JL
Jim Lux
Thu, Jan 17, 2013 2:02 PM
On 1/17/13 2:52 AM, Hal Murray wrote:
I think this came up a few months ago.
the article is a bit over the top, but does describe the basic mechanism
used:
"exploits software bugs in the underlying receivers"
For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
I suspect that most modern GPS receivers also have loadable/replaceable
firmware, so as "divide by zero" bugs and the like are found, then it
can be fixed, particularly if it's in something like a high accuracy
reference network.
A pain, to be sure.
I think the threat is a bit overstated, too. Sure, the hardware costs
<$20k, but it's operated by a team of fairly sophisticated people who
programmed it for each specific victim (that is, every receiver has a
different vulnerability). Just because one has identified a threat
vector doesn't mean that there's any incentive to use it: Many have
proposed scenarios where denying GPS has some value, but considering it
as a potential criminal scenario you'd also need:
- resources to execute the threat (that team of grad students from CMU,
knowledge of the specific receivers to be attacked and their specific
vulnerabilities, etc.)
- A decent scenario asking what form the denial takes (e.g. are you
spoofing, or what)
- A way to radiate these signals in a way that you won't get caught.
There are a fair number of folks out there working on and doing systems
to detect GPS jamming.
If you just wanted to deny GPS in a small area, a network of a few dozen
broadband $30 jammers with random timers and lithium batteries scattered
from a passing car or UAV, etc. would do very nicely.
If you want to do it over a larger area, you apply for a temporary
license for an auxiliary transmitter on the ground for your mobile
satellite service<grin>.
On 1/17/13 2:52 AM, Hal Murray wrote:
> How to bring down mission-critical GPS networks with $2,500
>
> http://tinyurl.com/boe2cdh
> http://arstechnica.com/security/2012/12/how-to-bring-down-mission-critical-gps
> -networks-with-2500/
>
>
I think this came up a few months ago.
the article is a bit over the top, but does describe the basic mechanism
used:
"exploits software bugs in the underlying receivers"
For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
I suspect that most modern GPS receivers also have loadable/replaceable
firmware, so as "divide by zero" bugs and the like are found, then it
can be fixed, particularly if it's in something like a high accuracy
reference network.
A pain, to be sure.
I think the threat is a bit overstated, too. Sure, the hardware costs
<$20k, but it's operated by a team of fairly sophisticated people who
programmed it for each specific victim (that is, every receiver has a
different vulnerability). Just because one has identified a threat
vector doesn't mean that there's any incentive to use it: Many have
proposed scenarios where denying GPS has some value, but considering it
as a potential criminal scenario you'd also need:
1) resources to execute the threat (that team of grad students from CMU,
knowledge of the specific receivers to be attacked and their specific
vulnerabilities, etc.)
2) A decent scenario asking what form the denial takes (e.g. are you
spoofing, or what)
3) A way to radiate these signals in a way that you won't get caught.
There are a fair number of folks out there working on and doing systems
to detect GPS jamming.
If you just wanted to deny GPS in a small area, a network of a few dozen
broadband $30 jammers with random timers and lithium batteries scattered
from a passing car or UAV, etc. would do very nicely.
If you want to do it over a larger area, you apply for a temporary
license for an auxiliary transmitter on the ground for your mobile
satellite service<grin>.
BC
Bob Camp
Thu, Jan 17, 2013 2:22 PM
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority.
Bob
-----Original Message-----
From: time-nuts-bounces@febo.com [mailto:time-nuts-bounces@febo.com] On
Behalf Of Jim Lux
Sent: Thursday, January 17, 2013 9:03 AM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] More GPS troubles
On 1/17/13 2:52 AM, Hal Murray wrote:
I think this came up a few months ago.
the article is a bit over the top, but does describe the basic mechanism
used:
"exploits software bugs in the underlying receivers"
For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
I suspect that most modern GPS receivers also have loadable/replaceable
firmware, so as "divide by zero" bugs and the like are found, then it
can be fixed, particularly if it's in something like a high accuracy
reference network.
