Slashdot is carrying a story about new research published by the good folks at Carnegie Mellon and Coherent Navigation detailing a series of classes of GPS attacks beyond those previously demonstrated.
Of particular note to this community, the research details vulnerabilities found in the uBlox 6H GPS receiver.
The researchers go beyond the typical jamming and spoofing techniques, and also examine weaknesses in GPS messaging and in attacks against the embedded operating systems and applications which communicate with the GPS modules.
The uBlox 6H does not fair as badly as some of the other modules, and besides spoofing, the only other identified issues is described as "Vulnerable Week #"
"Vulnerable Week Number Date calculations in GPS receivers are done using the Z-count, which consists of a 10 bit Week Number (WN) and 9 bit Time of Week field.
In our attack, we first set the week number to be one past the current week. No other data was changed in the navigation mes- sage. When the ephemeris expired (the IODC and IODE changed), all receivers except the eXplorist accepted the new week number. We were then able to set the week number to any value in the 10 bit range."
The researchers present a series of recommendations to combat these vulnerabilities, few of which will be news to seasoned software developers. The researchers break these recommendations into "Data-Level Protection," "OS-Defenses," and "GPS Dependent Systems" but the most valuable take away for our community is "input validation," "input validation," and "input validation" which gets added to the already well understood lessons (and not as easily conceived solutions) from GPS jamming and spoofing techniques.
But should our community be concerned by these techniques? With an estimated cost of $2500 to create the equipment to exploit many of these weaknesses, and recent demonstrations of an ARDrone virus, it might not hurt to begin thinking more seriously about security at key input points (telemetry and GPS data streams, at least.) In our brave new world, a system crash could not be more aptly named.