[145303] in cryptography@c2.net mail archive
Re: Spy/Counterspy
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Sat Jul 10 13:27:12 2010
Cc: "Peter Gutmann (alt)" <pgut001.reflector@gmail.com>,
"cryptography@metzdowd.com" <cryptography@metzdowd.com>
From: Jerry Leichter <leichter@lrw.com>
To: Pawel <pawel.veselov@gmail.com>
In-Reply-To: <F7F42601-4BED-4432-ABE7-F4D497094A0B@gmail.com>
Date: Sat, 10 Jul 2010 06:57:14 -0400
On Jul 9, 2010, at 1:00 PM, Pawel wrote:
>
> Hi,
>
> On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" =
<pgut001.reflector@gmail.com=20
> > wrote:
>
>> GPS tracking units that you can fit to your car to track where your =20=
>> kids are taking it.... [T]he sorts of places that'll sell you card =20=
>> skimmers and RFID cloners have started selling miniature GPS =20
>> jammers that plug
>> into cigarette-lighter sockets on cars.... In other words these =20
>> are specifically designed to stop cars from being tracked.
>>
>> (Some of the more sophisticated trackers will fall back to 3G GSM-=20
>> based
>> tracking via UMTS modems if they lose the GPS signal, it'll be =20
>> interested to see how long it takes before the jammers are updated =20=
>> to deal with 3G signals as well, hopefully while leaving 2G intact =20=
>> for phonecalls).
>
> Just wondering, why wouldn't GPS trackers use 2G to determine the =20
> location?
>
> And, also, does it even need a cell service subscription for =20
> location determination, or is it enough to query the cell towers =20
> (through some handshake protocols) to figure out the proximities and =20=
> coordinates?
The 2G stuff wasn't designed to provide location information; that was =20=
hacked in (by triangulating information received at multiple towers) =20
after the fact. I don't know that anyone has tried to do it from the =20
receiver side - it seems difficult, and would probably require =20
building specialized receiver modules (expensive). 3G provides =20
location information as a standard service, so it's cheap and easy.
The next attack, of course, is to use WiFi base station =20
triangulation. That's widely and cheaply available already, and quite =20=
accurate in many areas. (It doesn't work out in the countryside if =20
you're far enough from buildings, but then you don't have to go more =20
than 60 miles or so from NYC to get to areas with no cell service, =20
either.) The signals are much stronger, and you can get location data =20=
with much less information, so jamming would be more of a challenge. =20=
Still, I expect we'll see that in the spy vs. spy race.
I wrote message to Risks - that seems to never have appeared - citing =20=
an article about GPS spoofing. (I've included it below.) In the spy =20=
vs. spy game, of course, it's much more suspicious if the GPS suddenly =20=
stops working than if it shows you've gone to the supermarket. Of =20
course, WiFi (and presumably UMTS equipment, though that might be =20
harder) can also be spoofed. I had an experience - described in =20
another RISKS article - in which WiFi-based location suddenly =20
teleported me from Manhattan to the Riviera - apparently because I was =20=
driving past a cruise ship in dock and its on-board WiFi had been =20
sampled while it was in Europe.
-- Jerry
The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/=20
8533157.stm) on the growing threat of jamming to satellite navigation =20=
systems. The fundamental vulnerability of all the systems - GPS, the =20=
Russian Glonass, and the European Galileo - is the very low power of =20
the transmissions. (Nice analogy: A satellite puts out less power =20
than a car headlight, illuminating more than a third of the Earth's =20
surface from 20,000 kilometers.) Jammers - which simply overwhelm the =20=
satellite signal - are increasingly available on-line. According to =20
the article, low-powered hand-held versions cost less than =A3100, run =20=
for hours on a battery, and can confuse receivers tens of kilometers =20
away.
The newer threat is from spoofers, which can project a false =20
location. This still costs "thousands", but the price will inevitably =20=
come down.
A test done in 2008 showed that it was easy to badly spoof ships off =20
the English coast, causing them to read locations anywhere from =20
Ireland to Scandinavia.
Beyond simple hacking - someone is quoted saying "You can consider GPS =20=
a little like computers before the first virus - if I had stood here =20
before then and cried about the risks, you would've asked 'why would =20
anyone bother?'." - among the possible vulnerabilities are to high-=20
value cargo, armored cars, and rental cars tracked by GPS. As we build =20=
more and more "location-aware" services, we are inherently building =20
more "false-location-vulnerable" services at the same time.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
