Location services risks (was: Re: Spy/Counterspy)
Location-based services are already being used for dating services (big surprise here). Mobiles send their location to a server, the server figures out who is near whom, and matches them. There are lots of variants on that. An obvious risk here is that the server is acting as a location oracle, allowing me to triangulate. Or I can fake my location to be my mark's, and see if he is "near" there. A senator no longer even has to have a "wide stance" to be caught cruising :) /ji - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Spy/Counterspy
On Jul 11, 2010, at 1:16 PM, Ben Laurie wrote: Beyond simple hacking - someone is quoted saying "You can consider GPS a little like computers before the first virus - if I had stood here before then and cried about the risks, you would've asked 'why would anyone bother?'." - among the possible vulnerabilities are to high-value cargo, armored cars, and rental cars tracked by GPS. As we build more and more "location-aware" services, we are inherently building more "false-location-vulnerable" services at the same time. Most location-aware services should not care whether the location is real or false, for privacy reasons. Agree about the issue of high-value cargo (but I guess they'll just have to use more reliable mechanisms, like maps and their eyes), don't care about rental cars. I have no clue what "most" location-aware services will be in a year, much less in five or ten years. Sure, if you think that the dominant role for such services will be targeted advertising to people passing by storefronts, then it makes little difference if the location is wrong, except perhaps to the stores (and hence the viability of such services) if grossly incorrect information becomes commonplace. But if the service is "find me the hospital I can get to fastest, given current road conditions", the cost of error may be rather higher. Privacy is an entirely distinct issue. At the least, services in which I compute something from my location and data I've pre-loaded for a reasonably large area - without ever revealing my location to someone else - have no privacy implications at all. (Note that I've described the characteristics of most GPS units sold today.) But it's easy to come up with examples where such a location-aware service becomes dangerously vulnerable - and perhaps dangerous - if it is fed incorrect location information. How much and how often I share my own location information, under what conditions, and what I get in return, are all very much up in the air - though if we don't address them, they will default to "fairly precise location information, fairly frequently, with few usage restrictions, for little I want". But the inherent vulnerability to falsified information is an inherent part of coming up with any valuable use of true information, no matter what privacy policies we agree on. -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Spy/Counterspy
On 10 July 2010 11:57, Jerry Leichter wrote: > Beyond simple hacking - someone is quoted saying "You can consider GPS a > little like computers before the first virus - if I had stood here before > then and cried about the risks, you would've asked 'why would anyone > bother?'." - among the possible vulnerabilities are to high-value cargo, > armored cars, and rental cars tracked by GPS. As we build more and more > "location-aware" services, we are inherently building more > "false-location-vulnerable" services at the same time. Most location-aware services should not care whether the location is real or false, for privacy reasons. Agree about the issue of high-value cargo (but I guess they'll just have to use more reliable mechanisms, like maps and their eyes), don't care about rental cars. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Spy/Counterspy
-- Christoph Gruber "If privacy is outlawed, only outlaws will have privacy." Phil Zimmermann Am 10.07.2010 um 12:57 schrieb Jerry Leichter : > On Jul 9, 2010, at 1:00 PM, Pawel wrote: > >> >> Hi, >> >> On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" >> wrote: >> >>> GPS tracking units that you can fit to your car to track where your kids >>> are taking it [T]he sorts of places that'll sell you card skimmers and >>> RFID cloners have started selling miniature GPS jammers that plug >>> into cigarette-lighter sockets on cars In other words these are >>> specifically designed to stop cars from being tracked. >>> >>> (Some of the more sophisticated trackers will fall back to 3G GSM-based >>> tracking via UMTS modems if they lose the GPS signal, it'll be interested >>> to see how long it takes before the jammers are updated to deal with 3G >>> signals as well, hopefully while leaving 2G intact for phonecalls). >> >> Just wondering, why wouldn't GPS trackers use 2G to determine the location? >> >> And, also, does it even need a cell service subscription for location >> determination, or is it enough to query the cell towers (through some >> handshake protocols) to figure out the proximities and coordinates? > The 2G stuff wasn't designed to provide location information; that was hacked > in (by triangulating information received at multiple towers) after the fact. > I don't know that anyone has tried to do it from the receiver side - it seems > difficult, and would probably require building specialized receiver modules > (expensive). 3G provides location information as a standard service, so it's > cheap and easy. > > The next attack, of course, is to use WiFi base station triangulation. > That's widely and cheaply available already, and quite accurate in many > areas. (It doesn't work out in the countryside if you're far enough from > buildings, but then you don't have to go more than 60 miles or so from NYC to > get to areas with no cell service, either.) The signals are much stronger, > and you can get location data with much less information, so jamming would be > more of a challenge. Still, I expect we'll see that in the spy vs. spy race. > > I wrote message to Risks - that seems to never have appeared - citing an > article about GPS spoofing. (I've included it below.) In the spy vs. spy > game, of course, it's much more suspicious if the GPS suddenly stops working > than if it shows you've gone to the supermarket. Of course, WiFi (and > presumably UMTS equipment, though that might be harder) can also be spoofed. > I had an experience - described in another RISKS article - in which > WiFi-based location suddenly teleported me from Manhattan to the Riviera - > apparently because I was driving past a cruise ship in dock and its on-board > WiFi had been sampled while it was in Europe. >-- Jerry > > > The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/8533157.stm) on > the growing