Pokémon GO is Nintendo’s new mobile gaming app, which uses GPS locations combined with the phone’s camera and accelerometer to create augmented reality images that appear on Google Maps. It is different from many other games because it requires the player to physically move to specific GPS coordinates before they can find and capture the mythical Pokémon.
It is difficult to overestimate the popularity of this game. Survey Monkey said there were over 30 million U.S. downloads through July 25. Bandwidth, a tracking service, calculated that mentions of the game on social media went from zero to 1,250,000 in the first day, and between July 4 and July 10, there were more than 4.5 million mentions. The hashtag #PokémonGo made 5,982,616,734 impressions during the same time period.
Downloads and social media mentions are not the only records Pokémon GO is setting.According to Guy Buesnel, a PNT security technologist at Spirent Communications, the game has exponentially spawned GPS spoofing apps. Buesnel explained the fundamentals of GPS spoofing and how the technology is evolving in our July 28 interview.
Q: Can you first give us a little background information on yourself and Spirent Communications?
A: I’m a security technologist at Spirent and I’m very much concerned with navigation systems and their vulnerability. My main emphasis is on developing test frameworks that will allow developers, integrators and end-users to assess the performance of GPS systems when exposed to real world threats.
Spirent Communications is a publically traded multinational telecommunications testing company headquartered in the United Kingdom. We verify and deliver high performance secure Ethernet and 4G/LTE networks, provide cloud computing environments and location-based services.
Q: What is new? Hasn’t GPS jamming been around for years?
A: We know that GPS jamming has been out there for a long time. Perhaps the best example of this is the widely available cigarette lighter jammer used by employees who do not want to be tracked, criminals who use GPS jammers to steal luxury cars or high value freight and even people confined to house arrest.
The threat I’m talking about is spoofing, where you spoof or fake your location. In other words, you make your GPS receiver or system report a false position as being the true one. There is a lot of awareness about jamming but not so much about spoofing. We do know at DEFCON last year (2015), two Chinese researchers built a very low cost Software Defined Radio, downloaded source code and were able to fake GPS signals. They showed they were able to fake the position of a drone so that it flew in a restricted airport area and they also managed to spoof the location of a car, from an underground car park, and show that it was in a lake.
Q: How does GPS spoofing work?
Source: Spirent Communications
GPS receivers get confused when presented with fake constellation signals. The spoofer simulates one or more fake signals from a more powerful software defined radio. GPS receivers are fooled into accepting the fake signals as being the true signals because the signal strength of the spoofer is greater than the real background GPS signals.
Q: Where does Pokémon GO fit into this scenario?
A: Spoofing is starting to become an issue. With the release of Pokémon GO players wanted to spoof their location so they can catch more monsters without having to leave the sanctuary of their own living room. They started out by jailbreaking their phones and downloading one of a couple GPS spoofing applications. We were stunned to see within a few days of the release of the game there were huge numbers of people trying to do this. It was quite interesting when we started looking into it. Actually the motivation wasn’t just to cheat the game. People have been making money by selling Pokémon GO accounts online. Some accounts have been sold for almost a thousand pounds a shot. In other words, money turned out to be an even greater motivation to cheat the game than simply getting a better score.
Q: Are there ways to defend against spoofing?
A: To counter spoofing the game developers very quickly began checking users’ phones to see if they were jailbroken. If so, players would be denied access and banned from play. Within days of that happening someone released an application that actually fools the system into thinking it is not jailbroken, even though it is.
In a few short weeks, awareness of GPS location spoofing has not only taken root but developers have evolved from application spoofing to creating more complex RF signal attacks using techniques similar to the Chinese researchers’ approach of using a Software Defined Radio (pictured below) as a GPS signal transmitter.
Source: Spirent Communications and trademe. The image is hard to read but the New Zealand seller appears to only want bitcoin payments (difficult to track). The seller’s name was intentionally removed from this image.
A few years ago people thought that GPS spoofing was something that people wouldn’t do. It’s amazing that it has taken a game to trigger the interest and create multiple spoofing applications. It seems that Pokémon GO has almost created a sub economy.
Is GPS spoofing a threat to the drone industry?
The vast majority of prosumer drones use GPS as their navigation system. Although it is unclear how much GPS spoofing will affect drones, or even what the motivation would be to spoof UAS flights, it is clear that spoofing is not going away anytime soon. The potential to make money from such a huge base of Pokémon GO players is simply too compelling for many entrepreneurs. The technology is evolving quickly and getting more sophisticated. The question, then, is not whether Pokémon GO has spawned an increase in GPS spoofing apps, but rather, has the game spawned an industry? Will UAS companies like DJI and 3D Robotics be able to build defenses against spoofing?
GPS chipmakers are already working to develop solutions that will provide users with enhanced protection from jamming and spoofing attacks, but it is a “cat and mouse” game: as the hackers develop better ways of spoofing GPS-based navigation systems, UAS companies will need to develop more effective protection for both commercial and recreational operators.
GPS can be vulnerable to signal jamming and spoofing but it is a superb system and a critical element for drone navigation. Much can be done to protect users from attacks like those affecting Pokémon GO. It is now becoming really important for drone companies to assess the performance of their GPS systems when exposed to real world interference or spoofing events.