Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Team 2 Tech TalkGPS Spoofing
Andrew Nolan, Lokesh Gangaramaney
Christopher Micek, Kevin Fortier, Joseph PetittiComputer Science Dept.
Worcester Polytechnic Institute (WPI)
Background: GPS
⚫ Developed by the US Military in 1973 as a satellite navigation system
for precision bombing.
⚫ Receivers use a constellation of 31 satellites in orbit with precise
atomic clocks and location data from ground stations to determine
ground position.
⚫ Need a signal from ≥4 satellites
⚫ Nowadays, available for both civilian and
military applications.
Background: GPS Spoofing
⚫ Idea: Use counterfeit GPS information to make a device
think it is located somewhere it isn’t.
⚫ Two types:
⚫ Hardware spoofing
⚫ Requires specialized hardware to transmit a fake
GPS signal, but always getting smaller/cheaper.
⚫ Software (geolocation) spoofing
⚫ Uses software to feed location monitoring services
false information (e.g. a VPN).
Problem to Solve
Hide or modify something's perceived location
Use Cases
⚫ Testing location-aware apps
⚫ Evading censorship/DRM
⚫ Protecting privacy
⚫ Criminal activity
⚫ Increase fare in ridesharing app
⚫ Divert deliveries to unsafe location
⚫ Warfare
⚫ Cheating in Pokémon Go
Real World Examples
⚫ Researchers from Regulus Cyber hijacked a Tesla Model S and convinced the autopilot to drive off the road
⚫ University of Texas at Austin researchers redirected a yacht’s navigation system using spoofing
More Real World Examples
⚫ The Kremlin has allegedly used GPS spoofing to obscure Putin's location.
⚫ GPS Joystick is an Android app that allows players to spoof their location in Pokemon Go
How It Works – Hardware Spoofing
⚫ Nearby radio antenna overpowers satellite signal
⚫ GPS chips usually use most powerful signal
⚫ Need to be physically nearby GPS antenna
How It Works – Software Spoofing
⚫ Requires a developer setting on Android
⚫ Uses Android's Mock Location API
⚫ Provide values including latitude, longitude, altitude, and speed
Sample Code - Permissions
⚫ Based on https://github.com/warren-bank/Android-Mock-Location
Sample Code – Setting a Location
Sample Code – Running the code
Questions ?
References
⚫ Andrew Couts. (2013). "Want to see this $80 million super yacht sink? With GPS spoofing, now you can!". Digital Trends. https://www.digitaltrends.com/mobile/gps-spoofing/
⚫ Bank, W. Android Mock Location Github, https://github.com/warren-bank/Android-Mock-Location
⚫ GPS JoyStick, https://play.google.com/store/apps/details?id=com.theappninjas.fakegpsjoystick&hl=en_US&gl=US
⚫ Harris, M. (2019). Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai. MIT Technology Review. https://www.technologyreview.com/2019/11/15/131940/ghost-ships-crop-circles-and-soft-gold-a-gps-mystery-in-shanghai/
⚫ Kerns, A. J., Shepard, D. P., Bhatti, J. A., & Humphreys, T. E. (2014). Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics, 31(4), 617-636.
⚫ Lied, H (2017). GPS freaking out? Maybe you’re too close to Putin. NrkBeta.
⚫ McAfee. (2020). What is GPS spoofing? McAfee Blogs. https://www.mcafee.com/blogs/consumer/what-is-gps-spoofing/
⚫ Milner, G. (2020). How Vulnerable Is G.P.S.? The New Yorker.
⚫ Nichols, S. (2018). Sad Nav: How a cheap GPS spoofer gizmo can tell drivers to get lost. The Register. https://www.theregister.com/2018/07/16/researchers_hack_gps/
⚫ Regulus Cyber. (2019). Tesla Model S and Model 3 Prove Vulnerable to GPS Spoofing Attacks as Autopilot Navigation Steers Car off Road, Research from Regulus Cyber Shows. PRNewswire. https://www.prnewswire.com/il/news-releases/tesla-model-s-and-model-3-prove-vulnerable-to-gps-spoofing-attacks-as-autopilot-navigation-steers-car-off-road-research-from-regulus-cyber-shows-300871146.html