Cyberattacks that draw a lot of attention typically involve systems containing personal data, such as social security numbers, says Guy Buesnel, market segment lead for robust positioning navigation and timing at Spirent Communications (www.spirent.com), a company that provides test and service management solutions for the communications industry. Consider the recent breach on the U.S. government’s IT systems that risked the personal information of four million current and former federal employees.
“But malicious hackers are taking aim at all types of systems, including attacks against global satellite navigation systems,” he notes. “These attacks have a direct impact on fleets, and can undermine the security and safety of the fleet, operators and any shipments, as well as the fleet operator’s profitability.”
The precision and universal availability of a Global Navigation Satellite System (GNSS) make it ideal for managing, maintaining and tracking commercial fleets, and many fleet operators use the technology, he explains. But GNSS technology and the Global Positioning Systems (GPS) receivers they communicate with are vulnerable to RF interference, jamming and the deliberate counterfeiting of signals, known as GPS spoofing, making them a prime target for cyberattacks.
In an InfoSec Institute report that detailed the various security threats to satellite systems, jamming and GPS spoofing were listed as two of the top 10 threats.
ATTACKS ON GPS RECEIVERS
Jamming is done via transmitters emitting electromagnetic interference that blocks tracking devices from acquiring GPS broadcast signals, Buesnel says. Recently, cargo thieves in North Florida used GPS jammers with a stolen refrigerated trailer containing a temperature-controlled shipment to prevent any GPS tracking of the trailer.
There are two different ways of spoofing GPS position information, he explains. The much easier method is to manipulate the data in the application. There are inexpensive apps for tablets and smartphones that can be downloaded – after users “jailbreak” the operating system – that allows users to spoof their positions by manipulating data, which is then supplied to applications on phones or tablets that require GPS position data, says Buesnel.
The more difficult way is to replicate the GPS signal.
“Faking the GPS signal is little trickier to carry out because it involves actually accurately replicating and then broadcasting the GPS signal,” he says.
The InfoSec Institute report says GPS spoofing is one of the most insidious threats to GPS systems.
Spoofer devices are used to interfere with a GPS receiver and trick it into tracking counterfeit GPS signals, he says. The false GPS signals can fool receivers into thinking that they are at a different location and could be used in the hijacking of vehicles.
PREVENTION MEASURES
“In order to mitigate and protect against RF interference, jamming and GPS spoofing, fleet operators need to routinely assess and test their GPS equipment so they understand how an attack affects their systems and how they effectively respond,” says Buesnel. “Understanding the equipment, and how robust it is, is vital.”
Among other things, he says fleets need to ask:
- Are their GPS receivers robust enough to resist drive-by jammers?
- If a receiver is jammed or spoofed, will it detect the attack and generate alerts?
- Will the GPS receivers output misleading data when under attack?
One of the most dangerous effects of GPS jamming is that as a jammer gets close, some receivers will start outputting hazardously misleading information, such as incorrect positions or times, and that could lead to costly mistakes, he says.
Risk assessment also should be a priority. How likely is it that jamming would be encountered at a specific site or on a specific fleet? What is the likely frequency of jamming or spoofing events? What would be the impact of such events on the business in terms of lost hours of productivity?
Jamming is widespread, GPS spoofing concerns are on the rise and both are real threats to fleet operations, he points out. A single attack that’s the result of loopholes in the system that are left free for criminals to exploit could be a real blow to an operator’s reputation and bottom line.
“Fleet operators need to assess their risks, know how robust their GPS equipment is and be prepared,” he advises. “The good news is that it is possible today to test and protect against current and future threats.”