Driving GPS manipulation.
Dave Bittner: [00:00:03] Hello everyone, and welcome to the CyberWire's Research Saturday presented by the Hewlett Foundation's Cyber Initiative. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down threats and vulnerabilities, and solving some of the hard problems of protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.
Dave Bittner: [00:00:26] And now a moment to tell you about our sponsor, the Hewlett Foundation's Cyber Initiative. While government and industry focus on the latest cyber threats, we still need more institutions and individuals who take a longer view. They're the people who are helping to create the norms and policies that will keep us all safe in cyberspace. The Cyber Initiative supports a cyber policy field that offers thoughtful solutions to complex challenges for the benefit of societies around the world. Learn more at hewlett.org/cyber.
Dave Bittner: [00:01:02] And thanks also to our sponsor, Enveil, whose revolutionary ZeroReveal solution closes the last gap in data security: protecting data in use. It's the industry's first and only scalable commercial solution enabling data to remain encrypted throughout the entire processing lifecycle. Imagine being able to analyze, search, and perform calculations on sensitive data - all without ever decrypting anything. All without the risks of theft or inadvertent exposure. What was once only theoretical is now possible with Enveil. Learn more at enveil.com.
Gang Wang: [00:01:42] So as you might know GPS is one of the most important global positioning systems we're using today.
Dave Bittner: [00:01:49] That's Gang Wang. He's an assistant professor of computer science at Virginia Tech. The research we're discussing today is titled "All Your GPS Are Belong to Us: Towards Stealthy Manipulation of Road Navigation Systems."
Gang Wang: [00:02:03] There are over a billion GPS devices that depend on the GPS signals to locate themselves at different places all over the planet. So, for example, when you want to travel to a new city and want to go certain places, what you really do is to open your smartphone and set the destination, and then there comes a navigation route. So the GPS helps the navigation system to keep track of where you are and it tries to navigate step-by-step to your final destination.
Gang Wang: [00:02:39] So there are over millions of users who are using GPS every day. So that's why we started to look at, hey, how is it possible - whether it is possible - to launch attacks against our GPS and manipulate our road navigation system, and how can we prevent this type of attacks from happening in practice?
Dave Bittner: [00:02:59] So let's go through some of the basics here. Can you describe to us - how does the GPS system work?
Gang Wang: [00:03:06] At a very high level - so GPS depends on the satellites that are running around our planet. So a GPS device, for example, your smartphone, receives the GPS from multiple satellites, and calibrates the GPS signal reading so that it can uniquely position yourself to a coordinate on this kind of location system. So you know where you are and it's based on the GPS coordinates.
Dave Bittner: [00:03:32] So you're receiving multiple signals and it kind of triangulates your position based on the timing of those signals - is that a simplified way to view it?
Gang Wang: [00:03:40] Yeah, that's correct.
Dave Bittner: [00:03:41] And there are two flavors of GPS, I suppose. There's the consumer version and the military version, and one of them is encrypted, right?
Gang Wang: [00:03:50] That's correct. GPS has a civilian GPS, which is mostly the GPS devices we're using today, and there is a military version. The military version, as you might expect, has a much higher level of security. They have encryption, the authenticated sources. But for most of the civilian GPS we're using, it is completely unencrypted. And it has the lack of authentication mechanisms, which makes it vulnerable to spoofing.
Gang Wang: [00:04:18] One additional note is that civilian GPS is not just used by consumers like you and me, but is actually used by most of the infrastructures, like power grids. So they don't have the privilege to use the military version. They still have to use the civilian version of the GPS.
Dave Bittner: [00:04:36] Hmm. Now, GPS spoofing attacks have happened prior to your research. Can you describe to us - what have other people done there?
Gang Wang: [00:04:46] That's true. Right? So a GPS signal - especially the civilian GPS signal - can be manipulated because there's a lack of authentication and there's a lack of encryption. Previously, researchers have tried to spoof devices or GPS devices in the free space. So, for example, one researcher tried to spoof a GPS device on the boat, on the ship, and it tried to steer the navigation of the yacht. And then there's other researchers tried to spoof GPS on the drones - tried to change it's kind of flying route in the air.
