-- Christoph Gruber "If privacy is outlawed, only outlaws will have privacy." Phil Zimmermann
Am 10.07.2010 um 12:57 schrieb Jerry Leichter <leich...@lrw.com>: > On Jul 9, 2010, at 1:00 PM, Pawel wrote: > >> >> Hi, >> >> On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" >> <pgut001.reflec...@gmail.com> wrote: >> >>> GPS tracking units that you can fit to your car to track where your kids >>> are taking it.... [T]he sorts of places that'll sell you card skimmers and >>> RFID cloners have started selling miniature GPS jammers that plug >>> into cigarette-lighter sockets on cars.... In other words these are >>> specifically designed to stop cars from being tracked. >>> >>> (Some of the more sophisticated trackers will fall back to 3G GSM-based >>> tracking via UMTS modems if they lose the GPS signal, it'll be interested >>> to see how long it takes before the jammers are updated to deal with 3G >>> signals as well, hopefully while leaving 2G intact for phonecalls). >> >> Just wondering, why wouldn't GPS trackers use 2G to determine the location? >> >> And, also, does it even need a cell service subscription for location >> determination, or is it enough to query the cell towers (through some >> handshake protocols) to figure out the proximities and coordinates? > The 2G stuff wasn't designed to provide location information; that was hacked > in (by triangulating information received at multiple towers) after the fact. > I don't know that anyone has tried to do it from the receiver side - it seems > difficult, and would probably require building specialized receiver modules > (expensive). 3G provides location information as a standard service, so it's > cheap and easy. > > The next attack, of course, is to use WiFi base station triangulation. > That's widely and cheaply available already, and quite accurate in many > areas. (It doesn't work out in the countryside if you're far enough from > buildings, but then you don't have to go more than 60 miles or so from NYC to > get to areas with no cell service, either.) The signals are much stronger, > and you can get location data with much less information, so jamming would be > more of a challenge. Still, I expect we'll see that in the spy vs. spy race. > > I wrote message to Risks - that seems to never have appeared - citing an > article about GPS spoofing. (I've included it below.) In the spy vs. spy > game, of course, it's much more suspicious if the GPS suddenly stops working > than if it shows you've gone to the supermarket. Of course, WiFi (and > presumably UMTS equipment, though that might be harder) can also be spoofed. > I had an experience - described in another RISKS article - in which > WiFi-based location suddenly teleported me from Manhattan to the Riviera - > apparently because I was driving past a cruise ship in dock and its on-board > WiFi had been sampled while it was in Europe. > -- Jerry > > > The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/8533157.stm) on > the growing threat of jamming to satellite navigation systems. The > fundamental vulnerability of all the systems - GPS, the Russian Glonass, and > the European Galileo - is the very low power of the transmissions. (Nice > analogy: A satellite puts out less power than a car headlight, illuminating > more than a third of the Earth's surface from 20,000 kilometers.) Jammers - > which simply overwhelm the satellite signal - are increasingly available > on-line. According to the article, low-powered hand-held versions cost less > than £100, run for hours on a battery, and can confuse receivers tens of > kilometers away. > > The newer threat is from spoofers, which can project a false location. This > still costs "thousands", but the price will inevitably come down. > > A test done in 2008 showed that it was easy to badly spoof ships off the > English coast, causing them to read locations anywhere from Ireland to > Scandinavia. > > Beyond simple hacking - someone is quoted saying "You can consider GPS a > little like computers before the first virus - if I had stood here before > then and cried about the risks, you would've asked 'why would anyone > bother?'." - among the possible vulnerabilities are to high-value cargo, > armored cars, and rental cars tracked by GPS. As we build more and more > "location-aware" services, we are inherently building more > "false-location-vulnerable" services at the same time. > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
