This presentation provides an introduction to the vulnerabilities of satellite navigation and timing systems and the ways in which these vulnerabilities have been exploited. First, the specific vulnerabilities of GPS-based systems are introduced – the main vulnerabilities of GPS are due to the very low signal strength of the satellite signals. The paper discusses the effect of RF interference on satellite navigation and timing systems and introduces some real examples of disruption caused by real interference events. Evidence is also produced to show that interference events are widespread. The spoofing of GPS position and timing is also introduced. This presentation shows that spoofing can be carried out either at the application layer (the Pokemon GO game is presented as an example of this kind of hacking) or at RF level, where it is also shown that there are real examples of this kind of attack. Real examples of exploitation of GPS vulnerabilities are presented.
These will include:
Evidence will also be presented to show that there are a significant number of exploitations of RF interference by several groups of attackers with various motives. It will be shown that the groups who are attempting to exploit navigation and timing system vulnerabilities are the same types who have exploited IT systems. Approaches to mitigate systems and devices against the described vulnerabilities are proposed - a protective risk assessment and test framework are presented as being a method that can make significant improvements to existing systems.
We designed and built out a network that receives real-time data from purpose built detectors. The detectors are located at several airports, military bases, ranges, and along highways near tollbooths.
Receivers and sensors along with historical data have been used to hunt down willful and intentional GPS jamming by people wishing to evade tolls, trucking companies, employees wanting to evade employer surveillance as well as sophisticated jamming patterns and spoofing that would require a highly-sophisticated adversary and gear that is not available COTS/to civilians. Technology has been demonstrated to identify, track and report small time offenders, track down complex GPS network issues and assist in investigations where military assets have been targeted. We will demo the detection network, show of some of the historical data and bring sensors to Black Hat for everyone to see and play with. We will also talk through some of the cases where we tracked down sources of intentional jamming.
Vlad Gostomelsky is a driven security researcher with a passion for securing technology that makes civilized life possible. He is particularly focused on satellite systems security, SCADA systems supporting the critical infrastructure and wireless networks. He specializes in the intersection of physical and network security. He has worked on DARPA projects, established and lead penetration testing teams for Fortune 50 organizations, performed incident response and forensics on sensitive production systems within controlled environments, reverse engineered security devices, and participated in countless red team engagements for banks, critical infrastructure, pharmaceutical companies, law firms and research organizations. Vlad has spoken at various security conferences including Bsides, DEFCON, HOPE, and ShmooCon. Vlad was a board member for NYC OWASP and remains committed to the security community working together to improve the security posture through developer education, end user training, peer- reviewed code and rigorous standardized testing methodologies.