web-promo-geneva-motor-show-2019.jpg

GPS Spoofing Mystery Affirms Need for Protection

The spoofing of GPS systems at the Geneva Motor Show gave us an unfortunate example of how vulnerable vehicles are to “spoofery.”

How important is it to provide true sensor security in automobiles, enabling uninterrupted, continuous operation under malicious attacks or accidental interference? 

It just so happened that somebody managed to anger a number of automakers participating in the recent Geneva Motor Show. It’s still an unsolved mystery as to who or why, but the location systems of some cars at the show apparently were spoofed. Spoofing is a smart attack on the sensor’s receivers, allowing an attacker to pose as a legitimate signal, enabling them to manipulate and deceive the target. 

In this case, the car’s locations, collectively, were being shown as Buckingham, England, and the year showing was 2036. The GPS locations could not be manually reset or overwritten. And because the signal wasn’t “permanent, “officials were unable to triangulate the offending signal’s location. 

It was an embarrassing situation for the auto show, for sure. And certainly not a welcome development for the future possibilities of autonomous vehicles, which are naturally vulnerable to spoofing. Sensors are critical components across a wide range of applications and industries, while attacks against them are a growing concern across multiple industries.

Global Navigation Satellite Systems (GNSS) are a critical operational component for the autonomous vehicle industry. GNSS is being used prominently today for advanced driver assistance systems (ADAS) and in the future will be become the basis for driverless technology to navigate the roads and react to changing environments. The various ways GNSS can be protected against the practice of “spoofing” or hacking an autonomous vehicle’s location need to be examined closely. We need to guard against the various threat scenarios on the low signal strength of GNSS reception resulting in multiple vulnerabilities of signal jamming and spoofing of location, clock and PNT.  

Any vehicle guided by a GNSS system can be spoofed using open source software and a software defined radio (SDR) legally purchased online for under $300. A spoofery can generate and transmit fake GNSS signals that can be used by the vehicle’s navigation system to calculate a false destination, directing the vehicle to an entirely different location, a potentially life-threatening hazard.

Certainly, a lot of work is taking place to explore and perfect the security requirements for safe satellite-based navigation for driverless technology. Best practices should be implemented for systems that currently exist – cyber defense for sensors, anti-interference, anti-jamming, anti-spoofing systems. There are engineered, end-to-end solutions based on military expertise that are showing promise in ensuring safety and operational robustness of autonomous vehicles. 

But as fast as we can perfect cyber defense for sensors, newer technological developments will create new threats. The rapid growth of real-world attacks happening across multiple sectors will always be highlighted and are expected to further grow as GNSS-dependent systems become more connected and autonomous. Location systems are a major component of automobiles now. But as the autonomous car industry comes to market, the GPS security of autonomous vehicles is a definitive concern for automakers and suppliers.  

The spoofing of GPS systems at the Geneva Motor Show gave us an unfortunate example of how easy it is for automobiles to be spoofed. Finding the actual “spoofery” is almost an impossible mission and one that needs to be prevented for the safety and future of the auto industry.

Roi Mitt.pngRoi Mit is the Chief Marketing Officer at Regulus Cyber, which focuses on cyber defense for sensors from GNSS to LiDAR and Radar. Sensors are key components of vehicles on the ground, in the air and at sea, and Regulus provides cutting-edge technology to protect these sensors that are present in critical infrastructure across all industries and applications.

TAGS: Technology
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish