Duping the GPS System
ECE’s Brent Ledvina and colleagues from Cornell have built a system demonstrating how GPS signals can be spoofed. The team believes that current U.S. government countermeasures would not guard against their system. By demonstrating the vulnerability, they hope to devise methods against such attacks.
The team programmed a briefcase-size GPS receiver used in ionospheric research to send out fake signals. The phony receiver was placed in the proximity of a navigation device, where it anticipated the signal being transmitted from the GPS satellite. Almost instantly, the reprogrammed receiver sent out a false signal that the navigation device took for the real thing.
Handheld GPS receivers are popular for their usefulness in navigating unfamiliar highways or backpacking into wilderness areas. But GPS is also embedded in the world’s technological fabric. Such large commercial enterprises as utility companies and financial institutions have made GPS an essential part of their operations.
“GPS is woven into our technology infrastructure, just like the power grid or the water system,” said Paul Kintner, electrical and computer engineering professor and director of the Cornell GPS Laboratory. “If it were attacked, there would be a serious impact.” At Virginia Tech, Ledvina developed the enabling software technology that allowed the signal to be sent out in real time. Cornell professors Todd Humphreys and Mark Psiaki were also on the spoofing team.
The idea of GPS receiver spoofing isn’t new; in fact, the U.S. government addressed the issue in a December 2003 report detailing seven countermeasures against such an attack. But, according to the researchers, such countermeasures would not have successfully guarded against the signals produced by their reprogrammed receiver.
“We’re fairly certain we could spoof all of these, and that’s the value of our work,” Humphreys said.
—by Lynn Nystrom