How to spoof someone’s GPS navigation to send them the wrong way

Researchers have for the first time demonstrated that it’s possible to spoof turn-by-turn GPS road navigation to send users to specific wrong locations.

Although generalised spoofing attacks on GPS are well-understood – using false signals to confuse targets or send them off course in places such as the high seas – precisely controlling where they go in complex environments such as cities has until now been considered extremely difficult.

For road navigation, for example, it’s easy to tell someone’s GPS to turn left but if there’s no turning at that location they’ll realise something is wrong and quickly start ignoring the instructions.

The ultimate goal of an attacker would be to model the road system in real time, redirecting targets stealthily without them realising that it is happening.

According to All Your GPS Are Belong To Us, published by researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft, this kind of sophisticated spoofing attack is now within reach.

All the attackers would need is a GPS spoofer built around a Raspberry Pi and other components costing $223 (£170) allied to an algorithm capable of generating spoofed alternative routes to send to the receiver (a smartphone SatNav app, say) in real time.

There is one limitation with this kind of attack – the spoofing device would either need to be controlled from another vehicle within 40-50 metres of the target or attached to it with instructions sent remotely.

However, that being overcome, carefully-conducted tests in simulated and real-world conditions found that the attack design worked well enough to send 38 out of 40 targets to locations of the researchers’ choosing.

Start typing and press Enter to search