[time-nuts] More GPS troubles

Bob Camp lists at rtty.us
Thu Jan 17 14:22:55 UTC 2013


Hi

Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon. 

The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority. 

Bob

-----Original Message-----
From: time-nuts-bounces at febo.com [mailto:time-nuts-bounces at febo.com] On
Behalf Of Jim Lux
Sent: Thursday, January 17, 2013 9:03 AM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] More GPS troubles

On 1/17/13 2:52 AM, Hal Murray wrote:
> How to bring down mission-critical GPS networks with $2,500
>
> http://tinyurl.com/boe2cdh
>
http://arstechnica.com/security/2012/12/how-to-bring-down-mission-critical-g
ps
> -networks-with-2500/
>
>

I think this came up a few months ago.

the article is a bit over the top, but does describe the basic mechanism 
used:

"exploits software bugs in the underlying receivers"

For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal 
clock settings, it suffered permanent damage when it was exposed to the 
exploit."

Permanent damage?  As in components failed?  No, I think a factory reset 
would restore it to function.


I suspect that most modern GPS receivers also have loadable/replaceable 
firmware, so as "divide by zero" bugs and the like are found, then it 
can be fixed, particularly if it's in something like a high accuracy 
reference network.

A pain, to be sure.

I think the threat is a bit overstated, too.  Sure, the hardware costs 
<$20k, but it's operated by a team of fairly sophisticated people who 
programmed it for each specific victim (that is, every receiver has a 
different vulnerability).  Just because one has identified a threat 
vector doesn't mean that there's any incentive to use it:  Many have 
proposed scenarios where denying GPS has some value, but considering it 
as a potential criminal scenario you'd also need:
1) resources to execute the threat (that team of grad students from CMU, 
knowledge of the specific receivers to be attacked and their specific 
vulnerabilities, etc.)
2) A decent scenario asking what form the denial takes (e.g. are you 
spoofing, or what)
3) A way to radiate these signals in a way that you won't get caught. 
There are a fair number of folks out there working on and doing systems 
to detect GPS jamming.

If you just wanted to deny GPS in a small area, a network of a few dozen 
broadband $30 jammers with random timers and lithium batteries scattered 
from a passing car or UAV, etc. would do very nicely.

If you want to do it over a larger area, you apply for a temporary 
license for an auxiliary transmitter on the ground for your mobile 
satellite service<grin>.





_______________________________________________
time-nuts mailing list -- time-nuts at febo.com
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.





More information about the time-nuts mailing list