Feeds

GPS spoofing countermeasures: Your smartphone already has them

BAE Systems gets to where Google was in 2007-odd

Remote control for virtualized desktops

Analysis There's suddenly a lot of panic about GPS satellite navigation spoofing, and BAE Systems among others would like to sell the military some tech to resist it. But in fact, most modern smartphones already have strong countermeasures against this sort of thing.

UK-headquartered but largely US-based BAE's latest grab for government pork is a GPS companion which uses other transmissions, such as TV and cellular sites, to confirm a location fix, just as Google started doing in 2007, and others had been doing well before that.

Realistically a greater menace to GPS users than spoofing would appear to be the British Ministry of Defence itself. InsideGNSS reports that various suppliers of GPS receivers and satellites have had letters from Ploughshare Innovations - the MoD's R&D commercialisation arm - asking for patent fees.

The claims stem from a patent taken out by Ploughshare on technology jointly developed by the US and European Union to ensure that users could make use of both the new GPS third-generation satellites and the upcoming European Galileo system. Doubtless the UK Defence Science and Technology Laboratories were involved, but their claim on a slice of GPS revenue as a result is far less clear.

That dispute will get bigger, potentially much bigger, but in the meantime BAE Systems reckons users should be looking to add a check on GPS data with ambient radio signals anyway.

The Great Google Slurp

Google started using the locations of cellular towers in 2007, to speed up the time-to-fix of GPS systems and provide location data to those without GPS hardware. Google had to manually compile the initial list of cell sites, though nowadays it sucks in constant updates automatically (from the phone of anyone using radio location in Google Maps). It has also added Wi-Fi hotspot data to the database - providing very fast fixes to within a couple of metres without recourse to slow, power-hungry GPS.

Which is just what BAE's NAVSOP (Navigation via Signals of Opportunity) does. NAVSOP claims to add TV transmitters to the mix, something Google would no-doubt bother with if more phones could receive TV signals.

"The potential applications of this technology are already generating huge excitement in both civilian and military circles," says BAE's Dr Faraghe - presumably those circles where Bing is the search engine of choice, as a stock Android handset is already doing nearly everything NAVSOP claims to be capable of - making itself largely immune to the GPS jamming (or more insidious spoofing) which so worries BAE.

Jamming and spoofing equipment is certainly readily available, and GPS signals are very weak (hence easily blotted out by noise or spoof signals). But people forget that military GPS signals are encrypted, meaning that they can't be spoofed, only jammed.

And a military GPS receiver, certainly in something important like a cruise missile or a smartbomb or a drone is only used as a check on inertial navigation anyway, so a jammer would have to follow the bird for a long time to have any effect (it would probably need to follow it from above, too, as the antenna is designed to look up at the sky).

Civil GPS signals are not encrypted, but in the civilian world you can introduce signals of opportunity as a check on location with ease, as your Android (or your iPhone) already does. Smartphones are acquiring some of the other military inertial checks, too: many phones now have magnetometers and accelerometers able to provide a basic dead-reckoning check.

Much is being made of the University of Texas team which recently managed to spoof a drone owned by the US Department of Homeland Security. But as Aviation Week points out that drone was a commercially-available mini quadrotor totally reliant on civil GPS.

GPS has been assailed before: in the UK we've seen the LORAN crowd arguing that the availability of GPS jammers demands that alternative technologies be maintained and expanded (specifically LORAN obviously), but the cost of such alternatives is significant and it's hard to see what they really bring to the party.

Using ambient radio signals to confirm a location isn't "a real game changer" as BAE systems would have us believe, then, but it is quite a good idea: which is why Google, Apple and other rather faster-moving technology firms started doing it long ago. ®

Remote control for virtualized desktops

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?