Gang Wang: [00:05:22] So, the big difference between spoofing in the free space and spoofing on the road navigation system is that, on the road, we have much more constraints. So there are certain things you cannot do. For example, if you just spoof a GPS randomly, you can easily create a route that instructs the car to turn right where there's no right turn at that moment. So, you can easily create physically impossible routes, which is not a problem in a free space.
Dave Bittner: [00:05:54] Right. So, if you're out on the ocean or in the sky, there's no points of reference to indicate that maybe you're - that something's wrong with the directions that you're getting, and you can turn anywhere.
Gang Wang: [00:06:04] That's correct.
Dave Bittner: [00:06:05] Right. All right, so let's dig in here. What were you setting out to do here with the research? Walk us through it. It's pretty complicated and clever stuff.
Gang Wang: [00:06:15] So, in order to understand how feasible it is to manipulate a road navigation system, we actually take multiple steps to understand the problem basically step-by-step. In the beginning, so, we came up with this idea of, how can we manipulate the navigation without even alerting users?
Gang Wang: [00:06:37] I can give a very quick example here. So, if you wanted to randomly spoof a GPS location, and by setting the current device's location into a random place, that causes problems because, as I said, this can easily create a route that does not match what a user sees. So, for example, when the users in the car are looking at a completely straight road, and the fake route you created using the spoofing techniques might have a right turn right in front of her. And if that right turn instructions are triggered, then the user would get immediately alerted. They say, hey, what I see is not the same with what is illustrated on the map, there must be something going wrong.
Gang Wang: [00:07:22] So, instead, we designed a searching algorithm to search the map overlay, or map network, and try to find a fake route that matches with what a user sees in the physical world. So, for example, the end result is that, even when a user is driving on the Main Street, he thought he was drawing on the Fifth Avenue, because when there's an instruction to ask him to turn right, there's exactly a right turn waiting there on the Main Street. So that's sort of the high-level idea of it.
Dave Bittner: [00:07:55] So one of the things that it's relying on is the fact that someone would likely not be very familiar with the area in which they're driving, so they might not be cross-checking street names and things like that.
Gang Wang: [00:08:08] That's correct. So the searching algorithm will be able to find a road that matches the shape of the fake road which means the right turn matches right turn, and there is a highway and hopefully there is another highway we can match against it. But there are certain things that we cannot match. For example, if the real road has a gas station nearby, but on the map, the alternative fake route does not have a gas station, that could be a potential signal to give this attack away. So users might be able to see it.
Gang Wang: [00:08:41] So the reason why, based on our testing, it shows that users are not easy to detect this, is exactly because of what you said. When people are driving using GPS, they are typically driving in unfamiliar areas. So, for example, if you commute from home to work, it's actually pretty common for you to ignore the GPS and just choose the route you're already familiar with. However, if you travel in a new city that you had never been before, and you actually heavily rely on the GPS navigation to navigate to your destination. Again, because you are not familiar with the area, you rely on GPS.
Gang Wang: [00:09:20] So, at that moment, rarely can a user have enough attention span to cross-check or whatever on the road and the map. So, because everything happens in real time, you have to watch out for traffic, and usually the only thing you can focus on is whether the GPS should tell you to turn right or not. And because of that, it's actually hard to spot while in practical scenarios.
Dave Bittner: [00:09:45] Yeah, and I suppose this is something that people aren't really primed to look out for. I think, in general, we trust that GPS is going to be reliable.
Gang Wang: [00:09:54] That's correct. If there's some familiarity on the road and you could spend actual time to track whether the roadside matches what is shown on the map, actually this risk could be significantly reduced.
Dave Bittner: [00:10:10] Now, take us through - what exactly did you do in the physical real world to be able to spoof the GPS signal?
Gang Wang: [00:10:17] So, this is actually one of the fun parts of this project. You know, although we sort of described how the algorithm works, so everything is still in the simulation stage. So my collaborators and I think about taking this to the next level. So we try to understand whether this is actually physically possible.
