SPOOFING ATTACKS AND FRAUD
PROTECTING GNSS SYSTEMS FROM SPOOFING ATTACKS AND FRAUD
More and more businesses rely on location information to make critical decisions and generate revenue.
- Ride-hailing services such as Uber, Didi or Lyft use it to calculate ride costs and the optimal route.
- Autonomous vehicles and drones use it for navigation.
- Cargo transit services use it to track valuable goods.
- Security systems use geofencing to arm/disarm or lock/unlock systems, buildings and assets.
- Financial services use it to validate transactions and detect fraud.
Having extremely reliable location data is vital for all these services. But GNSS position information is non-encrypted and thus very easy to spoof or outright fake. In fact, one of the major shortcomings of the current architecture is that, anybody can lie about their location. Searching “fake GPS” on the google play store brings up nearly 100 apps that allow you to override your phone’s location data. This puts businesses that heavily rely on position information in danger of being defrauded or worse.
Malicious GNSS wireless attacks on automated systems
In other scenarios, heavily automated systems can be victim of malicious GNSS wireless attacks which take advantage of the fact that the signals from navigation satellites such as GPS, Glonass, or Beidou are very easy to spoof and fake. The main reason behind this is that civil GNSS positioning systems do not use any authentication techniques and have not implemented any security measures to prevent such attacks.
Additionally, due to the low strength of these signals once they reach the receiver, the GNSS signals are also very easy to override by malicious wireless attacks, making the over-the-air attacks even simpler to perform. Of course the cost of fixing these issues includes launching new satellites, which is prohibitive.
From using simple mobile apps which override real position data, to using Software-Defined-Radios to generate fake GNSS signals, these attacks are becoming easier to perform and harder to detect, eventually leading to revenue loss, goods theft, and other security risks.