The Internet of Things (IoT) can be so magical. We can do everything from start our cars and brew our coffee, to find out the weather and figure out where we left/lost our iPhone. That last one, unfortunately, is one I’m all too familiar with.
But the IoT also has a sinister side. To network our appliances and services requires the transfer and potential exposure of personal information, especially through GPS signals.
- As cars move toward autonomy and greater connectectivity, they will rely more on GPS
- GPS signals can be hacked to create small annoyances all the way up to deadly results in autonomous cars
- Southwest Research Institute has developed new methods of testing for vulnerabilities in car systems
- As of right now, SwRI’s system is the only one with FCC approval
GPS Makes Automated Cars Vulnerable To Hackers
As cars progress towards full autonomy, they eliminate the human factor. More and more they rely on digitally transferred information to make decisions via GPS. If a bad actor gets control of that information, there could be tragic results.
Southwest Research Institute (SwRI) came up with a way to test for vulnerabilities in automated vehicles and other tech that utilizes GPS receivers for positioning, navigation and timing. Through the simulation of a spoofed or manipulated GPS signal in controlled conditions, automakers can see how automated vehicles will behave when hacked and build in pre-emptive safeguards.
Simulating A Hacking Event To Expose Vulnerabilities
The Global Positioning System (GPS) is a satellite-based navigation system made up of at least 24 satellites that communicate with GPS enabled devices, such as your car and smartphone. Spoofing is a malicious attack where an incorrect signal is broadcast to GPS receivers, while GPS manipulation involves taking an existing signal and modifying it. Both can lead to dangerous consequences. For example, Southwest Research engineers demonstrated on a test track that by hacking into a car’s GPS system, they could alter the vehicle’s course by almost 33 feet, steering it off the road. They could also force the car to turn early or late.
What makes SwRI’s system so valuable is, well, it’s legal. Federal regulations prohibits over-the-air re-transmission of GPS signals without prior authorization. SwRI’s spoofing test system places a physical component on or in line with a vehicle’s GPS antenna and a ground station that remotely controls the GPS signal. By using this testing method, nobody will come afoul of the FCC’s retransmission law. And, when fighting the battle against cybercriminals, we need as many protective measures and tools we can get.