Gang Wang: [00:10:37] So the way we do it is to - we built a very low-cost, portable spoofer. So the spoofer - it actually, in total, just cost $200ish. And it included a software-defined radio, which is the main device to generate the fake GPS signal, and we have a Raspberry Pi, which is kind of - you can think of that as a mini computer that we can program and we can remote control through the cellular network. And then there's a portable power, which is really small, can hold the portable device for several hours or even days. And then there's an antenna to try to control the power of the signal based on our need.
Gang Wang: [00:11:20] So in total, all those kind of devices put together cost exactly two hundred and twenty-three dollars. Everything is widely available online and nothing's restricted, and all the software and hardware is actually all open-source projects. So this basically means anyone can build a spoofer like this.
Dave Bittner: [00:11:40] And it's small too. This is the kind of thing, theoretically, I mean, you could see someone be able to, you know, in a James Bond kind of way, stick this to the inside wheel well of a car or something like that.
Gang Wang: [00:11:52] Yeah, so we actually tried to use some kind of standard object to illustrate how big it is. So what we did is we put a pen beside it, and actually it looks exactly like the size of a pen. Of course this is square-shaped, so this is something you can really put in your pocket if you want.
Dave Bittner: [00:12:13] Yeah. So take us through, I mean, you successfully take over the GPS signal, you convince the GPS receiver that you are the satellite constellation. Then what happens?
Gang Wang: [00:12:25] So, before I talk about that part, I want to say that it actually takes us quite some effort to receive the approval to do these type of experiments. Actually, in the US, there's very strict restrictions from performing any kind of spoofing experiments in the outdoor space. So we actually have to rely on some of the collaborators outside of US to perform the actual experiments.
Gang Wang: [00:12:48] So, once we start the spoofer, and the spoofer can slightly increase the signal strength, so that from the GPS device's point of view there is multiple sources and there's one source that has slightly different power, and their default setting is basically fall back to some higher-powered devices. So once our devices take over the lock of the targeted GPS device, now we actually can set arbitrary GPS locations for that device. For example, we want the targeted smartphone to be set on Times Square. We can do that by changing the parameters in our spoofer so that the signal will tell the GPS device that, hey, you are in Times Square.
Gang Wang: [00:13:36] So then, once we can control their GPS signals, and the next thing is basically carefully tuning the algorithm to generate the fake GPS signal so that we can trigger the navigation system to generate a fake route. And what happened is that the driver, potentially, would follow the step-by-step navigation triggered by the fake GPS signal, and all the way driving to the wrong destination compared to his original one. So as an attacker, you might also set up a predefined location to say, hey, I want this driver to drive to that particular location, and this is highly feasible given our experimental result.
Dave Bittner: [00:14:22] Now, do you need to know their originally-intended destination in order for this to work? Is that - or does that just make it easier, or is it harder if you don't have that?
Gang Wang: [00:14:33] So, if you know the exact location that the targeted driver wanted to drive to, that will make the attack much easier. To be more precise, it is easier for us to carefully control the GPS signal so that there's a precise turn-by-turn navigation triggered at the right time. So, if you don't know the exact location, there is actually a trade-off here. So, for example, if you know some rough destination or rough track point that this victim will bypass for sure, you can still run this algorithm, but the trade-off is that the algorithm will be effective, you know, before this victim arrived at a checkmark, or the rough location that you thought. If after that victim bypassed that checkmark, you can no longer run that algorithm anymore.
Dave Bittner: [00:15:22] Now, does your system keep track of its own location? How does it know how it's doing along the way, and is it able to adjust? If the driver makes a wrong turn, for example, or passes a turn, would the system be able to adapt to that?
Gang Wang: [00:15:39] Oh, that's a very good question. So, suppose the driver failed to follow one instruction through this attack. So, because the attacking algorithm is run in real time, the algorithm will be able to adjust, to on the fly generate a new alternative route so that we can adjust the GPS movement signals accordingly. This is actually very expected behavior, because even when there's no attack, we miss entrances for highways or we miss the right turn all the time.
