Jay Taylor's notes

back to listing index

GPS Hacking, Part 1 | Hacker News

[web search]
Original source (news.ycombinator.com)
Tags: gps news.ycombinator.com
Clipped on: 2016-06-11

Image (Asset 1/2) alt= Hacker News new | threads | comments | show | ask | jobs | submit jaytaylor (1899) | logout
Image (Asset 2/2) alt=
GPS Hacking, Part 1 (wooyun.io)
96 points by cujanovic 109 days ago | past | web | 23 comments



It irks me that this person stole the comparison chart then had the gall to watermark it. Original here: http://www.taylorkillian.com/2013/08/sdr-showdown-hackrf-vs-... Flagged this because of that.

-----


Looking through the drops.wooyun.org website, it appears that every image posted is watermarked. It seems to be a blogging platform targeted towards hackers, with lots of authors represented. I imagine that the watermarking is an automated process applied to every image uploaded to the platform.

Of course, the author should have given attribution.

-----


This is a technical but pretty readable treatment of the same topic: https://www.blackhat.com/docs/eu-15/materials/eu-15-Kang-Is-...

-----


Very interesting stuff. BladeRF looks amazing; I might have to grab one to play around with. I might even have a look at the HDL code to see how they built it.

https://github.com/Nuand/bladeRF

-----


I was captivated until "2.1 Search for girls through Wechat People Nearby"

That just pushed the creepy a little too much.

-----


Honest question, I assume playing with this is completely illegal in the US?? I guess you can get in real trouble if you are catched faking GPS signals? Does anyone know what are the regulations for something like this?

-----


The FCC rules for Amateur radio which is defined in Part 97 clearly states that an amateur may not disrupt radio location services. The frequency for the GPS Signals, high UHF is not close to any privileges available, amateur operators included. In short, don't do this unless you're testing / putting out very low power. Better yet, get an RF enclosure.

Here is a graphic of the spectrum available in the US: https://www.ntia.doc.gov/files/ntia/publications/2003-alloch...

-----


Here is a much newer chart (Jan 2016): https://www.ntia.doc.gov/files/ntia/publications/january_201...

-----


Awesome. Thank you. I didn't realize they had a new version of the chart out now.

-----


Nice graph! Thanks!

-----


The FCC would have absolutely no problem at all throwing around at least 5-digit fines for doing these things.

Beyond that, though, GPS is still considered military technology. The state department could very well come after you for exporting military tech were you to even make a blog post about it while based-in or having any ties to the US. They really don't fuck around with this stuff.

I got to play with a real GPS simulator a few years back for a school project (visiting the local defense contractor to verify some equipment) the narrow part of which was testing an unlocked (height and velocity restrictions disabled) GPS receiver as it would work in LEO.

-----


You can get a Part 5 experimental license, although a likely condition of getting such a license would be taking steps to ensure that your work doesn't interfere with devices outside of a small designated test area. Alternatively, you can do all the GPS experimentation you want inside of a shielded chamber without asking permission from anyone.

-----


Yes, very illegal. Which makes me remember to ask: how did Todd Humphreys get permission to transmit a spoofed signal [1] in the middle of a thriving metropolis, within a couple of miles of an airport?

[1]http://alcalde.texasexes.org/2012/06/ut-demo-reveals-drones-...

-----


Definitely illegal.

-----


RF and all the hacking I see in this domain are nothing short of fascinating. I will never trust my GPS watch again!

Further, imagine all the havoc one of these systems could bring. You could basically forge every Strava segment in your area to be at the top of the leader board. Heck, you don't even have to be in the area. Go to a race and just slightly zap every device that runs/cycles by. These are just the "haha", non-life changing ideas. There are some really shitty ideas too...

Wow... hack all the things!

-----


Very interesting.

I wonder if it's possible to detect and protect against a spoofed GPS signal by cross-referencing with trusted/canonical online data (eg. NTP and almanac data from NASA)?

-----


Only against imperfect spoofing.

A GPS receiver in Los Angeles sees the same set of signals as a receiver in San Francisco - just the relative arrival times of the signals are different by, at most, a single-digit number of milliseconds.

So an attacker just needs to do a replay attack, and all the almanac stuff checks out fine because it's a perfect replica of the authentic signal.

-----


Most phones also have a GLONASS receiver, which is Russia's GNSS.

-----


Yes.

-----


Did someone use it with a self driving cars like Telsa ;)

-----


I'm pretty sure the self-driving system wouldn't rely on GPS much, especially considering how inaccurate GPS can be (and that's when you can actually get a signal).

-----


I believe there are two places where Tesla's system uses GPS.

One is to slow down for curves in the road. I'm not entirely sure why they don't just sense the curves with the camera, but there are reports of spurious slowing due to out of date maps, and I've seen it myself when the system thinks I'm taking an exit ramp that crosses over the highway and I'm actually driving under it. Not really a problem if this gets faked out.

The other some sort of input to the lane keeping system, perhaps to resolve ambiguity if the camera isn't quite sure where the lanes goes up ahead. The other sensors are by far more important in the calculation, so I don't think this would do much either.

Currently, there's no connection between the route in the navigation system and the autopilot system (e.g. it won't take exits for you if you're going that way) so you can't spoof it to make it go somewhere else. Pretty much the best you could do is confuse the driver with bad directions.

-----


-1 for disabling pinch zoom on mobile devices

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: