Security and Privacy issues with GPS Tracking /Navigation

14 12 2011

Although GPS consumer products have many advantages like allowing users to update their maps with the current road information, but there are some security concerns associated with GPS as well. Hacking a GPS device is commonly referred to as “spoofing”.

“In spoofing, a spoofer creates a false GPS signal, sending an incorrect time and location to a certain receiver.”[1]In this case, the target does not know that the signal is a false one. For a normal GPS user, being a couple of microseconds off the real time is not a big deal but few microseconds off could cause power generators to explode as some power generators uses GPS signals to sync electrical grids to power stations. GPS is also used in various other places like – To help avoid plane collisions, air traffic controllers use GPS. Financial transactions time-stamping in banks is done using GPS. To monitor criminal’s activities, GPS receivers are used by police[2].

Stingrays is the technology used by police to track people’s location. This technology works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It sends a signal to the phone and locate it as long as it is powered on.[3] This device is used by police to locate suspects and also by rescue teams to find people lost in remote areas or buried in rubble after accident.

So, the ill effects of spoofing can be falsifying the geographical location of criminals or falsifying the location of lost people in remote areas to protect criminals or various other reasons. The extent of spoofing can be as worst as plane crashes and generators exploding.  But, it is difficult to build a spoofer as cost of creating a spoofer is as high as $1million[4] and it takes as less as around a week to build a spoofer. Military GPS systems are difficult to be spoofed as they use encryption technology which is not used by normal GPS systems[5].

To prevent these spoofing attacks and to protect GPS systems, manufacturers of GPS systems should consider encryption technologies or other technologies to make GPS systems safer and better. GPS technology makes the world more vulnerable to these attacks, but another technology like encryption can help prevent these spoofing attacks on GPS systems.