Another emerging criminal tactic -- interfering with GPS signals -- has security experts divided on just how harmful it could become.
Jamming a GPS signal at the source is next to impossible, says Phil Lieberman, founder of enterprise security vendor Lieberman Software. Blocking the radio signals broadcast from orbiting GPS satellites would require a massive counter-transmission. And because the satellites are operated by the U.S. military, jamming them would be considered an act of war and a federal crime, says Lieberman.
However, it is easy to jam GPS receivers with a low-cost jamming device like one sold by Brando. The devices jam the GPS reception by overloading it with a similar signal -- the receiver becomes confused because it can't find a steady satellite transmission.
Lieberman says this kind of jamming is usually more of an annoyance than a major security threat. A hacker could, for instance, set up a jammer in an intersection and temporarily disable the GPS in passing vehicles. These attacks are relatively rare, says Lieberman: "It is usually just sociopaths doing this kind of thing."
Lieberman doesn't give much credence to fears about jammers disrupting airplanes or air traffic control systems, because those networks use a completely different GPS signal from the one we use in cars and handheld devices. Jamming could, however, be a potentially dangerous issue when it comes to financial records, he says, because GPS devices are used in the banking industry to add a timestamp to financial transactions. Although completely blocking transactions would be difficult, Lieberman said, an industrious hacker could theoretically disrupt transactions and cause headaches for banks.
Security expert Roger Johnston, a systems engineer at the Argonne National Laboratory in Chicago, says spoofing GPS signals is the greater danger, explaining that GPS receivers are low-power devices that latch on to any strong signal. In tests, he has set up a GPS spoofing signal, operated out of a passenger car, that sends erroneous GPS information to nearby receivers. "You don't have to know anything about electronics or GPS to set these up; they are very user-friendly," says Johnston.
Johnston says spoofing could be used for serious crimes -- transmitting information to a delivery truck that routes it into a dark alley where criminals are waiting, changing the timestamps on financial transactions, delaying emergency vehicles from finding their routes. There have been no reported cases of GPS spoofing to commit a criminal act, but Johnston warns that government and business should work to deter the attacks.
Typically, he says, the security industry is reactionary: "We wait until there is a catastrophic exploit until we do anything about it." With about $15 worth of parts, today's GPS devices could be retrofitted to detect GPS spoofing and notify the user that an attack is underway, Johnston says, "but because almost nobody is interested in GPS spoofing, this is not a project we have pursued."
In the end, as Lieberman explains, there isn't a lot individuals can do to prevent GPS jamming or spoofing. If someone transmits competing signals as you drive in a car or use a handheld, the receiver will fail or be fooled -- but keep in mind that your GPS device will begin working properly again as soon as you move out of range of the jamming or spoofing device. However, it is worth noting that GPS jamming is illegal in the U.S. and violates FCC regulations. If you suspect jamming or see someone using a GPS jammer, report it to the police.
For all the other threats we've covered in this story, taking some extra precautions -- using strong encryption technology, engaging only with trusted friends on social networks, and using penetration testing software on corporate networks -- can help alleviate some fears, even if the bad guys keep coming up with new ways to make us nervous.
John Brandon is a former IT manager at a Fortune 100 company who now writes about technology. He's written more than 2,500 articles in the past 10 years. Follow his tweets at @jmbrandonbb.
