Spy/Counterspy

Jerry Leichter leichter at lrw.com
Sat Jul 10 06:57:14 EDT 2010 

On Jul 9, 2010, at 1:00 PM, Pawel wrote:

>
> Hi,
>
> On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" <pgut001.reflector at gmail.com 
> > wrote:
>
>> GPS tracking units that you can fit to your car to track where your  
>> kids are taking it.... [T]he sorts of places that'll sell you card  
>> skimmers and RFID cloners have started selling miniature GPS  
>> jammers that plug
>> into cigarette-lighter sockets on cars....  In other words these  
>> are specifically designed to stop cars from being tracked.
>>
>> (Some of the more sophisticated trackers will fall back to 3G GSM- 
>> based
>> tracking via UMTS modems if they lose the GPS signal, it'll be  
>> interested to see how long it takes before the jammers are updated  
>> to deal with 3G signals as well, hopefully while leaving 2G intact  
>> for phonecalls).
>
> Just wondering, why wouldn't GPS trackers use 2G to determine the  
> location?
>
> And, also, does it even need a cell service subscription for  
> location determination, or is it enough to query the cell towers  
> (through some handshake protocols) to figure out the proximities and  
> coordinates?
The 2G stuff wasn't designed to provide location information; that was  
hacked in (by triangulating information received at multiple towers)  
after the fact. I don't know that anyone has tried to do it from the  
receiver side - it seems difficult, and would probably require  
building specialized receiver modules (expensive).  3G provides  
location information as a standard service, so it's cheap and easy.

The next attack, of course, is to use WiFi base station  
triangulation.  That's widely and cheaply available already, and quite  
accurate in many areas.  (It doesn't work out in the countryside if  
you're far enough from buildings, but then you don't have to go more  
than 60 miles or so from NYC to get to areas with no cell service,  
either.)  The signals are much stronger, and you can get location data  
with much less information, so jamming would be more of a challenge.   
Still, I expect we'll see that in the spy vs. spy race.

I wrote message to Risks - that seems to never have appeared - citing  
an article about GPS spoofing.  (I've included it below.)  In the spy  
vs. spy game, of course, it's much more suspicious if the GPS suddenly  
stops working than if it shows you've gone to the supermarket.  Of  
course, WiFi (and presumably UMTS equipment, though that might be  
harder) can also be spoofed.  I had an experience - described in  
another RISKS article - in which WiFi-based location suddenly  
teleported me from Manhattan to the Riviera - apparently because I was  
driving past a cruise ship in dock and its on-board WiFi had been  
sampled while it was in Europe.
                                                         -- Jerry


The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/ 
8533157.stm) on the growing threat of jamming to satellite navigation  
systems.  The fundamental vulnerability of all the systems - GPS, the  
Russian Glonass, and the European Galileo - is the very low power of  
the transmissions.  (Nice analogy:  A satellite puts out less power  
than a car headlight, illuminating more than a third of the Earth's  
surface from 20,000 kilometers.)  Jammers - which simply overwhelm the  
satellite signal - are increasingly available on-line.  According to  
the article, low-powered hand-held versions cost less than £100, run  
for hours on a battery, and can confuse receivers tens of kilometers  
away.

The newer threat is from spoofers, which can project a false  
location.  This still costs "thousands", but the price will inevitably  
come down.

A test done in 2008 showed that it was easy to badly spoof ships off  
the English coast, causing them to read locations anywhere from  
Ireland to Scandinavia.

Beyond simple hacking - someone is quoted saying "You can consider GPS  
a little like computers before the first virus - if I had stood here  
before then and cried about the risks, you would've asked 'why would  
anyone bother?'." - among the possible vulnerabilities are to high- 
value cargo, armored cars, and rental cars tracked by GPS. As we build  
more and more "location-aware" services, we are inherently building  
more "false-location-vulnerable" services at the same time.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list