GPS gets spoofed

In a process dubbed 'spoofing', US researchers at Cornell University have demonstrated that they can trick global positioning systems (GPS) into receiving fake GPS data that they then accept as authentic.

GPS is a US navigation system of more than 30 satellites circling Earth twice a day in specific orbits, transmitting signals to receivers on land, sea and in air to calculate their exact locations.

To demonstrate how a navigation device could be fooled, the researchers, led by Cornell professors Paul Kintner and Mark Psiaki, programmed a briefcase-size GPS receiver, used in ionospheric research, to send out fake signals.

Co-workers Brent Ledvina and Todd Humphreys then showed how the 'phoney' receiver could be placed in the proximity of a navigation device, where it would track, modify and retransmit the signals from the GPS satellite constellation. Gradually, the 'victim' navigation device would mistake the counterfeit navigation signals for the real thing.

'GPS is woven into our technology infrastructure, just like the power grid or the water system,' said Kintner, Cornell professor of electrical and computer engineering and director of the Cornell GPS Laboratory.

'If it were attacked, there would be a serious impact.'

By demonstrating the vulnerability of receivers to spoofing, the researchers believe they can help devise methods to guard against such attacks.

'Our goal is to inspire people who design GPS hardware to think about ways to avoid the kinds of things we're showing,' said Psiaki, Cornell professor of mechanical and aerospace engineering.

The idea of GPS receiver spoofing isn't new; in fact, the US government addressed the issue in a December 2003 report detailing seven 'countermeasures' against such an attack.

But, according to the researchers, such countermeasures would not have successfully guarded against the signals produced by their reprogrammed receiver.

'We're fairly certain we could spoof all of these, and that's the value of our work,' said Humphreys.