How to fool a GPS - Todd Humphreys
Something happened in the early morning hours of May 2nd, 2000, that had a profound effect on the way our society operates. Ironically, hardly anyone noticed at the time. The change was silent, imperceptible, unless you know exactly what to look for. On that morning, U.S. President Bill Clinton ordered that a special switch be thrown in the orbiting satellites of the Global Positioning System. Instantaneously, every civilian GPS receiver around the globe went from errors the size of a football field to errors the size of a small room.
It's hard to overstate the effect that this change in accuracy has had on us. Before this switch was thrown, we didn't have in-car navigation systems, giving turn-by-turn directions, because back then GPS couldn't tell you what block you were on, let alone what street. For geolocation accuracy matters, and things have only improved over the last 10 years. With more base stations, more ground stations, better receivers, and better algorithms, GPS can now not only tell you what street you are on but what part of the street.
This level of accuracy has unleashed a firestorm of innovation. In fact, many of you navigated here today with the help of your TomTom or your smartphone. Paper maps are becoming obsolete. But we now stand on the verge of another revolution in geolocation accuracy.
What if I told you that the 2-meter positioning that our current cell phones and our TomTom's give us is pathetic compared to what we could be getting? For some time now, it's been known that if you pay attention to the carrier phase of the GPS signal and if you have an internet connection, then you can go from meter level to centimeter level, even millimeter level positioning.
So why don't we have this capability on our phones? Only, I believe, for a lack of imagination. Manufacturers haven't built this carrier phase technique into their cheap GPS chips because they're not sure what the general public would do with geolocation so accurate that you could pinpoint the wrinkles in the palm of your hand. But you and I, and other innovators, can see the potential in this next leap in accuracy.
Imagine, for example, an augmented reality app that overlays a virtual world to millimeter level precision on top of the physical world. I could build for you a structure up here in 3D, millimeter accurate, that only you could see, or my friends at home. So this level of positioning, this is what we're looking for, and I believe that within the next few years, I predict that this kind of hyper-precise, carrier phase-based positioning will become cheap and ubiquitous, and the consequences will be fantastic.
The Holy Grail, of course, is the GPS dot. Do you remember the movie "The Da Vinci Code"? Here’s Professor Langdon examining a GPS dot, which his accomplice tells him is a tracking device accurate within 2 feet anywhere on the globe. But we know that in the world of non-fiction, the GPS dot is impossible. Right? For one thing, GPS doesn't work indoors, and for another, they don't make devices quite this small, especially when those devices have to relay their measurements back over a network.
Well, these objections were perfectly reasonable a few years ago, but things have changed. There's been a strong trend toward miniaturization, better sensitivity, so much so that a few years ago, a GPS tracking device looked like this clunky box to the left of the keys. Compare that with the device released just months ago; it's now packaged into something the size of a key fob.
If you take a look at the state-of-the-art for a complete GPS receiver, which is only a centimeter on a side and more sensitive than ever, you realize that the GPS dot will move from fiction to non-fiction. Imagine what we could do with a world full of GPS dots. It's not just that you'll never lose your wallet or your keys anymore, or your child when you're at Disneyland. You'll buy GPS dots in bulk, and you'll stick them on everything you own worth more than a few tens of dollars.
I couldn't find my shoes one recent morning, and as usual, I had to ask my wife if she had seen them. But I shouldn't have to bother my wife with that kind of triviality; I should be able to ask my house where my shoes are. Those of you who have made the switch to Gmail remember how refreshing it was to go from organizing all of your email to simply searching it. The GPS dot will do the same for our possessions.
Now, of course, there is a flip side to the GPS dot. I was in my office some months back and got a telephone call. The woman on the other end of the line – we'll call her Carol – was panicked. Apparently, an ex-boyfriend of Carol's from California had found her in Texas and was following her around.
So you might ask at this point why she's calling you. Well, so did I. But it turned out there was a technical twist to Carol's case. Every time her ex-boyfriend would show up at the most improbable times in the most probable locations, he was carrying an open laptop. Over time, Carol realized that he had planted a GPS tracking device on her car, so she was calling me for help to disable it.
"Well, you should go to a good mechanic and have them look at your car," I said. "I already have," she told me. "He didn't see anything obvious and said he'd have to take the car apart piece by piece." "Well then, you better go to the police," I said. "I already have," she replied. "They're not sure this rises to the level of harassment and they're not set up technically to find the device."
"Okay, what about the FBI?" "I've talked to them too, and same story." We then talked about her coming to my lab and us performing a radio sweep of her car, but I wasn't even sure that would work given that some of these devices are configured to only transmit when they're inside safe zones or when the car is moving.
So there we were. Carol isn’t the first and certainly won’t be the last to find herself in this kind of fearsome environment, a worrisome situation caused by GPS tracking. In fact, as I looked into her case, I discovered to my surprise that it’s not clearly illegal for you or me to put a tracking device on someone else’s car. The Supreme Court ruled last month that a policeman has to get a warrant if he wants to do prolonged tracking, but the law isn’t clear about civilians doing this to one another.
So it’s not just Big Brother we have to worry about, but Big Neighbor. There is one alternative that Carol could have taken, very effective. It’s called The Wave Bubble. It’s an open-source GPS jammer developed by Lor Freed, a graduate student at MIT, and LaMore calls it a tool for reclaiming our personal space. With a flip of the switch, you create a bubble around you within which GPS signals can’t reside; they get drowned out by the bubble.
