Christoph Gruber
"If privacy is outlawed, only outlaws will have privacy." Phil Zimmermann

Am 10.07.2010 um 12:57 schrieb Jerry Leichter <leich...@lrw.com>:

> On Jul 9, 2010, at 1:00 PM, Pawel wrote:
>> Hi,
>> On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" 
>> <pgut001.reflec...@gmail.com> wrote:
>>> GPS tracking units that you can fit to your car to track where your kids 
>>> are taking it.... [T]he sorts of places that'll sell you card skimmers and 
>>> RFID cloners have started selling miniature GPS jammers that plug
>>> into cigarette-lighter sockets on cars....  In other words these are 
>>> specifically designed to stop cars from being tracked.
>>> (Some of the more sophisticated trackers will fall back to 3G GSM-based
>>> tracking via UMTS modems if they lose the GPS signal, it'll be interested 
>>> to see how long it takes before the jammers are updated to deal with 3G 
>>> signals as well, hopefully while leaving 2G intact for phonecalls).
>> Just wondering, why wouldn't GPS trackers use 2G to determine the location?
>> And, also, does it even need a cell service subscription for location 
>> determination, or is it enough to query the cell towers (through some 
>> handshake protocols) to figure out the proximities and coordinates?
> The 2G stuff wasn't designed to provide location information; that was hacked 
> in (by triangulating information received at multiple towers) after the fact. 
> I don't know that anyone has tried to do it from the receiver side - it seems 
> difficult, and would probably require building specialized receiver modules 
> (expensive).  3G provides location information as a standard service, so it's 
> cheap and easy.
> The next attack, of course, is to use WiFi base station triangulation.  
> That's widely and cheaply available already, and quite accurate in many 
> areas.  (It doesn't work out in the countryside if you're far enough from 
> buildings, but then you don't have to go more than 60 miles or so from NYC to 
> get to areas with no cell service, either.)  The signals are much stronger, 
> and you can get location data with much less information, so jamming would be 
> more of a challenge.  Still, I expect we'll see that in the spy vs. spy race.
> I wrote message to Risks - that seems to never have appeared - citing an 
> article about GPS spoofing.  (I've included it below.)  In the spy vs. spy 
> game, of course, it's much more suspicious if the GPS suddenly stops working 
> than if it shows you've gone to the supermarket.  Of course, WiFi (and 
> presumably UMTS equipment, though that might be harder) can also be spoofed.  
> I had an experience - described in another RISKS article - in which 
> WiFi-based location suddenly teleported me from Manhattan to the Riviera - 
> apparently because I was driving past a cruise ship in dock and its on-board 
> WiFi had been sampled while it was in Europe.
>                                                        -- Jerry
> The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/8533157.stm) on 
> the growing threat of jamming to satellite navigation systems.  The 
> fundamental vulnerability of all the systems - GPS, the Russian Glonass, and 
> the European Galileo - is the very low power of the transmissions.  (Nice 
> analogy:  A satellite puts out less power than a car headlight, illuminating 
> more than a third of the Earth's surface from 20,000 kilometers.)  Jammers - 
> which simply overwhelm the satellite signal - are increasingly available 
> on-line.  According to the article, low-powered hand-held versions cost less 
> than £100, run for hours on a battery, and can confuse receivers tens of 
> kilometers away.
> The newer threat is from spoofers, which can project a false location.  This 
> still costs "thousands", but the price will inevitably come down.
> A test done in 2008 showed that it was easy to badly spoof ships off the 
> English coast, causing them to read locations anywhere from Ireland to 
> Scandinavia.
> Beyond simple hacking - someone is quoted saying "You can consider GPS a 
> little like computers before the first virus - if I had stood here before 
> then and cried about the risks, you would've asked 'why would anyone 
> bother?'." - among the possible vulnerabilities are to high-value cargo, 
> armored cars, and rental cars tracked by GPS. As we build more and more 
> "location-aware" services, we are inherently building more 
> "false-location-vulnerable" services at the same time.
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to