A pain, to be sure.
I think the threat is a bit overstated, too. Sure, the hardware costs
<$20k, but it's operated by a team of fairly sophisticated people who
programmed it for each specific victim (that is, every receiver has a
different vulnerability). Just because one has identified a threat
vector doesn't mean that there's any incentive to use it: Many have
proposed scenarios where denying GPS has some value, but considering it
as a potential criminal scenario you'd also need:
- resources to execute the threat (that team of grad students from CMU,
knowledge of the specific receivers to be attacked and their specific
vulnerabilities, etc.)
- A decent scenario asking what form the denial takes (e.g. are you
spoofing, or what)
- A way to radiate these signals in a way that you won't get caught.
There are a fair number of folks out there working on and doing systems
to detect GPS jamming.
If you just wanted to deny GPS in a small area, a network of a few dozen
broadband $30 jammers with random timers and lithium batteries scattered
from a passing car or UAV, etc. would do very nicely.
If you want to do it over a larger area, you apply for a temporary
license for an auxiliary transmitter on the ground for your mobile
satellite service<grin>.
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority.
Bob
-----Original Message-----
From: time-nuts-bounces@febo.com [mailto:time-nuts-bounces@febo.com] On
Behalf Of Jim Lux
Sent: Thursday, January 17, 2013 9:03 AM
To: Discussion of precise time and frequency measurement
Subject: Re: [time-nuts] More GPS troubles
On 1/17/13 2:52 AM, Hal Murray wrote:
> How to bring down mission-critical GPS networks with $2,500
>
> http://tinyurl.com/boe2cdh
>
http://arstechnica.com/security/2012/12/how-to-bring-down-mission-critical-g
ps
> -networks-with-2500/
>
>
I think this came up a few months ago.
the article is a bit over the top, but does describe the basic mechanism
used:
"exploits software bugs in the underlying receivers"
For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
I suspect that most modern GPS receivers also have loadable/replaceable
firmware, so as "divide by zero" bugs and the like are found, then it
can be fixed, particularly if it's in something like a high accuracy
reference network.
A pain, to be sure.
I think the threat is a bit overstated, too. Sure, the hardware costs
<$20k, but it's operated by a team of fairly sophisticated people who
programmed it for each specific victim (that is, every receiver has a
different vulnerability). Just because one has identified a threat
vector doesn't mean that there's any incentive to use it: Many have
proposed scenarios where denying GPS has some value, but considering it
as a potential criminal scenario you'd also need:
1) resources to execute the threat (that team of grad students from CMU,
knowledge of the specific receivers to be attacked and their specific
vulnerabilities, etc.)
2) A decent scenario asking what form the denial takes (e.g. are you
spoofing, or what)
3) A way to radiate these signals in a way that you won't get caught.
There are a fair number of folks out there working on and doing systems
to detect GPS jamming.
If you just wanted to deny GPS in a small area, a network of a few dozen
broadband $30 jammers with random timers and lithium batteries scattered
from a passing car or UAV, etc. would do very nicely.
If you want to do it over a larger area, you apply for a temporary
license for an auxiliary transmitter on the ground for your mobile
satellite service<grin>.
_______________________________________________
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
D
David
Thu, Jan 17, 2013 2:59 PM
On 1/17/13 2:52 AM, Hal Murray wrote:
I think this came up a few months ago.
the article is a bit over the top, but does describe the basic mechanism
used:
"exploits software bugs in the underlying receivers"
For instance, they say
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
Here is a copy of the research paper which was linked here not long
ago:
http://users.ece.cmu.edu/~dbrumley/courses/18487-f12/readings/Nov28_GPS.pdf
The Trimble NetRS had what they think was a divide by zero bug in the
firmware which caused perpetual reboots until a hardware reset because
the spoofed ephemeris data which caused the reset was stored in
nonvolatile memory.
