What's particularly interesting isn't that they've spoofed a signal, but that they've demonstrated nontrivial software vulnerabilities that can be triggered by the spoofed signal.<p>For example, the GPS system transmits the date as a number of weeks since a reference epoch, modulo 1024 [1]. This space saving made sense when they designed the protocol; GPS uses a 50-bits-per-second data link so every bit counts. The last rollover to week zero happened in 1999, the next one will be in 2018. Not so rare that you can ignore it, but not so frequent that code gets battle-tested.<p>What some receivers do is store a 'last week number seen' and a 'number of rollovers' in nonvolatile memory, and any time they see the week number lower than the last one seen, they increment the number of rollovers. So even if the GPS is kept powered off and its internal clock battery dies, as long as it gets a signal once every 512 weeks (~10 years) it can pick up the right time.<p>One of the interesting things they demonstrate is that you can spoof a signal which fakes the week-number-decrement and this increments the number of rollovers counter - and not all receivers have any ability to correct for that.<p>Another example: The slow GPS data link is used to tell receivers where in space the satellites are - which it needs to know to calculate the receiver's position, and to get a head start finding other satellites by knowing roughly where to look for them. Because the GPS data link is so slow, it can take 30 to 60 seconds for a receiver to get this data as it's a whole 1.5 kilobytes [2]. Receivers often cache some of this data in nonvolatile memory so they can perform a 'warm start' where they don't have to wait for all the data to download. But if you receive spoofed data that triggers a software bug (like a divide by zero error) and you store that in your nonvolatile memory, the receiver loads the data, crashes, reboots, loads the data again and the same thing happens.<p>This is interesting stuff - most work on GPS spoofing and jamming in the past has focused on things like replaying signals to send vehicles off course rather than triggering crash bugs in receiver firmware. The current civilian GPS signal has no anti-spoofing element to it, so there isn't an easy solution to this.<p>[1] <a href="http://www.colorado.edu/geography/gcraft/notes/gps/gpseow.htm" rel="nofollow">http://www.colorado.edu/geography/gcraft/notes/gps/gpseow.ht...</a>
[2] <a href="http://en.wikipedia.org/wiki/GPS_signals#Navigation_message" rel="nofollow">http://en.wikipedia.org/wiki/GPS_signals#Navigation_message</a>