From Ashkan Soltani’s blog post:
The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones.” In it, we discuss the drastic reduction in the cost of tracking an individual’s location and show how technology has greatly reduced the barriers to performing surveillance. We estimate the hourly cost of location tracking techniques used in landmark Supreme Court cases Jones, Karo, and Knotts and use the opinions issued in those cases to propose an objective metric: if the cost of the surveillance using the new technique is an order of magnitude (ten times) less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy. For example, the graph above shows that tracking a suspect using a GPS device is 28 times cheaper than assigning officers to follow him.
Posted on January 15, 2014 at 6:23 AM •
This is the latest in the arms race between spoofing GPS signals and detecting spoofed GPS signals.
Unfortunately, the countermeasures all seem to be patent pending.
Posted on August 9, 2012 at 6:32 AM •
A team at the University of Texas successfully spoofed the GPS and took control of a DHS drone, for about $1,000 in off-the-shelf parts. Does anyone think that the bad guys won’t be able to do this?
EDITED TO ADD (7/9): It wasn’t a DHS drone. It was a drone owned by the university.
Posted on July 9, 2012 at 6:02 AM •
Great movie-plot threat:
Financial institutions depend on timing that is accurate to the microsecond on a global scale so that stock exchanges in, say, London and New York are perfectly synchronised. One of the main ways of doing this is through GPS, and major financial institutions will have a GPS antenna on their main buildings. “They are always visible because they need a clear view of the sky,” Humphreys told Wired.co.uk.
He explains that someone who directed a spoofer towards the antenna could cause two different problems which could have a major impact on the largely automated high-frequency trading systems. The first is simply causing confusion by manipulating the times—a process called “time sabotage”—on one of the global stock exchanges. This sort of confusion can be very damaging.
Posted on March 2, 2012 at 6:11 AM •
The U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant.
EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced.
Posted on January 25, 2012 at 12:54 PM •
There’s a report that Iran hacked the drones’ GPS systems:
“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran’s “electronic ambush” of the highly classified US drone. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”
The “spoofing” technique that the Iranians used—which took into account precise landing altitudes, as well as latitudinal and longitudinal data—made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.
The Aviationist has consistently had the best analysis of this, and here it talks about the Tehran Times report that Iran has four Israeli and three U.S. drones.
My original blog post.
Posted on December 16, 2011 at 12:01 PM •
At least, according to a Wisconsin appeals court ruling:
As the law currently stands, the court said police can mount GPS on cars to track people without violating their constitutional rights—even if the drivers aren’t suspects.
Officers do not need to get warrants beforehand because GPS tracking does not involve a search or a seizure, Judge Paul Lundsten wrote for the unanimous three-judge panel based in Madison.
That means “police are seemingly free to secretly track anyone’s public movements with a GPS device,” he wrote.
The court wants the legislature to fix it:
However, the District 4 Court of Appeals said it was “more than a little troubled” by that conclusion and asked Wisconsin lawmakers to regulate GPS use to protect against abuse by police and private individuals.
I think the odds of that happening are approximately zero.
Posted on May 15, 2009 at 6:30 AM •
Jon used a desktop computer attached to a GPS satellite simulator to create a fake GPS signal. Portable GPS satellite simulators can fit in the trunk of a car, and are often used for testing. They are available as commercial off-the-shelf products. You can also rent them for less than $1K a week—peanuts to anyone thinking of hijacking a cargo truck and selling stolen goods.
In his first experiments, Jon placed his desktop computer and GPS satellite simulator in the cab of his small truck, and powered them off an inverter. The VAT used a second truck as the victim cargo truck. “With this setup,” Jon said, “we were able to spoof the GPS receiver from about 30 feet away. If our equipment could broadcast a stronger signal, or if we had purchased stronger signal amplifiers, we certainly could have spoofed over a greater distance.”
During later experiments, Jon and the VAT were able to easily achieve much greater GPS spoofing ranges. They spoofed GPS signals at ranges over three quarters of a mile. “The farthest distance we achieved was 4586 feet, at Los Alamos,” said Jon. “When you radiate an RF signal, you ideally want line of sight, but in this case we were walking around buildings and near power lines. We really had a lot of obstruction in the way. It surprised us.” An attacker could drive within a half mile of the victim truck, and still override the truck’s GPS signals.
EDITED TO ADD (10/13): Argonne National Labs is working on this.
Posted on September 17, 2008 at 7:03 AM •
Anyone know more?
Members of Cornell’s Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe’s first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices—including handheld receivers and systems installed in vehicles—that need PRNs to listen to satellites.
Security by obscurity: it doesn’t work, and it’s a royal pain to recover when it fails.
Posted on July 11, 2006 at 11:30 AM •
Just hide this gadget in someone’s car or briefcase—or maybe sew it into his coat—and then track his every move.
You have to recover the device to play it back, but presumably the next generation will be queryable remotely.
Posted on June 6, 2006 at 3:24 PM •
Sidebar photo of Bruce Schneier by Joe MacInnis.