Russian GNSS Spoofing

A recently released report from C4ADS following a year of research, appears to confirm the hacking and/or spoofing of GNSS transmissions by Russia’s Federal Protective Service (FSO).

https://commons.wikimedia.org/wiki/File:CYGNSS_concept_art.jpeg

GNSS is the collective term for “global navigation satellite systems“, of which the common GPS system is one. Russia and China are known to operate their own GNSS systems, alongside the GPS system developed by the US military.

The activities of the FSO – (in which it is apparent that false signals are deliberately broadcast to confuse GPS receivers, such as those you might have in your car, or those found in commercial ships or commercial aircraft) – are reputedly designed to keep attack drones away from Russian president, Vladimir Putin.

While this might seem like a not unreasonable use of such techniques, the report presents evidence that they are also using these techniques in Syria, possibly to confuse enemy military systems. There is of course a long running military conflict in the region.

It is therefore logical to assume that such techniques can and have been used all over the world at some time – past, present and future.

These techniques could be used to disrupt navigation in all sorts of transportation systems and infrastructures.

Russia shot down a Korean Air passenger jet in 1983 after an issue with the configuration of the navigation system on that Boeing 747. While this was found to be the fault of the pilots at the time, faulty navigation data could be used to initiate similar incidents, but with plausible deniability.

Quoting the report’s Executive Summary:

In this report, we present findings from a year-long investigation ending in November 2018 on an emerging subset of EW activity: the ability to mimic, or “spoof,” legitimate GNSS signals in order to manipulate PNT data. Using publicly available data and commercial technologies, we detect and analyze patterns of GNSS spoofing in the Russian Federation, Crimea, and Syria that demonstrate the Russian Federation is growing a comparative advantage in the targeted use and development of GNSS spoofing capabilities to achieve tactical and strategic objectives at home and abroad. We profile different use cases of current Russian state activity to trace the activity back to basing locations and systems in use.

The full report can be found here.

Tesla Key Fob Hack – Are We Too Clever?

The recently revealed vulnerability enabling hackers to trivially duplicate Tesla Model S key fobs, in my mind prompts an interesting technology question.

The Hack in a Nutshell

This does not apply to all Model S vehicles, but in simple terms, using a few hundred dollars of off-the-shelf radio and computer hardware, malicious actors can intercept transmissions from your key fob when nearby.

Using the intercepted data and about two seconds of computational power, they are able to duplicate your key fob.

This allows them to open your Tesla Model S, start your Tesla Model S, and drive your Tesla Model S away.

Noting that the cryptographic keys in use are only 40-bit keys, quoting from the Wired article:

The researchers found that once they gained two codes from any given key fob, they could simply try every possible cryptographic key until they found the one that unlocked the car. They then computed all the possible keys for any combination of code pairs to create a massive, 6-terabyte table of pre-computed keys. With that table and those two codes, the hackers say they can look up the correct cryptographic key to spoof any key fob in just 1.6 seconds.

The High-Tech Solution

To solve this vulnerability, Tesla are recommending a firmware update to the security systems in the Model S.

After unlocking the car and disabling the immobiliser system with the key fob, drivers would now need to enter a PIN on the console of the car before they can start it.

This provides rudimentary two-factor authentication, and is probably a reasonable solution to the problem, albeit lowering convenience for the owner.

Until the hackers figure out how to bypass the PIN code – and if the carrot is dangled, they will try.

Hackers are typically highly intelligent people who crave the challenge.

So, what else could we do?

The Lower-Tech Solution

As humans, how did we cope with unlocking our cars and starting them up before remote key fobs?

We coped, and we coped very well.

People walked up to their cars, and put the key in the door. They got inside and put the key in the ignition, and were on their way.

Why aren’t we still doing this?

Key systems without radio transmitters can still contain security codes, which could be read by the car when the key comes into physical contact with it.

All without broadcasting the security codes for hackers to scan and potentially use against you.

It would be harder to steal your car – and would our lives be that much more difficult if we stepped back to something like this?

Sometimes simple proven ideas are far better for us than fancy new ideas that haven’t been completely thought through.