Feeds

GPS spoofing countermeasures: Your smartphone already has them

BAE Systems gets to where Google was in 2007-odd

Seven Steps to Software Security

Analysis There's suddenly a lot of panic about GPS satellite navigation spoofing, and BAE Systems among others would like to sell the military some tech to resist it. But in fact, most modern smartphones already have strong countermeasures against this sort of thing.

UK-headquartered but largely US-based BAE's latest grab for government pork is a GPS companion which uses other transmissions, such as TV and cellular sites, to confirm a location fix, just as Google started doing in 2007, and others had been doing well before that.

Realistically a greater menace to GPS users than spoofing would appear to be the British Ministry of Defence itself. InsideGNSS reports that various suppliers of GPS receivers and satellites have had letters from Ploughshare Innovations - the MoD's R&D commercialisation arm - asking for patent fees.

The claims stem from a patent taken out by Ploughshare on technology jointly developed by the US and European Union to ensure that users could make use of both the new GPS third-generation satellites and the upcoming European Galileo system. Doubtless the UK Defence Science and Technology Laboratories were involved, but their claim on a slice of GPS revenue as a result is far less clear.

That dispute will get bigger, potentially much bigger, but in the meantime BAE Systems reckons users should be looking to add a check on GPS data with ambient radio signals anyway.

The Great Google Slurp

Google started using the locations of cellular towers in 2007, to speed up the time-to-fix of GPS systems and provide location data to those without GPS hardware. Google had to manually compile the initial list of cell sites, though nowadays it sucks in constant updates automatically (from the phone of anyone using radio location in Google Maps). It has also added Wi-Fi hotspot data to the database - providing very fast fixes to within a couple of metres without recourse to slow, power-hungry GPS.

Which is just what BAE's NAVSOP (Navigation via Signals of Opportunity) does. NAVSOP claims to add TV transmitters to the mix, something Google would no-doubt bother with if more phones could receive TV signals.

"The potential applications of this technology are already generating huge excitement in both civilian and military circles," says BAE's Dr Faraghe - presumably those circles where Bing is the search engine of choice, as a stock Android handset is already doing nearly everything NAVSOP claims to be capable of - making itself largely immune to the GPS jamming (or more insidious spoofing) which so worries BAE.

Jamming and spoofing equipment is certainly readily available, and GPS signals are very weak (hence easily blotted out by noise or spoof signals). But people forget that military GPS signals are encrypted, meaning that they can't be spoofed, only jammed.

And a military GPS receiver, certainly in something important like a cruise missile or a smartbomb or a drone is only used as a check on inertial navigation anyway, so a jammer would have to follow the bird for a long time to have any effect (it would probably need to follow it from above, too, as the antenna is designed to look up at the sky).

Civil GPS signals are not encrypted, but in the civilian world you can introduce signals of opportunity as a check on location with ease, as your Android (or your iPhone) already does. Smartphones are acquiring some of the other military inertial checks, too: many phones now have magnetometers and accelerometers able to provide a basic dead-reckoning check.

Much is being made of the University of Texas team which recently managed to spoof a drone owned by the US Department of Homeland Security. But as Aviation Week points out that drone was a commercially-available mini quadrotor totally reliant on civil GPS.

GPS has been assailed before: in the UK we've seen the LORAN crowd arguing that the availability of GPS jammers demands that alternative technologies be maintained and expanded (specifically LORAN obviously), but the cost of such alternatives is significant and it's hard to see what they really bring to the party.

Using ambient radio signals to confirm a location isn't "a real game changer" as BAE systems would have us believe, then, but it is quite a good idea: which is why Google, Apple and other rather faster-moving technology firms started doing it long ago. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.