Gang Wang: [00:16:12] On the other hand, the second question you mention is very interesting. So you were saying that, how do you keep track of your own location. So, as a spoofer, because there's a fake signal was generated by the spoofer, the spoofer actually can tell which signal is correct and which signal is incorrect. So, there is always the mechanism that allows the spoofer to lock on the correct GPS signal without being interfered by the signal they generated.
Dave Bittner: [00:16:43] And so, is the spoofer generating its signals based on the actual GPS signals?
Gang Wang: [00:16:50] That's correct. You have to be able to know where the targeted driver is, and also where you are, so that you can generate the fake GPS signal accordingly. So because, you know, you can imagine the attacking scenario could be - we just stick the spoofer on the bottom of the victim's car, and then we remote control it. So at that point, the spoofer's GPS location is actually the real location of the car.
Dave Bittner: [00:17:17] Now, you also did some simulation experiments to see how susceptible people would be to this. Tell us - how did you do that and what did you learn?
Gang Wang: [00:17:28] So this is actually part of the fun study. So, because previously we talked about a simulation of real-world measurements, but none of them have real people and real users involved. And part of the attack we designed is to see whether human users or human drivers can detect the discrepancies between the real road and the fake road illustrated on the map. So we actually ended up doing a user study.
Gang Wang: [00:17:54] So we recruited forty people in a lab. Now, in order to do this type of user study, there's a very kind of tricky setup. You cannot tell that, hey, we wanted to do an attack on you and see whether you can detect it, because people would basically detect it. So we have to do is to apply some deception in the beginning. This is actually very standard approach for most of the psychology experiments and user studies.
Gang Wang: [00:18:21] So the reason is that you want to make sure that users are not prepared for what is happening, and then you can capture their real reactions. So what we did is we framed the user study as a usability study. So we said, hey, we built a driving simulator and we want to invite you to come here to assess how realistic this simulator is.
Gang Wang: [00:18:46] So the setup is like this. So we set up a big screen to simulate what people see on the road and we modified a driving simulator engine which is supposed to train how people drive and how people drive trucks, actually. And then we designed this driving game where the participant is supposed to deliver a package from location A to location B. Then we allowed them to drive to finish the task. What we didn't tell the user is that, during this experiment, we actually simulate the spoofing attack by changing the software settings without notifying them.
Gang Wang: [00:19:27] So the actual experiment is what it's like when this attack happens on this kind of driving simulation game, and we tell how well they can actually recognize the attack. The result is actually surprisingly good. So 95 percent of the participants did not spot the attack through multiple driving sessions. So I would consider this attack is stealthy enough for people to recognize effectively.
Gang Wang: [00:19:55] So, interestingly, the two people who actually recognized attack tells us how they did it. One user said, hey, I actually recognize there are some discrepancies between the road he actually looked at and also the road on the map, because he thinks he's driving on the highway, but in fact everything looks like a local way on his front view. So that's how he tells, oh, there must be something wrong with it. Then he stopped the car and asked us, what's going on? Does this software have some bugs? I think that's when we stopped the experiment and explained everything.
Gang Wang: [00:20:32] So, after all the experiments, we actually performed some user survey interviews. But most importantly we tell the participants everything about this experiment. Since you've already captured their reactions and whether they detected the attack. So this is a part of the user consent process, so users are allowed to withdraw their data if they think they don't want to put the data in this study. So, luckily, none of the users actually withdrew their data. They were surprisingly happy to learn this GPS spoofing attack and how it happens.
Dave Bittner: [00:21:09] Now, in the real world, how practical do you think something like this would be? Do you think we might see people actually utilizing something like this?
Gang Wang: [00:21:18] It is actually hard to say. I think spoofing a GPS signal, spoofing a GPS device, is considered as a crime. So it depends on whether the attacker wanted to take the risks to pull off the attack, and what the attack purpose is. I can imagine that for most of the attackers who don't want to take this risk, they'll probably hold back. But when the incentive is high enough, it is really hard to predict.
Gang Wang: [00:21:46] So, for example, right now, GPS devices are integrated with many autonomous systems, including self-driving cars. And some of the cars are really, really expensive. So what if there's an attacker who wants to steal their car by automatically navigating the car to a location that the attacker predefined and wanted to steal that car or hijack the car. That's a possibility.
