Hackers can now spoof your turn-by-turn GPS road navigation to send you to specific wrong locations. Until now this kind of cyberattack has been considered extremely difficult. For example, it’s easy to tell someone’s GPS to turn left but if there’s no turning at that location they’ll realise something is wrong. The ultimate goal for a hacker would be to hijack the road system in real time, redirecting targets stealthily without them realising that it is happening.
According to various researchers this kind of sophisticated spoofing attack is now possible. For a top spoofing to happen the hackers would need a GPS spoofer built with a Raspberry Pi and other components costing $223. The only limitation here is that the spoofing device would either need to be controlled from another vehicle within 40-50 metres of the target or attached to it with instructions sent remotely.
Nowadays your GPS has all the information a hacker needs to launch further attacks on you; In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Being able to send someone to a specific location could be exploited for kidnap, robbery, or simply to endanger them. For example:
If the hackers want to endanger the victim, they can successfully lunch a special cyber attack that contains wrong-ways for 99.8% of the trips. Alternatively, more general deviation attacks could be used to confuse or waste the time of emergency services.
There are a number of ways in which an attack like this can be repealed but none of them are cheap or necessarily quick to come to fruition. The first is signal authentication, a way of detecting and shutting out the spoofing signal. A second way is not to rely on a single data source such as the US GPS network when making navigation decisions, for example adding a second or third satellite navigation network – the EU’s emerging Galileo or Russia’s GLONASS or even Wi-Fi – to verify navigation.
By doing this the hackers will be forced to spoof data signals from more than one system which is a more challenging task.
Interestingly, the most promising way of protecting yourself against this kind of cyberattack is to enable mobile navigation systems to verify where you are in relation to the map using visual landmarks.
We live in a world where in a mere two decades SatNav and mobile navigation systems have almost entirely liberated travellers from the inconvenient world of paper maps. It’s hard not to conclude that this has led people into a complacent world where its accuracy and freedom from interference is simply taken for granted. The next generation of mobile navigation systems look as if they may need to become a lot more complicated and expensive.
We would continue to monitor this big cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.