How to fool a GPS Todd Humphreys
something happened in the early morning
hours of May 2nd 2000 that had a
profound effect on the way our society
operates ironically hardly anyone
noticed at the time the change was
silent imperceptible unless you knew
exactly what to look for on that morning
US President Bill Clinton ordered that a
special switch be thrown in the orbiting
satellites of the global positioning
system instantaneously every civilian
GPS receiver around the globe went from
errors the size of a football field the
errors the size of a small room it’s
hard to overstate the effect that this
change in accuracy has had on us before
this switch was thrown we didn’t have in
car navigation systems giving
turn-by-turn directions because back
then gps couldn’t tell you what block
you are on let alone what street for
geolocation accuracy matters and things
have only improved over the last 10
years with more base stations or ground
stations better receivers and better
algorithms GPS can now not only tell you
what street you were on but what part of
the street this level of accuracy has
unleashed a firestorm of innovation in
fact many of you navigated here today
with the help of your TomTom or your
smartphone paper maps are becoming
obsolete Boystown now stand on the verge
of another revolution in geolocation
accuracy what if I told you that the 2
meter positioning that our current cell
phones and our our tom-toms give us is
pathetic compared to what we could be
getting for dump sometime now it’s been
known that if you pay attention to the
carrier phase of the GPS signal and if
you have an internet connection then you
can go from meter love
2-centimeter level even millimeter level
positioning so why don’t we have this
capability on our on our phones only I
believe for a lack of imagination
manufacturers haven’t built this carrier
phase technique into their cheap GPS
chips because they’re not sure what the
general public would do with geolocation
so accurate that you could pinpoint the
wrinkles in the palm of your hand but
you and I and other innovators we can
see the potential in this next leap in
accuracy imagine for example an
augmented reality app that overlays a
virtual world 2 millimeter level
precision on top of the physical world I
could build for you a structure up here
in 3d millimeter accurate that only you
could see or my friends at home so this
level of positioning this is what we’re
looking for and I believe that within
the next few years I predict that this
kind of hyper precise scarrier phase
based positioning will become cheap and
ubiquitous and the consequences will be
fantastic
the Holy Grail of course is the GPS dot
do you remember the the movie The Da
Vinci Code here’s professor Langdon
examining a GPS dot which his accomplice
tells him is a tracking device accurate
within 2 feet anywhere on the globe but
we know that in the world of nonfiction
the GPS dot is impossible right
for one thing GPS doesn’t work indoors
and for another they don’t make devices
quite this small especially when those
devices have to relay their measurements
back over a network
well these objections were perfectly
reasonable a few years ago but things
have changed there’s been a strong trend
toward miniaturization better
sensitivity so much so that a few years
ago a GPS tracking device looked like
this clunky box to the left of the keys
compare that with the device released
just months ago that’s now packaged into
something the size of a key fob and if
you take a look at the state-of-the-art
for a complete GPS receiver which is
only a centimeter on a side and more
sensitive than ever
you realize that the GPS dot will soon
move from fiction to nonfiction imagine
what we could do with a world full of
GPS dots it’s not just that you’ll never
lose your wallet or your keys anymore or
your child when you’re at Disneyland
you’ll buy gps dots in bulk and you’ll
stick them on everything you own worth
more than a few tens of dollars I
couldn’t find my shoes one recent
morning and as usual I had to ask my
wife if she had seen them but I
shouldn’t have to bother my wife with
that kind of triviality I should be able
to ask my house where my shoes are those
of you who have made the switch to Gmail
remember how refreshing it was to go
from organizing all of your email to
simply searching it the GPS dot will do
the same for our possessions now of
course there is a flip side to the GPS
dot I was in my office some months back
and got a telephone call the woman on
the other end of the line we’ll call her
Carol was panicked apparently an
ex-boyfriend of Carol’s from California
had found her in Texas and was following
her around so you might ask at this
point why she’s calling you well so did
I but it turned out there was a
technical twist to Carol’s case every
time her ex-boyfriend would show up at
the most improbable times in the most
improbable locations he was carrying an
open laptop and over time Carol realized
that he had planted a GPS tracking
device on her car so she was calling me
for help
to disable it well you should go to a
good mechanic and have him take him look
at your car I said I already have she
told me he didn’t see anything obvious
and he said he’d have to take the car
apart piece by piece well then uh you
better go to the police I said I already
have she replied they’re not sure this
rises to the level of harassment and
they’re not set up technically to find
the device
okay what about the FBI I’ve talked to
them too and same story we then talked
about her coming to my lab and us
performing a radio sweep of her car but
I wasn’t even sure that would work given
that some of these devices are
configured to only transmit when they’re
inside safe zones or when the car is
moving so there we were Carol isn’t the
first and certainly won’t be the last to
find herself in this kind of fearsome
environment worrisome situation caused
by GPS tracking in fact as I looked into
her case I discovered to my surprise
that it’s not clearly illegal for you or
me to put a tracking device on someone
else’s car the Supreme Court ruled last
month that a policeman has to get a
warrant if he wants to do prolonged
tracking but the law isn’t clear about
civilians doing this to one another so
it’s not just big brother we have to
worry about but big neighbor
there is one alternative the Carroll