LaMore designed this in part because, like Carol, she felt threatened by GPS tracking. Then she posted her design to the web, and if you don’t have time to build your own, you can buy one. Chinese manufacturers now sell thousands of nearly identical devices on the internet.
So you might be thinking, the Wave Bubble sounds great, I should have one; it might come in handy if somebody ever puts a tracking device on my car. But you should be aware that its use is very much illegal in the United States. And why is that? Well, because it's not a bubble at all. Its jamming signals don’t stop at the edge of your personal space or at the edge of your car; they go on to jam innocent GPS receivers for miles around you.
Now, if you’re Carol or LaMore or someone who feels threatened by GPS tracking, it might not feel wrong to turn on a Wave Bubble. But in fact, the results can be disastrous. Imagine, for example, you’re the captain of a cruise ship trying to make your way through a thick fog, and some passenger in the back turns on a Wave Bubble. All of a sudden, your GPS readout goes blank, and now it's just you and the fog and whatever you can pull off the radar system, if you remember how to work it.
They, in fact, don’t update or upkeep lighthouses anymore, and the only backup to GPS was discontinued last year. Our modern society has a special relationship with GPS. We’re almost blindly reliant on it. It’s built deeply into our systems and infrastructure. Some call it the invisible utility, so turning on a Wave Bubble might not just cause inconvenience; it might be deadly.
But as it turns out, for purposes of protecting your privacy at the expense of general GPS reliability, there’s something even more potent and more subversive than a Wave Bubble, and that is a GPS spoofer. The idea behind the GPS spoofer is simple: instead of jamming the GPS signals, you fake them. You imitate them, and if you do it right, the device you’re attacking doesn’t even know it’s being spoofed.
So let me show you how this works. In any GPS receiver, there’s a peak inside that corresponds to the authentic signals. These three red dots represent the tracking points that try to keep themselves centered on that peak. But if you send in a fake GPS signal, another peak pops up, and if you can get these two peaks perfectly aligned, the tracking points can’t tell the difference, and they get hijacked by the stronger counterfeit signal, with the authentic peak getting forced off. At this point, the game is over. The fake signals now completely control this GPS receiver.
So, is this really possible? Can someone really manipulate the timing and positioning of a GPS receiver just like that with a spoofer? Well, the short answer is yes. The key is that civil GPS signals are completely open; they have no encryption, they have no authentication. They’re wide open, vulnerable to a kind of spoofing attack.
Even so, up until very recently, nobody worried about GPS spoofers. People figured that it would be too complex or too expensive for some hacker to build one. But I, and a friend of mine from graduate school, didn’t see it that way. We knew it wasn’t going to be so hard, and we wanted to be the first to build one so we could get out in front of the problem and help protect against GPS spoofing.
I remember vividly the week it all came together. We built it at my home, which means that I got a little extra help from my three-year-old son, Ramon. Here’s Ramon looking for a little attention from Dad that week. At first, the spoofer was just a jumble of cables and computers, though we eventually got it packaged into a small box.
Now, the Dr. Frankenstein moment when the spoofer finally came alive and I glimpsed its awful potential came late one night when I tested the spoofer against my iPhone. Let me show you some actual footage from that very first experiment. I had come to completely trust this little blue dot and its reassuring blue halo. They seemed to speak to me; they’d say, “Here you are, here you are, and you can trust us.”
So something felt very wrong about the world. It was a sense almost of betrayal when this little blue dot started at my house and went running off toward the north, leaving me behind. I wasn't moving. What I then saw in this little moving blue dot was the potential for chaos. I saw airplanes and ships veering off course, with the captain learning only too late that something was wrong. I saw the GPS-derived timing of the New York Stock Exchange being manipulated by hackers. You can scarcely imagine the kind of havoc you could cause if you knew what you were doing with a GPS spoofer.
There is, though, one redeeming feature of the GPS spoofer. It's the ultimate weapon against an invasion of GPS dots. Imagine, for example, you’re being tracked; well, you can play the tracker for a fool, pretending to be at work when you’re really on vacation. Or if you’re Carol, you could lure your ex-boyfriend into some empty parking lot where the police are waiting for him.
So I'm fascinated by this conflict, a looming conflict between privacy on the one hand and the need for a clean radio spectrum on the other. We simply cannot tolerate GPS jammers and spoofers. And yet, given the lack of effective legal means for protecting our privacy from the GPS dot, can you really blame people for wanting to turn them on, for wanting to use them?
I hold out hope that we’ll be able to reconcile this conflict with some sort of yet uninvented technology. But meanwhile, grab some popcorn, because things are going to get interesting.
Within the next few years, many of you will be the proud owner of a GPS dot. Maybe you’ll have a whole bag full of them. You’ll never lose track of your things again. The GPS dot will fundamentally reorder your life. But will you be able to resist the temptation to track your fellow man, or will you be able to resist the temptation to turn on a GPS spoofer or a Wave Bubble to protect your own privacy?
So, as usual, what we see just beyond the horizon is full of promise and peril. It’ll be fascinating to see how this all turns out. Thanks.