If you’re like most people, you probably rely heavily on the GPS function of your phone. Type in an address and your phone helpfully guides you, turn by turn, to your destination. It’s one of the most often utilized features of a smartphone, and of course, the hackers are very interested in interfering with it.
Until now though, hackers have been unable to fool humans into driving to the wrong destination by hacking their GPS, because their instructions often make no sense given the prevailing terrain features the humans are seeing on the road. For instance, nobody is going to turn left into a Jiffy Lube parking lot or a corn field just because GPS says to (unless your destination was Jiffy Lube, of course).
That’s changing, thanks to researchers from Virginia Tech and the University of Electronic Science and Technology of China.
The team has devised a way to hack into a GPS system and spoof the results well enough to fool humans, giving bogus driving directions that seem to make sense given local conditions, and as such, don’t raise red flags.
Accomplishing the task was no small feat, involving the creation of an algorithm that works in something close to real time. This along with a portable device for spoofing GPS that can be attached to the car of your target or placed in a trailing car. Its effective range is about fifty meters.
Once the equipment is in place, the algorithm crafts GPS inputs that follow the real world road network, allaying suspicion in 95 percent of the team’s test cases, while still ultimately sending the target to the wrong destination.
There are any number of ways this exotic type of attack could be used, but the two primary use cases would be to intentionally steer the target into hazardous road conditions, or to lure them to an isolated area where a physical attack could be carried out.
Unfortunately, in the months and years ahead, we can probably count on seeing both.