They actually posted video of the attack against the NetRS although
the research paper is more informative:
http://www.youtube.com/watch?v=6K8dD2PCI6s
The Arbiter which suffered from the date de-synchronization attack on
the other hand had no way to reset the nonvolatile week epoch after
the attack spoofed rollover events so the damage was indeed permanent
although limited to reporting the wrong date and apparently producing
the wrong timing although I am not sure why the week epoch would
affect the microsecond timing.
I suspect that most modern GPS receivers also have loadable/replaceable
firmware, so as "divide by zero" bugs and the like are found, then it
can be fixed, particularly if it's in something like a high accuracy
reference network.
A pain, to be sure.
If the GPS receiver is self contained within a larger system, it may
not be possible to update and if it is, it would still require the GPS
receiver manufacturer to produce and release the update firmware.
I think the threat is a bit overstated, too. Sure, the hardware costs
<$20k, but it's operated by a team of fairly sophisticated people who
programmed it for each specific victim (that is, every receiver has a
different vulnerability). Just because one has identified a threat
vector doesn't mean that there's any incentive to use it: Many have
proposed scenarios where denying GPS has some value, but considering it
as a potential criminal scenario you'd also need:
The 7 receivers shared many of the 4 (5 if you count spoofing but all
non-military receivers suffer from that) vulnerabilities. They had to
program the hardware for each vulnerability but not each receiver.
- resources to execute the threat (that team of grad students from CMU,
knowledge of the specific receivers to be attacked and their specific
vulnerabilities, etc.)
This will only get cheaper and easier to do in the future. What a
team of graduate students do today will become possible for one
graduate student and then one undergraduate student.
- A decent scenario asking what form the denial takes (e.g. are you
spoofing, or what)
- A way to radiate these signals in a way that you won't get caught.
There are a fair number of folks out there working on and doing systems
to detect GPS jamming.
Just detecting the GPS jamming or spoofing by itself does not catch
the perpetrators or their device. Given how small a 1.5 GHz
transmitting antenna can be even if it is directional and the
difficulties caused by multipath and reflections at 1.5 GHz, tracking
the transmitter down could be very difficult even if the operators do
not take additional steps to prevent that.
On Thu, 17 Jan 2013 06:02:51 -0800, Jim Lux <jimlux@earthlink.net>
wrote:
>On 1/17/13 2:52 AM, Hal Murray wrote:
>> How to bring down mission-critical GPS networks with $2,500
>>
>> http://tinyurl.com/boe2cdh
>> http://arstechnica.com/security/2012/12/how-to-bring-down-mission-critical-gps
>> -networks-with-2500/
>
>I think this came up a few months ago.
>
>the article is a bit over the top, but does describe the basic mechanism
>used:
>
>"exploits software bugs in the underlying receivers"
>
>For instance, they say
>"Since the Arbiter showed no ability to compare the settings to internal
>clock settings, it suffered permanent damage when it was exposed to the
>exploit."
>
>Permanent damage? As in components failed? No, I think a factory reset
>would restore it to function.
Here is a copy of the research paper which was linked here not long
ago:
http://users.ece.cmu.edu/~dbrumley/courses/18487-f12/readings/Nov28_GPS.pdf
The Trimble NetRS had what they think was a divide by zero bug in the
firmware which caused perpetual reboots until a hardware reset because
the spoofed ephemeris data which caused the reset was stored in
nonvolatile memory.
They actually posted video of the attack against the NetRS although
the research paper is more informative:
http://www.youtube.com/watch?v=6K8dD2PCI6s
The Arbiter which suffered from the date de-synchronization attack on
the other hand had *no way* to reset the nonvolatile week epoch after
the attack spoofed rollover events so the damage was indeed permanent
although limited to reporting the wrong date and apparently producing
the wrong timing although I am not sure why the week epoch would
affect the microsecond timing.
>I suspect that most modern GPS receivers also have loadable/replaceable
>firmware, so as "divide by zero" bugs and the like are found, then it
>can be fixed, particularly if it's in something like a high accuracy
>reference network.
>
>A pain, to be sure.
If the GPS receiver is self contained within a larger system, it may
not be possible to update and if it is, it would still require the GPS
receiver manufacturer to produce and release the update firmware.