threat of jamming to satellite navigation systems. The > fundamental vulnerability of all the systems - GPS, the Russian Glonass, and > the European Galileo - is the very low power of the transmissions. (Nice > analogy: A satellite puts out less power than a car headlight, illuminating > more than a third of the Earth's surface from 20,000 kilometers.) Jammers - > which simply overwhelm the satellite signal - are increasingly available > on-line. According to the article, low-powered hand-held versions cost less > than £100, run for hours on a battery, and can confuse receivers tens of > kilometers away. > > The newer threat is from spoofers, which can project a false location. This > still costs "thousands", but the price will inevitably come down. > > A test done in 2008 showed that it was easy to badly spoof ships off the > English coast, causing them to read locations anywhere from Ireland to > Scandinavia. > > Beyond simple hacking - someone is quoted saying "You can consider GPS a > little like computers before the first virus - if I had stood here before > then and cried about the risks, you would've asked 'why would anyone > bother?'." - among the possible vulnerabilities are to high-value cargo, > armored cars, and rental cars tracked by GPS. As we build more and more > "location-aware" services, we are inherently building more > "false-location-vulnerable" services at the same time. > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Spy/Counterspy
On Jul 9, 2010, at 1:00 PM, Pawel wrote: Hi, On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" > wrote: GPS tracking units that you can fit to your car to track where your kids are taking it [T]he sorts of places that'll sell you card skimmers and RFID cloners have started selling miniature GPS jammers that plug into cigarette-lighter sockets on cars In other words these are specifically designed to stop cars from being tracked. (Some of the more sophisticated trackers will fall back to 3G GSM- based tracking via UMTS modems if they lose the GPS signal, it'll be interested to see how long it takes before the jammers are updated to deal with 3G signals as well, hopefully while leaving 2G intact for phonecalls). Just wondering, why wouldn't GPS trackers use 2G to determine the location? And, also, does it even need a cell service subscription for location determination, or is it enough to query the cell towers (through some handshake protocols) to figure out the proximities and coordinates? The 2G stuff wasn't designed to provide location information; that was hacked in (by triangulating information received at multiple towers) after the fact. I don't know that anyone has tried to do it from the receiver side - it seems difficult, and would probably require building specialized receiver modules (expensive). 3G provides location information as a standard service, so it's cheap and easy. The next attack, of course, is to use WiFi base station triangulation. That's widely and cheaply available already, and quite accurate in many areas. (It doesn't work out in the countryside if you're far enough from buildings, but then you don't have to go more than 60 miles or so from NYC to get to areas with no cell service, either.) The signals are much stronger, and you can get location data with much less information, so jamming would be more of a challenge. Still, I expect we'll see that in the spy vs. spy race. I wrote message to Risks - that seems to never have appeared - citing an article about GPS spoofing. (I've included it below.) In the spy vs. spy game, of course, it's much more suspicious if the GPS suddenly stops working than if it shows you've gone to the supermarket. Of course, WiFi (and presumably UMTS equipment, though that might be harder) can also be spoofed. I had an experience - described in another RISKS article - in which WiFi-based location suddenly teleported me from Manhattan to the Riviera - apparently because I was driving past a cruise ship in dock and its on-board WiFi had been sampled while it was in Europe. -- Jerry The BBC reports (http://news.bbc.co.uk/2/hi/science/nature/ 8533157.stm) on the growing threat of jamming to satellite navigation systems. The fundamental vulnerability of all the systems - GPS, the Russian Glonass, and the European Galileo - is the very low power of the transmissions. (Nice analogy: A satellite puts out less power than a car headlight, illuminating more than a third of the Earth's surface from 20,000 kilometers.) Jammers - which simply overwhelm the satellite signal - are increasingly available on-line. According to the article, low-powered hand-held versions cost less than £100, run for hours on a battery, and can confuse receivers tens of kilometers away. The newer threat is from spoofers, which can project a false location. This still costs "thousands", but the price will inevitably come down. A test done in 2008 showed that it was easy to badly spoof ships off the English coast, causing them to read locations anywhere from Ireland to Scandinavia. Beyond simple hacking - someone is quoted saying "You can consider GPS a little like computers before the first virus - if I had stood here before then and cried about the risks, you would've asked 'why would anyone bother?'." - among the possible vulnerabilities are to high- value cargo, armored cars, and rental cars tracked by GPS. As we build more and more "location-aware" services, we are inherently building more "false-location-vulnerable" services at the same time. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: Spy/Counterspy
Hi, On Apr 27, 2010, at 5:38 AM, "Peter Gutmann (alt)" > wrote: GPS tracking units that you can fit to your car to track where your kids are taking it (or *cough* other purposes) have been around for awhile now. It's interesting to see that recently the sorts of places that'll sell you card skimmers and RFID cloners have started selling miniature GPS jammers that plug into cigarette-lighter sockets on cars (general-purposes ones using internal batteries have been around for awhile). In other words these are specifically designed to stop cars from being tracked. (Some of the more sophisticated trackers will fall back to 3G GSM- based tracking via UMTS modems if they lose the GPS signal, it'll be interested to see how long it takes before the jammers are updated to deal with 3G signals as well, hopefully while leaving 2G intact for phonecalls). Just wondering, why wouldn't GPS trackers use 2G to determine the location? And, also, does it even need a cell service subscription for location determination, or is it enough to query the cell towers (through some handshake protocols) to figure out the proximities and coordinates? Peter. Thanks, Pawel. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com