Spirent Security Experts Predict Greater Risks to GPS, Including Connected Vehicles

Photo courtesy of IIHS

Spirent Communications plc’s annual security forecast warns of the increased likelihood of disruptions this year to a wide variety of civil and military applications relying on global navigation satellite systems — GPS, GLONASS, Galileo, and BeiDou. Included in the forecast are expanded threats to connected vehicles by malicious attackers.

The prediction of greater risk from hacking and location spoofing attacks by criminal, state-sponsored, and other adversaries is part of Spirent’s annual security forecast for 2017, which was announced on February 3, 2017. The forecast also highlights the continued risk of distributed denial of service (DDoS) attacks on Internet of things (IoT) devices and industries, including automotive, that Spirent believes are the prime targets for security threats soon.

Additionally, Spirent will demonstrate its expanded focus on security at the upcoming RSA Conference 2017 with a preview version of its Cyberflood performance and security validation software at the Moscone Center in San Francisco, February 13-17. Also at the conference, Spirent positioning security technologist Guy Buesnel will present a classroom session on the evolution of deliberate threats to GNSS.

In addition to an increased likelihood of GNSS interference, Spirent’s security forecast for 2017 predicts an expansion of risks from more frequent DDoS attacks against IoT devices; threats to IoT security; threats to medical applications, networks, and the automotive industry. The forecast predicts increased threats to connected vehicles by malicious attackers, as a greater number of attack vectors are inadvertently created that enable remotely gaining control of critical operational components of the vehicle, including engine, steering, and braking functions in addition to other vehicle systems that communicate through the relatively insecure CAN bus infrastructure.

Photo courtesy of IIHS

“With the greater drive towards use of autonomous vehicles, which rely heavily on precision GPS positioning and timing, threats posed by signal spoofing, jamming, time tinkering, and more could result in serious disruptions and worse,” said Sameer Dixit, senior director of security consulting at Spirent. “The transportation industry is taking this very seriously and already looking at various ways to protect against these threats. Because of this, we see momentum towards improving GNSS security in 2017.”

Spirent’s global network of GPS interference detectors has recorded more than 15,000 interference events since it was deployed in 2015, including a surprisingly high number of unintentional events caused by various forms of interference in the GPS L1 frequency band. A significant number of these unintentional events, which often correlate with transmissions from nearby RF transmitters and telecom equipment, have the potential to interfere with GPS signal reception.

Dixit noted one bright spot on the horizon: the increasing awareness up and down the technology food chain of the importance of security in these systems, and the entry of large, experienced, and security-conscious players into the IoT arena.

Last year, Spirent’s disruption predictions for 2016 led off with a prescient warning about the increased risk of cyber espionage, which has since been borne out, most notably by news reports of suspected activities by the Russian government to influence the 2016 U.S. presidential election.