>I think the threat is a bit overstated, too. Sure, the hardware costs
><$20k, but it's operated by a team of fairly sophisticated people who
>programmed it for each specific victim (that is, every receiver has a
>different vulnerability). Just because one has identified a threat
>vector doesn't mean that there's any incentive to use it: Many have
>proposed scenarios where denying GPS has some value, but considering it
>as a potential criminal scenario you'd also need:
The 7 receivers shared many of the 4 (5 if you count spoofing but all
non-military receivers suffer from that) vulnerabilities. They had to
program the hardware for each vulnerability but not each receiver.
>1) resources to execute the threat (that team of grad students from CMU,
>knowledge of the specific receivers to be attacked and their specific
>vulnerabilities, etc.)
This will only get cheaper and easier to do in the future. What a
team of graduate students do today will become possible for one
graduate student and then one undergraduate student.
>2) A decent scenario asking what form the denial takes (e.g. are you
>spoofing, or what)
>3) A way to radiate these signals in a way that you won't get caught.
>There are a fair number of folks out there working on and doing systems
>to detect GPS jamming.
Just detecting the GPS jamming or spoofing by itself does not catch
the perpetrators or their device. Given how small a 1.5 GHz
transmitting antenna can be even if it is directional and the
difficulties caused by multipath and reflections at 1.5 GHz, tracking
the transmitter down could be very difficult even if the operators do
not take additional steps to prevent that.
D
David
Thu, Jan 17, 2013 3:03 PM
If the GPS receiver hardware itself is integrated then it would
require a separate firmware update which may not be possible. I know
one of my more recent Garmin receivers has separate firmware for the
integrated GPS receiver and the unit as a whole.
On Thu, 17 Jan 2013 09:22:55 -0500, "Bob Camp" lists@rtty.us wrote:
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority.
Bob
If the GPS receiver hardware itself is integrated then it would
require a separate firmware update which may not be possible. I know
one of my more recent Garmin receivers has separate firmware for the
integrated GPS receiver and the unit as a whole.
On Thu, 17 Jan 2013 09:22:55 -0500, "Bob Camp" <lists@rtty.us> wrote:
>Hi
>
>Most cheap GPS's these days have user friendly firmware update capability.
>That's been true for quite a while. I'd be amazed if the higher end stuff
>didn't make updates an easy thing. Bugs in GPS code are not exactly
>uncommon.
>
>The real issue is the need to get the GPS code patched for this kind of
>thing. Without nutty articles that alarm the marketing department, the work
>will never get any sort of priority.
>
>Bob
JL
Jim Lux
Thu, Jan 17, 2013 3:08 PM
On 1/17/13 6:22 AM, Bob Camp wrote:
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority.
But is there really a need to patch for this..(as opposed to the other
bugs that are on the list)
Consider you're using GPS as a time reference in a "mission critical"
application. You've already got to have some holdover capability. Do
you think someone could set up one of these jammers, jam your GPS, and
keep doing it for long enough to extend you past your max holdover time?
If you're that critical, you need geographically dispersed receivers
anyway (struck by lightning?)
In the example of the high accuracy reference networks.. they're
networks and they are designed so that individual nodes can fail.
Spoofing attacks, by their nature, can really only attack one receiver
at a time even if the spoof signal covers a long distance(because only
for the chosen victim do all the signals line up just right). So now
you're talking about N jammers for N receivers, and the cost of your
jamming attack is rising.
Someone who wanted to deny the use of the network would be better served
by sending someone out with aluminum foil/paint to cover the radome of
the stations. Or a cutting torch and sawzall. (tougher to do and a bit
more obvious than commanding an array of jamming systems from your
underground lair)
On 1/17/13 6:22 AM, Bob Camp wrote:
> Hi
>
> Most cheap GPS's these days have user friendly firmware update capability.
> That's been true for quite a while. I'd be amazed if the higher end stuff
> didn't make updates an easy thing. Bugs in GPS code are not exactly
> uncommon.