could have taken very effective it’s
called the wave bubble it’s a an open
source GPS jammer developed by L’Amour
freed a graduate student at MIT and
L’Amour calls it a tool for reclaiming
our personal space with a flip of the
switch you create a bubble around you
within which GPS signals can’t reside
they get drowned out by the bubble and
L’Amour designed this in part because
like Carol she felt threatened by GPS
tracking then she posted her design to
the web and if you don’t have time to
build your own you can buy one Chinese
manufacturers now sell thousands of
nearly identical devices on the Internet
so you might be thinking the way bubble
sounds great I should have one might
come in handy if somebody ever puts a
tracking device on my car but you should
be aware that its use is very much
illegal in the United States and why is
that well because it’s not a bubble at
all it’s jamming signals don’t stop at
the edge of your personal space or at
the edge
car they go on to jam innocent GPS
receivers for miles around you now if
you’re Carol or L’Amour or someone who
feels threatened by GPS tracking it
might not feel wrong to turn on a wave
bubble but in fact the results can be
disastrous imagine for example you’re
the captain of a cruise ship trying to
make your way through a thick fog and
some passenger in the back turns on a
wave bubble all of a sudden your GPS
readout goes blank and now it’s just you
and the fog and whatever you can pull
off the radar system if you remember how
to work it
they in fact they don’t update or upkeep
lighthouses anymore and Loran the only
backup to GPS was discontinued last year
our modern society has a special
relationship with GPS we’re almost
blindly reliant on it it’s built deeply
into our systems and infrastructure some
call it the invisible utility so turning
on a wave bubble might not just cause
inconvenience it might be deadly but as
it turns out for purposes of protecting
your privacy at the expense of general
GPS reliability there’s something even
more potent and more subversive than a
wave bubble and that is a GPS spoofer
the idea behind the GPS spoofer is
simple instead of jamming the GPS
signals you fake them you imitate them
and if you do it right the device you’re
attacking doesn’t even know it’s being
spoofed so let me show you how this
works in any GPS receiver there’s a peak
inside that corresponds to the authentic
signals these three red dots represent
the tracking points that try to keep
themselves centered on that peak but if
you send in a fake GPS signal another
peak pops up and if you can get these
two peaks perfectly aligned the tracking
points can’t tell the difference and
they get hijacked by the stronger
counter
signal with the authentic peak getting
forced off at this point the game is
over the fake signals now completely
control this GPS receiver so is this
really possible can someone really
manipulate the timing and positioning of
a GPS receiver just like that with a
spoofer well the short answer is yes the
key is that civil GPS signals are
completely open
they have no encryption they have no
intent ocation they’re wide open
vulnerable to a kind of spoofing attack
even so up until very recently nobody
worried about GPS spoofer x' people
figured that it would be too complex or
too expensive for some hacker to build
one but I and a friend of mine from
graduate school we didn’t see it that
way we knew it wasn’t going to be so
hard and we wanted to be the first to
build one so we could get out in front
of the problem and help protect against
GPS spoofing I remember vividly the week
it all came together we built it at my
home which means that I got a little
extra help from my three-year-old son
Ramon here’s Ramon looking for a little
attention from dad that week at first
the spoof it was just a jumble of cables
and computers though we eventually got
it packaged into a small box now the dr.
Frankenstein moment when the spoofer
finally came alive and I glimpsed its
awfull potential came late one night
when I tested the spoofer against my
iPhone
let me show you some actual footage from
that very first experiment I had come to
completely trust this little blue dot
and it’s reassuring blue halo they seem
to speak to me they say here you are
here you are
and you can trust us so something felt
very wrong about the world it was a
sense almost of betrayal when this
little blue dot started at my house and
went running off toward the north
leaving me behind I wasn’t moving what I
then saw in this little moving blue dot
was the potential for chaos I saw
airplanes and ships veering off course
with the captain learning only too late
that something was wrong
I saw the GPS derived timing of the New
York Stock Exchange being manipulated by
hackers you can scarcely imagine the
kind of havoc you could cause if you
knew what you were doing with a GPS
spoofer there is though one redeeming
feature of the GPS spoofer it’s the
ultimate weapon against an invasion of
GPS dots imagine for example you’re
being tracked but you can play the
tracker for a fool pretending to be at
work when you’re really on vacation or
if you’re Carol you could lure your
ex-boyfriend into some empty parking lot
where the police are waiting for him so
I’m fascinated by this conflict a
looming conflict between privacy on the
one hand and the need for a clean radio
spectrum on the other we simply cannot
tolerate GPS jammers and spoof errs and
yet given the lack of effective legal
means for protecting our privacy from
the GPS dot can you really blame people
from wanting to turn them on for wanting
to use them I hold out hope that we’ll
be able to reconcile this conflict with
some sort of some yet uh uninventive
technology but meanwhile grab some
popcorn because things are going to get
interesting within the next few years
many of you will be the proud owner of a
GPS dot maybe you’ll have a whole bag
full of them
you’ll never lose track of your things
again
the GPS dot will fundamentally reorder
your life but will you be able to resist
the temptation to track your fellow man
or will you be able to resist the
temptation to turn on a GPS spoofer or a
wave bubble to protect your own privacy
so as usual what we see just beyond the
horizon is full of promise and peril
it’ll be fascinating to see how this all
turns out thanks