With a plethora of location-based services hitting the market, GPS appears to be an essential feature in today’s digitally driven world.
But Global Positioning System data can be used to create serious problems — even life-threatening ones — if control falls into the wrong hands, an expert warns.
“From car navigation systems to ‘Pokemon Go’ … too many things today use GPS as a reliable source of location information,” Dinesh Manandhar, a project associate professor at the University of Tokyo, said in a recent interview. “People trust the location information from GPS satellites like God.”
Manandhar is developing systems to prevent what’s called GPS spoofing — the falsification of location data.
Spoofing is easy, he said, and only requires an instrument called a GPS simulator. Used by manufacturers to test the accuracy of their products, GPS simulators generate the same kind of signals as GPS satellites, and can thus alter the location information received by devices such as smartphones, car navigation systems and others devices.
By using a GPS simulator, which costs about ¥1 million but could get cheaper in the future, “you can falsify your smartphone’s information and make it look like you are going back and forth between Tokyo and Hawaii within just three minutes,” Manandhar, 52, said in Japanese.
“Pokemon Go” has been a prime target of GPS spoofers. Some players are tweaking the GPS information in their smartphones to let them catch rare characters in far-flung places without setting foot outside home. Some have even posted YouTube videos showing how to do it.
Although the trick hasn’t yet led to a major incident, Manandhar said that GPS spoofing could be used to attack someone as companies continue to turn more of our machines and appliances into remotely controllable objects.
For example, if autonomous cars become popular, a hacker could one day remotely force it to crash into a wall or another vehicle, causing a fatal accident, he said.
GPS spoofing can also be used to break a security technology called geofencing, which uses GPS data to create virtual boundaries that restrict access to classified information when outside certain locations.
“Let’s say I were a top manager of a major bank. I could access all the information while sitting at my desk, but I wouldn’t be able to access it from the room next to it,” Manandhar said. “But people could get access to such information if they disguised the location information received by computer.”
Although the dangers of GPS spoofing have been pointed out in academic circles since the early 2000s, businesses ignored them because there weren’t many devices making use of location-based technologies, he said.
But today, with the proliferation of GPS-capable smartphones and other networked devices, “anyone can become a target of the attack,” he said.
Under the Radio Law, the government forbids public transmission of radio waves — including GPS signals — without permission from the communications minister. Violators can face a maximum prison term of one year or a fine of up to ¥1 million.
Manandhar says that while it is technically possible to alert GPS users when fake signals are received, and to protect them from receiving fake signals at all, many devices don’t have anti-spoofing technology installed.
“The products we are designing today are ones that we will use five years later. So we must assume the possible risks and prepare for the threats that might jeopardize our society in the future,” he said.
“When PCs became common for many people, the sudden outbreak of computer viruses became an issue around the world, and anti-virus software become an essential tool for everyone to protect their data,” he said. “The same thing is now happening around GPS. … We need a system to fight back against the risk.”
In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.