Black Hat: Don’t Rely On GPS

There’s a lot of interesting stuff coming out of Black Hat 2019, but I thought this story is probably of most interest to a wide/non-geek audience.

In all of the designs for “self-driving” cars, one of the things they rely on is GPS (or other navigation system). Bogus Satellite Nav Signals Send Autonomous Cars Off the Road.

I usually say, “Nobody does proper systems design anymore,” but I’m wondering if people ever did.

A fundamental problem with GNSS systems, Murray said, is they lack integrity mechanisms. That means there’s no way for the receiving antenna to know if the signal it sees is legitimate. GNSS signals are also very low power, meaning it’s easy to drown out legitimate GNSS broadcasts with malicious ones. Murray put it in blunt terms: “All of our receivers are susceptible to spoofing.”

Now the GPS system was designed by and for the US military, but apparently they never considered whether or not a hostile actor would try to interfere with the system. Hence the lack of integrity.

So you want to put your hands in the life of a piece of technology that a bored hacker can decide to see “What’s the worst we can do?” Good luck with that.

Murray cited previous research from Team Unicorn that was able to spoof GNSS signals with as little as a $400 radio and a laptop.

For a rundown of what PC Magazine thought were the highlights of Black Hat, see Black Hat 2019: The Craziest, Most Terrifying Things We Saw.

This includes stuff like fake iPhones (preloaded with malware), taking over an iPhone by just sending a text message, hacking Bluetooth Locks and so much more.