>
> The real issue is the need to get the GPS code patched for this kind of
> thing. Without nutty articles that alarm the marketing department, the work
> will never get any sort of priority.
But is there *really* a need to patch for this..(as opposed to the other
bugs that are on the list)
Consider you're using GPS as a time reference in a "mission critical"
application. You've already got to have some holdover capability. Do
you think someone could set up one of these jammers, jam your GPS, and
keep doing it for long enough to extend you past your max holdover time?
If you're that critical, you need geographically dispersed receivers
anyway (struck by lightning?)
In the example of the high accuracy reference networks.. they're
*networks* and they are designed so that individual nodes can fail.
Spoofing attacks, by their nature, can really only attack one receiver
at a time even if the spoof signal covers a long distance(because only
for the chosen victim do all the signals line up just right). So now
you're talking about N jammers for N receivers, and the cost of your
jamming attack is rising.
Someone who wanted to deny the use of the network would be better served
by sending someone out with aluminum foil/paint to cover the radome of
the stations. Or a cutting torch and sawzall. (tougher to do and a bit
more obvious than commanding an array of jamming systems from your
underground lair)
HK
Harald Koch
Thu, Jan 17, 2013 3:27 PM
"Since the Arbiter showed no ability to compare the settings to internal
clock settings, it suffered permanent damage when it was exposed to the
exploit."
Permanent damage? As in components failed? No, I think a factory reset
would restore it to function.
You've apparently missed some of the details in the article; they
specifically discussed this point. On many of these devices the
corruption was to permanent storage.
One GPS receiver had a permanent "divide-by-zero" bug, even after
reboots, because the corrupt satellite elements were stored
permanently. It's possible that there is no way to update the firmware
at this point, because the device does not stay running long enough.
(I've "bricked" one or two pieces of embedded hardware this way myself
over the years ;). It would not surprise me if a hard "factory reset"
would not erase the satellite orbital elements, since they're so
important to correct GPS operation.
Another GPS receiver stored the GPS Week Rollover count in permanent
storage, with no way to reset it. Force this device to perform a week
rollover, and it is useless unless you leave it switched off for 20
years.
Sure these devices are still "repairable", but the expertise required
means, at the very least, ship it back to the factory...
So few programmers write code with malicious activity in mind. Even
dedicated security software developers have a hard time thinking about
every possible threat! And couple that with the pressure to "ship
now"...
--
Harald
> "Since the Arbiter showed no ability to compare the settings to internal
> clock settings, it suffered permanent damage when it was exposed to the
> exploit."
>
> Permanent damage? As in components failed? No, I think a factory reset
> would restore it to function.
You've apparently missed some of the details in the article; they
specifically discussed this point. On many of these devices the
corruption was to permanent storage.
One GPS receiver had a permanent "divide-by-zero" bug, even after
reboots, because the corrupt satellite elements were stored
permanently. It's possible that there is no way to update the firmware
at this point, because the device does not stay running long enough.
(I've "bricked" one or two pieces of embedded hardware this way myself
over the years ;). It would not surprise me if a hard "factory reset"
would not erase the satellite orbital elements, since they're so
important to correct GPS operation.
Another GPS receiver stored the GPS Week Rollover count in permanent
storage, with no way to reset it. Force this device to perform a week
rollover, and it is useless unless you leave it switched off for 20
years.
Sure these devices are still "repairable", but the expertise required
means, at the very least, ship it back to the factory...
So few programmers write code with malicious activity in mind. Even
dedicated security software developers have a hard time thinking about
every possible threat! And couple that with the pressure to "ship
now"...
--
Harald
D
David
Thu, Jan 17, 2013 3:54 PM
On 1/17/13 6:22 AM, Bob Camp wrote:
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the work
will never get any sort of priority.
But is there really a need to patch for this..(as opposed to the other
bugs that are on the list)
Consider you're using GPS as a time reference in a "mission critical"
application. You've already got to have some holdover capability. Do
you think someone could set up one of these jammers, jam your GPS, and
keep doing it for long enough to extend you past your max holdover time?
