What's particularly interesting isn't that they've spoofed a signal, but that they've demonstrated nontrivial software vulnerabilities that can be triggered by the spoofed signal.<p>For example, the GPS system transmits the date as a number of weeks since a reference epoch, modulo 1024 [1]. This space saving made sense when they designed the protocol; GPS uses a 50-bits-per-second data link so every bit counts. The last rollover to week zero happened in 1999, the next one will be in 2018. Not so rare that you can ignore it, but not so frequent that code gets battle-tested.<p>What some receivers do is store a 'last week number seen' and a 'number of rollovers' in nonvolatile memory, and any time they see the week number lower than the last one seen, they increment the number of rollovers. So even if the GPS is kept powered off and its internal clock battery dies, as long as it gets a signal once every 512 weeks (~10 years) it can pick up the right time.<p>One of the interesting things they demonstrate is that you can spoof a signal which fakes the week-number-decrement and this increments the number of rollovers counter - and not all receivers have any ability to correct for that.<p>Another example: The slow GPS data link is used to tell receivers where in space the satellites are - which it needs to know to calculate the receiver's position, and to get a head start finding other satellites by knowing roughly where to look for them. Because the GPS data link is so slow, it can take 30 to 60 seconds for a receiver to get this data as it's a whole 1.5 kilobytes [2]. Receivers often cache some of this data in nonvolatile memory so they can perform a 'warm start' where they don't have to wait for all the data to download. But if you receive spoofed data that triggers a software bug (like a divide by zero error) and you store that in your nonvolatile memory, the receiver loads the data, crashes, reboots, loads the data again and the same thing happens.<p>This is interesting stuff - most work on GPS spoofing and jamming in the past has focused on things like replaying signals to send vehicles off course rather than triggering crash bugs in receiver firmware. The current civilian GPS signal has no anti-spoofing element to it, so there isn't an easy solution to this.<p>[1] <a href="http://www.colorado.edu/geography/gcraft/notes/gps/gpseow.htm" rel="nofollow">http://www.colorado.edu/geography/gcraft/notes/gps/gpseow.ht...</a>
[2] <a href="http://en.wikipedia.org/wiki/GPS_signals#Navigation_message" rel="nofollow">http://en.wikipedia.org/wiki/GPS_signals#Navigation_message</a>
Also here: <a href="http://news.ycombinator.com/item?id=4896452" rel="nofollow">http://news.ycombinator.com/item?id=4896452</a><p>and here: <a href="http://news.ycombinator.com/item?id=4897294" rel="nofollow">http://news.ycombinator.com/item?id=4897294</a><p>and here: <a href="http://news.ycombinator.com/item?id=4898843" rel="nofollow">http://news.ycombinator.com/item?id=4898843</a><p>and here: <a href="http://news.ycombinator.com/item?id=4903566" rel="nofollow">http://news.ycombinator.com/item?id=4903566</a><p>None have any discussion, but they are different reports with different levels of detail.
Isn't GPS supposed to be a military technology? Maybe there's something they're not telling us about how they really use GPS. However, I'm not reassured by the wartime durability of any tech that must be protected from all interference while at peace. Not that we actually have any real enemies anymore (rustic Muslim goat-and-flammable-underwear aficionados are more dangerous than the Axis powers were, really?), but if we did why would they obey the FCC?
Surprise, you can transmit a signal similar to that of a radio transmitter by also being a radio transmitter. Just wait to be tracked down extremely promptly by the FCC, or almost worse, a roving band of Amateur Radio engineers with a van full of direction-finding antennas and a high level of passion for enforcement who will come nail you to a tree for firing this thing up.
Affected manufacturers listed in the first link, not present in the above link:<p>"Attacks were conducted against seven receiver brands including Magellan, Garmin, GlobalSat, uBlox, LOCOSYS and iFly 700."