Presented at
VB2016,
Oct. 7, 2016, 2:30 p.m.
(30 minutes).
Lately, we've seen an increasing number of reports of successful attacks against the Global Positioning System (GPS). The technology behind these attacks is not new. The theory of such attacks and the methods of implementation have been discussed and reported in a number of scientific papers. Often, such attacks require expensive equipment and as a result have been out of the common hackerspace realm. Only lately, with the advent of Software Defined Radio (SDR) technologies and the openness of the underlying GPS standard, as well as the accessibility of related software tools, have attacks become attainable by a wide range of malicious actors.
Analysis of such attacks by hardware and software security researchers is often complicated by a lack of instrumentation and applicable methodologies. Being aware of such attacks, methods of analysis and possible countermeasures become especially important with the increasing reliance on GPS by self-driven vehicles and unmanned aerial systems.
This paper attempts to describe and categorize the GPS attack methods that can be achieved with a limited budget and with a high rate of repeatability, making them lucrative to a wide spectrum of malicious actors. The studied types of attacks include delayed retransmissions, record and playback, and direct signal synthesis. A budgeted toolset for further analysis of such attacks by security specialists is also suggested. During the presentation a number of countermeasures against GPS spoofing will be proposed and demonstrated.
Read VB's [recent interview](/blog/2016/september/turns-out-gps-technology-more-vulnerable-cyberattack-ever-security-expert-demonstrates/ "GPS technology is more at risk from cyber attack than ever before, security expert demonstrates at VB2016") with Oleg, in which we asked him about GPS, the conference, and about his ultimate dinner party.
Presenters:
-
Oleg Petrovsky
- HP
Oleg Petrovsky Oleg Petrovsky currently works as a senior AV researcher at HPE Security research, where he is involved in the analysis and mitigation of newly discovered malware trends. His work covers automated malware analysis, data clustering, visualization and security of embedded systems. Oleg holds Master of Engineering degree in industrial electronics from Odessa State Polytechnic University. He started his AV career in 1995, first working for CYBEC, supporting the VET antivirus product. In 1999 he joined Computer Associates, and in 2007 began working as a senior AV researcher for Microsoft Malware Protection Center. In March 2014, he joined HP Security research. Throughout his career Oleg has concentrated on analysis of and protection against malware, developing AV tools and conducting research on emerging malware trends. Oleg has authored patent applications, publications for Virus Bulletin, malware research blogs, malware descriptions, and presented at a number of security conferences. His interests include reverse engineering, advanced persistent threats analysis, embedded systems design, Unmanned Aerial Vehicles (UAV) and industrial controllers' firmware security. When he is not busy with work he can be found playing the guitar or hanging from a bouldering wall at a local climbing gym.
Links:
Similar Presentations: