Spoofing GPS Locations with low cost TX SDRs

September 3, 2015

At this years Defcon 2015 conference researcher Lin Huang from Qihoo 360 presented her work on spoofing GPS signals. Qihoo 360 is a Chinese security company producing antivirus software. Lin works at Qihoo as a security researcher where her main job is to prevent their antivirus software and users from becoming vulnerable to wireless attacks. Her research brought her to the realm of GPS spoofing, where she discovered how easy it was to use relatively low cost SDRs like a USRP B210/BladeRF/HackRF to emulate GPS signals which could allow a wireless attacker to manipulate the GPS on smartphones and cars.

Previous attempts at GPS spoofing have all used more expensive custom hardware. One attempt in 2013 allowed university researchers to send a 213-foot yacht off course, and it is suspected that hackers from the Iranian government have use GPS spoofing to divert and land an American stealth drone back in 2011.

In Lin’s presentation she shows how she was able to trick a smartphone into thinking it was in a different location. In addition she writes how this method could be used to trick the phone into changing it’s time, as many smartphones will periodically refresh the clock accuracy by using GPS satellites. She also shows how she was able to bypass a DJI drones forbidden area no fly zone policy. DJI drones come with a feature where the engines will not power up if the on board GPS detects that it is in a no drone fly zone. By spoofing the GPS she was able to get the drone to power up inside a no fly zone in Beijng.

Lin Huangs presentation can be downloaded from the defcon media server (pdf). An article on Lin and her research into GPS spoofing has also been run on Forbes.com.

Spoofed GPS logs on a smartphoneSpoofed GPS logs on a smartphone

Spoofing GPS Locations with low cost TX SDRs

Source: RTL SDR