Quantcast

Navigating the Security of GPS

AUTO_GPS_052215A
TomTom’s Blue&Me GPS
TomTom’s Blue&Me GPS device is an option in new FIAT 500 models.

Every day drivers rely on Global Positioning System (GPS) devices to navigate their way through the world. Dependence only grows stronger as more options become available to make your drive easier and more enjoyable. However, you might wonder what safety and security issues come along with the frequent use of GPS systems. You will be relieved to know there is not much threat. At least not yet.

“Just about every model on the market offers built-in GPS as an option,” said Joe Wiesenfelder, executive editor of Cars.com. “It’s typically in higher trim levels of modestly-priced cars or in some luxury cars where it is standard equipment.”

The latest FIAT 500 models have a dealer-level option to include a TomTom Blue&Me portable GPS device, which sits in a dock integrated into the dashboard. This particular system offers traffic and weather information, and, unlike many other models, relays real-time information about speed camera locations.

AUTO_GPS_052215D
Joe Wiesenfelder, executive editor of Cars.com

“GPS has found its way into things like radar detectors,” Wiesenfelder said. “The brand Cobra has a whole network set up that keeps track of red-light cameras and speed traps. It even allows users to submit or ‘crowdsource’ information about where speed traps are and it warns other drivers.” With the abundance of such cameras on Long Island, this is a useful feature for drivers.

Because of the concern about security and safety, Wiesenfelder wants consumers to know that GPS in and of itself does not transmit data. “GPS is a receiver. It’s receiving data from dozens of satellites 12,000 plus miles up,” he said. “Your GPS device is not talking to those satellites.”

Many cars and all mobile phones have their own communication capabilities. The Cobra device connects wirelessly through bluetooth to your phone, which is how it is able to give you the most up-to-date information about what you’re going to find out on the road.

“The information about where you are comes down from satellites,” Wiesenfelder said, “but in the basic systems, which are pretty common, the maps come from a disk or a data card more frequently.” To get real-time maps, you must manually update the device, which typically has a cost associated.

Wiesenfelder points out that very few vehicles have navigation systems that evolve and adapt. New cars purchased today could contain built-in systems that are soon to be or are already out of date.

“That’s one of the reasons mobile phones have become a good solution for navigation,” he said. “They evolve and improve over time.” Because your phone communicates with Google Maps and updates automatically. This limitation, however, is starting to change, if the TomTom unit is any indication.

OnStar by General Motors and similar systems by other manufacturers adds two-way communication into the mix, which is where security concerns arise. In a car with a basic navigation system, nothing is tracking where you are and have been; you are simply seeing your location on a screen. “It’s when you start to introduce the capability to send that information outside the car that security and privacy concerns are a little bit more legitimate,” said Wiesenfelder.

These companies most likely track and store your location data unless you opt-out. “The newest concern is that any company that has that kind of information can be hacked, just like banks get hacked for credit card information,” he said. Wiesenfelder questions what the value is in schemes like this if there is not a clear profit to be had.

Todd Humphreys
Todd Humphreys, assistant professor of aerospace engineering at the University of Texas at Austin and expert on GPS spoofing

But before you wipe concern about GPS entirely from your mind, there is a concept called GPS spoofing, which involves tricking a navigation system by feeding it counterfeit signals. Non-military GPS signals are unencrypted and potentially open to cyber attack.

“There has been a great deal of research effort directed toward finding ways to detect civil GPS spoofing,” said Dr. Todd Humphreys, assistant professor of aerospace engineering at the University of Texas at Austin. Humphreys gave a TED talk in 2012 titled “How to fool a GPS” and is a leading researcher in the area of GPS spoofing. In 2013, he led an experiment that sent an $80 million yacht off course and proved GPS spoofing was possible.

“We now understand how to do it, but all the techniques we know of require at least some modification of GPS receivers,” Humphreys said. “At present, all off-the-shelf GPS receivers remain spoofable, but there are signs that manufacturers will begin making changes within the next few years.”

There is no evidence that GPS spoofing has ever been used for malicious purposes. However, the rise of self-driving cars and drones make us ever more dependent on GPS, the accuracy of which improves every day.

“Safety is a much bigger concern at present than security,” said Humphreys. “The risk of getting in a rear-end collision is much greater than that of having your car hacked.”

Rolls-Royce Wraith
The 2014 Rolls-Royce Wraith has a GPS-controlled transmission.

The fear that a hacker could remotely take control of your car is mostly unfounded. There would have to be a clear link between the GPS and the actual working parts of the car, which besides the new Rolls-Royce Wraith and its GPS-controlled transmission, is not common and not likely to be the target of a hacker attack.

Wiesenfelder concurs with Humphreys’ conclusion. “It’s an important thing for automakers
to be aware of, but it is not a current problem.”