三个成电人一起“黑掉”GPS?美国福布斯这样报道……
日前,在网络安全界顶级国际会议USENIX Security2018上,来自电子科技大学、弗吉尼亚理工大学以及微软研究院的研究团队发表了题为“All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems”( 你的GPS都归我:迈向道路导航系统的隐蔽劫持)的论文。
电子科技大学英才学院2013届毕业生曾科雄为论文第一作者,英才学院2015级本科生刘诗楠为第二作者, 该团队杨亚玲教授(电子科技大学校1999届毕业生)为论文的通讯作者。
如何用你察觉不到的方式
通过GPS导骗你?
这个团队到底是怎么把GPS系统“黑”掉的呢?他们提出了一种高级GPS欺骗方法——隐蔽劫持。
像这张图片里面看到的,若你飞出重洋,到达了位于纽约曼哈顿的A位置,你想去的地方在D点;但通过幽灵劫持,被GPS欺骗器篡改了位置,你和导航仪都自以为在B点呢!这时,当你根据导航地图前往D点的时候,会最终通过相同的道路和指示到达C,从而被导偏到攻击者事先设定的位置。
使用这种攻击方式,能让导航用户或者无人车在没有察觉的情况下,就被导偏至指定地点、或者在一个圈中团团转、甚至导至单行道上逆行。“平均下来,我们能为1条道路找到1547条可行的攻击路径,其中99.8%的路径都包含危险的道路或者地点。”团队成员王栋这样说道。
“同时,在征得无线电管理委员会同意的情况下,我们对自制的便携式GPS欺骗装置也进行了测量,其影响范围在40至50米,在一般的功率下平均45秒就能篡改设备位置。在保证不会影响其余车辆的情况下,我们进行了路测,两次攻击分别将车辆导偏2.1和2.5千米。而且在有人参与的情况下,我们在中美两国的模拟实验,也证实了陌生环境下,95%的使用者都会被攻击到。”团队曾科雄博士介绍道。
进一步的原理是什么?
这样的攻击是怎么实现的呢?据弗吉尼亚理工大学王刚教授说,关键点和难点都在于微调GPS的位置,使导航软件的指示和真实的道路能够匹配。
在我们平时使用导航的时候,软件给出的指令和道路是基本匹配的。而道路路网上,有非常多相似的道路,通过控制导航所示的位置和运动速度,让其提前或延后一点时间转弯,进而匹配指示与真实道路情况,一步一步地积累误差,使得受害者进入到预设地点。
为什么可以“随心所欲”地篡改GPS呢?由于GPS在系统设计的过程中,并没有引入加密机制,其民用频段的关键算法和调制方式又是完全公开的。利用这一点,就可以采用软件定义无线电技术自主生成GPS信号。该研究团队的刘诗楠同学通过更改开源的黑客软硬件完成了下图这样一个设备,仅需要不到1500元的设备,就完成了相应功能。
那么如何进行防御呢?弗吉尼亚理工大学杨亚玲教授指出,当前还没有实际能够利用或者部署的有效防御手段。因此学术界更应该从位置检验、信号授权、传感器聚合等方式,利用现有硬件进行软件升级,加强大规模部署的可能性。
不管怎么说,全世界大规模的导航设备都面临了实实在在的威胁,确实也是值得关注的!
不知去年美国军舰总是被撞是不是也是因为这种技术呢?
Want to really annoy someone who relies on Google Maps for satellite navigation? Researchers have come up with a novel way of stealthily sending people in the wrong direction, using $250 of equipment that can spoof GPS signals and switch in “ghost” maps that appear to be the real thing but are in fact a kind of digital illusion.
The researchers—from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research—tested out their attacks at midnight in Chengdu, China, riding around in a Ford Escape, guided by Google’s navigation software running on two different phones, a Xiaomi with Android 8.0 and a Huawei on Android 6.0. Their hacks used an algorithm that searched for map layouts that look similar but aren’t the same as the real ones. It’s then possible to switch in a “ghost location” to replace the legitimate place the driver wants to get to without them noticing, according to the researchers’ paper.
