio transmitter to send a counterfeit GPS signal to a receiver antenna to counter a legitimate GPS satellite signal. Most navigation systems are designed to use the strongest GPS signal, and the fake signal overrides the weaker but legitimate satellite signal.
Commercial Hazards of GPS Spoofing
GPS spoofing isn’t to be confused with GPS jamming. GPS jamming happens when a cyber criminal blocks GPS signals altogether. Selling or using GPS jamming equipment that can block communications is illegal in the United States. While GPS jamming appears to be the greater threat, GPS spoofing delivers a sucker punch to a variety of businesses.
GPS spoofing allows hackers to interfere with navigation systems without operators realizing it. The fake GPS feeds cause drivers, ship captains, and other operators to go off course without any coercion. Businesses that are particularly vulnerable to GPS spoofing are shipping companies, taxi services, and construction companies.
Shipping companies that haul freight via land, air, and sea all use GPS-based navigation systems to get cargo safely to destinations all over the world. GPS spoofing leaves these shipments vulnerable to hijacking and theft. A practical example of this is where hijackers use GPS spoofing to misdirect a vehicle to a location where its cargo can be robbed—and hid the truck’s location while it’s happening. Additionally, many shippers use GPS-enabled locks to secure their cargo, allowing them to open only when the truck arrives at its set destination. GPS spoofing undoes those locks as well. In all, this puts drivers in danger, and trucking companies lose millions of dollars of cargo each year due to hijacking incidents such as these.
Taxi and Ride Sharing Services
Gone are the days when taxi drivers relied solely on their knowledge of a city’s streets to transport passengers. Today’s taxi drivers can go into any city that their license allows and do their jobs efficiently with the use of GPS technology. This flexibility comes with some drawbacks, however. GPS spoofing allows drivers to fake their location and commit criminal acts while still on the clock. Drivers from ride services can also use the technique to fraudulently place themselves in surge areas to get more money for their services. Projecting a false location is a financial risk to companies and is potentially dangerous for passengers.
While skilled construction workers are certainly valued, specialized tools, equipment, and machinery are the assets that many construction companies seek to track. These expensive assets commonly go missing on worksites, which eats into company profits. In recent years, GPS asset tracking systems have been installed to make sure construction equipment, tools, and machinery remain at authorized worksites. By using GPS spoofing, a thief could move an asset to a new location without anyone knowing about it until it was too late.
Dangers of GPS Spoofing for Everyone Else
GPS spoofing isn’t just a threat to businesses and government agencies; it also can be the catalyst for significant harm to individuals who rely on GPS. Cruising waterways along the coasts is a favorite hobby for those who enjoy boating.. Modern boats are equipped with GPS-based navigation systems. A cyber criminal can use GPS spoofing to get a skipper to steer his boat off course and into the path of danger from modern-day pirates.
The makers of location-based dating apps tout them as a safe way to meet a potential mate. These apps use GPS technology to help users identify dates by their location. When a bad actor uses GPS spoofing, he can fake his location or guide his date to a dangerous location.
The future of driving is now. Some electric cars are already equipped with an autopilot feature that offers unparalleled convenience to travel-weary drivers. However, independent research findings have uncovered a critical vulnerability in the cars’ navigation systems. What will happen when fully autonomous, self-driving cars are made without steering devices that would allow a person to take control of their car during a GPS spoofing incident?
Tips to Combat GPS Spoofing Attacks
If you own a business that relies on GPS-based navigation systems, you’ll want to know the best ways to sabotage GPS spoofing attacks. The Department of Homeland Security points out some physical and procedural techniques to fight the problem. It recommends that companies hide GPS antennas from public view. GPS spoofing works well when an attacker can get close to an antenna and override legitimate GPS signals that come from orbiting satellites.
The agency suggests installing a decoy antenna that’s in plain view of would-be cyber criminals. Adding redundant antennas in different locations at your site allows you to notice if one antenna is being targeted for GPS spoofing. Companies such as Regulus Cyber are also developing GPS spoofing detection software that alerts users of spoofing incidents and keeps their devices from acting on spoofed GPS data.
Additionally, organizations should consider taking GPS-enabled equipment offline whenever connectivity isn’t actively required—thus making them less susceptible to attack. Likewise, following the basics of security hygiene provide further protection, such as regular updates and changing of passwords, along with the use of two-factor authentication, network firewalls, and other cyber defenses.
GPS Spoofing for Privacy
While GPS spoofing can cause big problems for people, businesses, and governments, there is a legitimate use for the practice. GPS tracking and location sharing present everyone with real privacy issues. GPS spoofing allows users to hide their actual location from those who could cause harm. Security companies can use GPS spoofing to guard high-profile clients or expensive merchandise. Individuals can install GPS spoofing apps for free on their Android phones to mask their locations and protect their privacy.
The post What is GPS spoofing? appeared first on McAfee Blogs.