If you're that critical, you need geographically dispersed receivers
anyway (struck by lightning?)
Two of the attack examples disabled the GPS receivers, one rebooted
continuously until a hard reset to erase the nonvolatile memory and
the other permanently returned invalid date and timing information,
even after the short term spoofing signal was removed. Only minutes
or tens of minutes were needed for the attacks.
In the example of the high accuracy reference networks.. they're
networks and they are designed so that individual nodes can fail.
Spoofing attacks, by their nature, can really only attack one receiver
at a time even if the spoof signal covers a long distance(because only
for the chosen victim do all the signals line up just right). So now
you're talking about N jammers for N receivers, and the cost of your
jamming attack is rising.
These low level spoofing attacks involved changing the satellite
ephemeris, satellite almanac, or GPS epoch so they would work against
multiple receivers simultaneously.
Someone who wanted to deny the use of the network would be better served
by sending someone out with aluminum foil/paint to cover the radome of
the stations. Or a cutting torch and sawzall. (tougher to do and a bit
more obvious than commanding an array of jamming systems from your
underground lair)
That would be cheaper at least for now.
On Thu, 17 Jan 2013 07:08:20 -0800, Jim Lux <jimlux@earthlink.net>
wrote:
>On 1/17/13 6:22 AM, Bob Camp wrote:
>> Hi
>>
>> Most cheap GPS's these days have user friendly firmware update capability.
>> That's been true for quite a while. I'd be amazed if the higher end stuff
>> didn't make updates an easy thing. Bugs in GPS code are not exactly
>> uncommon.
>>
>> The real issue is the need to get the GPS code patched for this kind of
>> thing. Without nutty articles that alarm the marketing department, the work
>> will never get any sort of priority.
>
>But is there *really* a need to patch for this..(as opposed to the other
>bugs that are on the list)
>
>Consider you're using GPS as a time reference in a "mission critical"
>application. You've already got to have some holdover capability. Do
>you think someone could set up one of these jammers, jam your GPS, and
>keep doing it for long enough to extend you past your max holdover time?
>If you're that critical, you need geographically dispersed receivers
>anyway (struck by lightning?)
Two of the attack examples disabled the GPS receivers, one rebooted
continuously until a hard reset to erase the nonvolatile memory and
the other permanently returned invalid date and timing information,
even after the short term spoofing signal was removed. Only minutes
or tens of minutes were needed for the attacks.
>In the example of the high accuracy reference networks.. they're
>*networks* and they are designed so that individual nodes can fail.
>Spoofing attacks, by their nature, can really only attack one receiver
>at a time even if the spoof signal covers a long distance(because only
>for the chosen victim do all the signals line up just right). So now
>you're talking about N jammers for N receivers, and the cost of your
>jamming attack is rising.
These low level spoofing attacks involved changing the satellite
ephemeris, satellite almanac, or GPS epoch so they would work against
multiple receivers simultaneously.
>Someone who wanted to deny the use of the network would be better served
>by sending someone out with aluminum foil/paint to cover the radome of
>the stations. Or a cutting torch and sawzall. (tougher to do and a bit
>more obvious than commanding an array of jamming systems from your
>underground lair)
That would be cheaper at least for now.
BC
Bob Camp
Thu, Jan 17, 2013 3:59 PM
Hi
A lot of gear has holdover in the 8 to 24 hour range. If the attack "broke"
the receivers (as in some sort of NV storage corruption), you would need to
drive out and replace the gizmos in that time frame. Inventory and tech
manpower likely is set up for lightning events (a dozen maybe) rather than a
"whole city is down" sort of thing.
On the stuff I'm familiar with, there is indeed a "cycle back to the mother
ship" sort of fix for major issues. Been there, done that. It is very much a
pain, and that's why field firmware upgrades are a popular feature even in
embedded devices.
