GPS jamming for $2500

 
--
Nuvi 2595LMT, Nuvi 1490T, Nuvi 260, GPSMAP 195

It's not jamming --

Jamming is deliberately disrupting a communications path by filling the channel with noise. (A GPS jammer can be built with about $20 in parts.)

These attacks are much, much more than jamming -- not only are they transmitting GPS signals, but they are transmitting signals that are phase coherent with existing GPS signals in the area, but altering *some* fields. They get a GPS receiver to swallow data that looks good, but...

Think of it as a kind of "fuzzing" attack, sending out reasonable looking messages with bogus contents, and in perfect phase coherence with the GPS L1 signals local receivers expect to hear.

This is very clever stuff, and an attack against current products that use the civilian L1 signal that the current generation really can't do much about.

I'd bet that products currently in the design phase are being re-evaluated. It's a recurring theme in the computer biz -- at first people build products, subsystems, libraries, APIs, assuming the data passed to them is going to be valid all the time. Eventually you get to the point where you don't trust anything, and sanity check inputs as best you can (and then wonder if you've caught everything).

--
Nuvi 2460, 680, DATUM Tymserve 2100, Trimble Thunderbolt, Ham radio, Macintosh, Linux, Windows

Uh Oh

One wonders about the implications for military GPS, such as mis-guiding JDAMs and other "smart" technology (like maybe "missing" drones). How much can this be defended against?

That's why there are P(Y) codes...

Us civilians get to use the Coarse/Acquisition (C/A) coded data, and the military (and other such folks and their gadgets) use the Precision (P(Y)) coded data, which is encrypted.

The keys for P(Y) aren't exactly available at your local hardware store... But assuming you could get a set of current keys, the P(Y) code runs at ten times the data rate of the C/A code (10.23 Mbit/sec for P(Y) and 1.023 Mbit/sec for C/A).

That means your phase-coherent coherent GPS generator just got more than an order of magnitude faster/more complicated to handle the higher data rate as well as decryption, and the price probably went up by more than that.

It's a good bet the gov't and some of their gadgets probably still rely on C/A -- IIRC, during the first "Gulf Unpleasantness" not only was S/A turned off, but large quantities of civilian GPS boxes were rushed in theatre because there weren't enough of the full mil boxes to go around.

--
Nuvi 2460, 680, DATUM Tymserve 2100, Trimble Thunderbolt, Ham radio, Macintosh, Linux, Windows

Not Enough Units

k6rtm wrote:

It's a good bet the gov't and some of their gadgets probably still rely on C/A -- IIRC, during the first "Gulf Unpleasantness" not only was S/A turned off, but large quantities of civilian GPS boxes were rushed in theatre because there weren't enough of the full mil boxes to go around.

That is disturbing.

a while ago--

disturbing, but also a while ago (1991), when the whole GPS thing was just taking off -- but I've got to believe that with the focus on commercial off the shelf (COTS) solutions, there are quite a few systems using the unencrypted civvie C/A code (if for no other reason than you can get a bare board 12-channel C/A receiver for under $20).

--
Nuvi 2460, 680, DATUM Tymserve 2100, Trimble Thunderbolt, Ham radio, Macintosh, Linux, Windows