Why bother with the ghost map? To keep the driver truly unaware they’re going the wrong way. In a typical GPS spoofing attack, the hacker forces the software to connect to their own equipment rather than the legitimate satellite systems. The hacker can then start sending false GPS data. But any sensible driver would be able to determine something was wrong if the map suddenly looked very different. For instance, a driver might see a straight road where the spoofed GPS shows a crossroads. So for a truly stealthy attack, a replica map is required.
The algorithm searches for matching maps by using a dataset of 600 taxi trips taken across Manhattan and Boston. They were acquired from from the NYC Taxi and Limousine Commission (TLC) and the Boston taxi trace dataset used by MIT Challenge. “On average, our algorithm identified 1547 potential attacking routes for each target trip for the attacker to choose from,” the researchers claimed in their paper.
In their first of two attacks in the real world, a ghost destination was set to another location on the original route. This meant the driver wouldn’t be alerted with the “recalculating” voice prompt, even though they were taken 2.1 kilometers away from the original destination. The second attack did trigger a recalculating prompt, but was taken in the opposite direction to where they’d asked to go.
All this was achieved with a portable spoofer of various equipment—a HackRF One software defined radio, a Raspberry Pi, a portable power source and an antenna—that cost a total of $220 and could easily fit into a backpack. This could be controlled remotely, with the spoofing equipment installed under the car, the academics claimed in a paper due to be presented at the 2018 USENIX Security Symposium taking place in Baltimore this August.
There’s still the possibility a user would notice road names or other landmarks were different. But in tests on a driving simulator, where 40 participants in the study were asked to motor around a virtual world, 38 were still tricked into heading to the wrong destinations. Kexiong Zeng, a researcher from Virginia Tech, told Forbes the attacks were primarily aimed at people who didn’t know the area in which they were travelling.
A ‘troubling’ hack
The real risk for drivers is the possibility of being diverted and ambushed, said Zeng. He also claimed that his attacks would work on other GPS-based software, including Apple Maps and Pokemon Go.
Alan Woodward, a professor at the University of Surrey in the U.K., said the attack was “troubling both in its subtlety and its apparent effectiveness.”
“We are all becoming so reliant upon what our car driver aids tell us that were reaching a stage where we believe what were told even if our common sense says otherwise. Hence, if someone can change the information being presented by any driver aid they can effectively control you. Why hack the computer-controlled steering of car to take you somewhere when they can make you drive there yourself?
"The very reason we use GPS maps is because we are unfamiliar with an area so you can easily see how this attack, if done subtly, would be effective.”
Such attacks could be prevented with encryption. But it would be incredibly hard to deploy that across the myriad GPS technologies in use across the world, according to Zeng. “If you want to stop this problem in a fundamental way, you have to implement encryption, which requires you to modify the satellites and the GPS hardware and software,” he added. It’d require a very high modification cost and a very long cycle to implement this, given there are billions of GPS receivers out there. … It’s a pain in the ass.”
Google hadn’t responded to a request for comment at the time of publication.
Tesla’s secret security
Earlier this week, Zeng and his colleagues tried out their hacks on a Tesla Model S from 2014. They wanted to see if they could manipulate the car’s navigation system on the vehicle using the same techniques. But, thanks to a piece of tech used by Tesla, they failed.
“We tried to take over its navigation system by overpowering the GPS signals but were not able to manipulate the location as we want. More specifically, Tesla is using an advanced u-blox navigation chip, which implements some anti-spoofing function,” Zeng told me.
“Theoretically, this kind of defense can still be cracked by a more advanced spoofer. Now we are working on improving our spoofer and plan to test it on that specific u-blox chip.”
Zeng gave credit to Tesla for deploying such defensive measures. “Luxury cars come with luxury navigation chips.”
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...