[time-nuts] More GPS troubles

Jim Lux jimlux at earthlink.net
Thu Jan 17 14:02:51 UTC 2013


On 1/17/13 2:52 AM, Hal Murray wrote:
> How to bring down mission-critical GPS networks with $2,500
>
> http://tinyurl.com/boe2cdh
> http://arstechnica.com/security/2012/12/how-to-bring-down-mission-critical-gps
> -networks-with-2500/
>
>

I think this came up a few months ago.

the article is a bit over the top, but does describe the basic mechanism 
used:

"exploits software bugs in the underlying receivers"

For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal 
clock settings, it suffered permanent damage when it was exposed to the 
exploit."

Permanent damage?  As in components failed?  No, I think a factory reset 
would restore it to function.


I suspect that most modern GPS receivers also have loadable/replaceable 
firmware, so as "divide by zero" bugs and the like are found, then it 
can be fixed, particularly if it's in something like a high accuracy 
reference network.

A pain, to be sure.

I think the threat is a bit overstated, too.  Sure, the hardware costs 
<$20k, but it's operated by a team of fairly sophisticated people who 
programmed it for each specific victim (that is, every receiver has a 
different vulnerability).  Just because one has identified a threat 
vector doesn't mean that there's any incentive to use it:  Many have 
proposed scenarios where denying GPS has some value, but considering it 
as a potential criminal scenario you'd also need:
1) resources to execute the threat (that team of grad students from CMU, 
knowledge of the specific receivers to be attacked and their specific 
vulnerabilities, etc.)
2) A decent scenario asking what form the denial takes (e.g. are you 
spoofing, or what)
3) A way to radiate these signals in a way that you won't get caught. 
There are a fair number of folks out there working on and doing systems 
to detect GPS jamming.

If you just wanted to deny GPS in a small area, a network of a few dozen 
broadband $30 jammers with random timers and lithium batteries scattered 
from a passing car or UAV, etc. would do very nicely.

If you want to do it over a larger area, you apply for a temporary 
license for an auxiliary transmitter on the ground for your mobile 
satellite service<grin>.







More information about the time-nuts mailing list