Gang Wang: [00:22:10] So, for example, there are very expensive drones. What if there are dedicated attackers and tried to steer their drone out of the safe area and, again, tried to steal their drone. So, so far most of the experiments done are within the civilian applications. I think there's more severe implications of this type of attack in other more critical domains, like, you know, power grid and other critical infrastructures, or even in military. But so far we don't have access to any of those, so it is hard for me to give any comments on that.
Dave Bittner: [00:22:45] Yeah. Are there possibilities of systems that depend on GPS to kind of cross-check to make sure that what they're reading is correct? I know, for example, the Russians have their own version of GPS. Could a system possibly check in and make sure that both systems align and look for some sort of consensus?
Gang Wang: [00:23:07] That's exactly right. So there is dedicated GPS hardware, or chips, that already integrated some of the cross-checking mechanisms. For example, as you said, there are just more than one GPS satellites. Actually, multiple countries launched their GPS satellites for many, many years. One possible solution, or one feasible solution, is to cross-check the multiple GPS sources to make sure they're reading as correct.
Gang Wang: [00:23:35] The trade-off here is that it does require special hardware and more expensive hardware. So, for example, if you build a self-driving car and you wanted to be extra careful, then you should definitely just use the dedicated new chips that have this kind of anti-spoofing mechanisms. But, you know, as I said in the very beginning, there are already billions of GPS devices out there running on the non-secure mechanisms, and it's hard to replace all of them at once. It's extremely high-cost.
Gang Wang: [00:24:09] Now, back to this cross-checking idea. Even if you cross-check multiple signals, that does not mean that it is completely secure, for very obvious reasons. So, if the attacker is able to build multiple radios and synchronize to those different radios at the same time, there is a possibility to generate multiple GPS signals that try to mimic each individual GPS information sources. So at that time, it's again become a very hard problem to tell which is real and which is fake. So, fundamentally, the solution is limited because the GPS signal has no authentication mechanism and it's hard to tell the real ones with the fake ones.
Dave Bittner: [00:24:56] Now, suppose that someone had access to the military version of this. Would that be immune to this sort of attack?
Gang Wang: [00:25:04] I would think so. In the ideal world, I would say if we can change the civilian GPS completely to the encrypted and authenticated version, I think the problem will go away. So there has been a lot of discussions over the last ten years, twenty years, to talk about the possibility of upgrading our GPS. But unfortunately, it's feasible in theory, but really hard to pull it off in practice, due to the extremely high cost to replace all the software and hardware on your GPS receivers that is running every day.
Dave Bittner: [00:25:40] Yeah, so it would be a - I guess a slow turnover as the new devices came online and the old ones were retired.
Gang Wang: [00:25:47] That's the hope. But it's probably going to take many, many years.
Dave Bittner: [00:25:51] Yeah.
Gang Wang: [00:25:52] So one additional comment I have is that, right now, my colleagues and I, and our students, are trying to develop some low-cost defense mechanism that hopefully does not require additional hardware, and hopefully only software-level manipulation sort of improvement to achieve a similar level of defense. This is ongoing work. I don't have a clear answer of which one works or which one doesn't work. But hopefully we have some new results to share with you in the near future.
Dave Bittner: [00:26:28] Our thanks to Virginia Tech's Gang Wang for once again joining us. The research is titled "All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems." We'll have a link in the show notes.
Dave Bittner: [00:26:44] Thanks to the Hewlett Foundation's Cyber Initiative for sponsoring our show. You can learn more about them at hewlett.org/cyber.
Dave Bittner: [00:26:52] And thanks to Enveil for their sponsorship. You can find out how they're closing the last gap in data security at enveil.com.
Dave Bittner: [00:27:01] The CyberWire's Research Saturday is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. The coordinating producer is Jennifer Eiben. Editor is John Petrik. Technical editor is Chris Russell. Executive editor is Peter Kilpe. And I'm Dave Bittner. Thanks for listening.