Bob
-----Original Message-----
From: time-nuts-bounces@febo.com [mailto:time-nuts-bounces@febo.com] On
Behalf Of Jim Lux
Sent: Thursday, January 17, 2013 10:08 AM
To: time-nuts@febo.com
Subject: Re: [time-nuts] More GPS troubles
On 1/17/13 6:22 AM, Bob Camp wrote:
Hi
Most cheap GPS's these days have user friendly firmware update capability.
That's been true for quite a while. I'd be amazed if the higher end stuff
didn't make updates an easy thing. Bugs in GPS code are not exactly
uncommon.
The real issue is the need to get the GPS code patched for this kind of
thing. Without nutty articles that alarm the marketing department, the
will never get any sort of priority.
But is there really a need to patch for this..(as opposed to the other
bugs that are on the list)
Consider you're using GPS as a time reference in a "mission critical"
application. You've already got to have some holdover capability. Do
you think someone could set up one of these jammers, jam your GPS, and
keep doing it for long enough to extend you past your max holdover time?
If you're that critical, you need geographically dispersed receivers
anyway (struck by lightning?)
In the example of the high accuracy reference networks.. they're
networks and they are designed so that individual nodes can fail.
Spoofing attacks, by their nature, can really only attack one receiver
at a time even if the spoof signal covers a long distance(because only
for the chosen victim do all the signals line up just right). So now
you're talking about N jammers for N receivers, and the cost of your
jamming attack is rising.
Someone who wanted to deny the use of the network would be better served
by sending someone out with aluminum foil/paint to cover the radome of
the stations. Or a cutting torch and sawzall. (tougher to do and a bit
more obvious than commanding an array of jamming systems from your
underground lair)
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.
Hi
A lot of gear has holdover in the 8 to 24 hour range. If the attack "broke"
the receivers (as in some sort of NV storage corruption), you would need to
drive out and replace the gizmos in that time frame. Inventory and tech
manpower likely is set up for lightning events (a dozen maybe) rather than a
"whole city is down" sort of thing.
On the stuff I'm familiar with, there is indeed a "cycle back to the mother
ship" sort of fix for major issues. Been there, done that. It is very much a
pain, and that's why field firmware upgrades are a popular feature even in
embedded devices.
Bob
-----Original Message-----
From: time-nuts-bounces@febo.com [mailto:time-nuts-bounces@febo.com] On
Behalf Of Jim Lux
Sent: Thursday, January 17, 2013 10:08 AM
To: time-nuts@febo.com
Subject: Re: [time-nuts] More GPS troubles
On 1/17/13 6:22 AM, Bob Camp wrote:
> Hi
>
> Most cheap GPS's these days have user friendly firmware update capability.
> That's been true for quite a while. I'd be amazed if the higher end stuff
> didn't make updates an easy thing. Bugs in GPS code are not exactly
> uncommon.
>
> The real issue is the need to get the GPS code patched for this kind of
> thing. Without nutty articles that alarm the marketing department, the
work
> will never get any sort of priority.
But is there *really* a need to patch for this..(as opposed to the other
bugs that are on the list)
Consider you're using GPS as a time reference in a "mission critical"
application. You've already got to have some holdover capability. Do
you think someone could set up one of these jammers, jam your GPS, and
keep doing it for long enough to extend you past your max holdover time?
If you're that critical, you need geographically dispersed receivers
anyway (struck by lightning?)
In the example of the high accuracy reference networks.. they're
*networks* and they are designed so that individual nodes can fail.
Spoofing attacks, by their nature, can really only attack one receiver
at a time even if the spoof signal covers a long distance(because only
for the chosen victim do all the signals line up just right). So now
you're talking about N jammers for N receivers, and the cost of your
jamming attack is rising.
Someone who wanted to deny the use of the network would be better served
by sending someone out with aluminum foil/paint to cover the radome of
the stations. Or a cutting torch and sawzall. (tougher to do and a bit
more obvious than commanding an array of jamming systems from your
underground lair)
_______________________________________________
time-nuts mailing list -- time-nuts@febo.com
To unsubscribe, go to
https://www.febo.com/cgi-bin/mailman/listinfo/time-nuts
and follow the instructions there.