Security Review: Car GPS Navigation Systems
Summary
Car GPS navigation systems are handy tool for finding one’s way on the road. With features like local points of interest, address book and SD card backup it would not be surprising if becomes a common everyday item soon. Here is a review for a GPS navigation system similar to the Magellan Maestro 4200:
Assets and Security Goals
- Addresses stored on the device
- Location of the car
- The route the car is driving on as well as the destination
- The GPS system functioning properly
Potential Adversaries
- A person seeking to follow the user
- A person wanting access personal addresses and information
- A person trying to make the user lost (or drive somewhere unsafe)
Potential Weaknesses
- No passwords for use or backup (stealing is easy if there is access to the device)
- Possibility to eavesdrop information from the GPS communication (route, destination address, location)
- Possibility of sending the device incorrect information either directly or through compromising a server
- Possibly making another device with the same id as the user’s and confusing the system as to the actual location of car
Potential Defenses
- Passwords for startup of the machine
- Good encryption & integrity checks for all data sent back and forth
Risks and Conclusion
If only a couple addresses are stored on the machine, it probably isn’t worthwhile for someone to do a complicated tracking scheme to find out information that could be figured out by simply following the car. However, as more people depend on the system to get around in the future, it may be reasonable to do harm by messing with the system. Therefore the security features of GPS Tracking system will be an important factor to consider when buying such systems in the future.
Comment by Randy
March 21, 2008 @ 9:39 am
Regarding “compromising a server”: While it is possible to compromise a server in orbit, I feel this would be exceedingly difficult.
One weakness you have not mentioned specifically is to compromise the device through providing a compromised map or instruction update. Many of these units connect to a computer in order for the user to download map updates. By providing a compromised map, (or downloading code that sends their information to the attacker), attacks 2 and 3 you mention could be accomplished.
Additionally, one could simply jam the GPS radio signal, which may prove far easier than compromising a server.
Finally, eavesdropping on the “connection” is not possible, as the GPS only recieves information, which is processes internally and establishes its location from. The route, location, etc, are only known to the GPS device. If you compromised the device, you could have it transmit its location, but this is a different attack than the one you mention, as you would have to compromise the device itself (or attached hardware) as opposed to the connection.
Comment by gps systems
March 25, 2008 @ 12:47 am
GPS is the way to future. I see in next 20 years or so , may be no vehicle in our countries will be without gps. However , cost is still a problem , specially in developing nations. But I am sure , with increase in demand the cost will come down. Nice blog.
Comment by Car Alarms
May 7, 2008 @ 3:06 am
The best feature of GPS is that its possible to locate the car if its stolen.
Comment by Smith
July 4, 2008 @ 9:22 am
GPS is not so expensive now. Look at this list:
http://www.selectagps.com/Vehicle-GPS-n_18.html
The prices are just a couple of hundred dollars. I believe that in next 10 years, every car will have a GPS device.
Comment by Car GPS Guy
August 18, 2008 @ 2:11 am
Security will be an important factor for sure – and nobody is talking about it yet. It will probably take some high profile law suit involving data extracted from a car GPS sytem before manufacturers take this more seriously.
Comment by Safe cars
October 14, 2008 @ 5:04 pm
GPS is the wave of the future. The Army uses it in their tanks and expensive equipment. On star uses it. If you want to be safe its just an added element of safety that you should consider when buying a new or used car – who wants to be stuck in an accident in boonies land and no one knows where you are or how to get to you? GPS actually has saved lives.
Comment by Mukemfor
February 10, 2009 @ 9:18 am
An automotive navigation system is a satellite navigation system designed for use in automobiles. It typically uses a GPS navigation device to acquire position data to locate the user on a road in the unit’s map database. Using the road database, the unit can give directions to other locations along roads also in its database.These portable navigation systems can help you get from point A to point B with audible driving directions, color maps, points of interest, and much more. This is an incredible technology!! You will never get lost.
Comment by Alex Godda
February 10, 2009 @ 11:21 am
The Global Positioning System (GPS) is a satellite-based navigation system made up of a network of 24 satellites placed into orbit by the U.S. Department of Defense. GPS was originally intended for military applications, but in the 1980s, the government made the system available for civilian use. GPS works in any weather conditions, anywhere in the world, 24 hours a day. There are no subscription fees or setup charges to use GPS. Satellite navigation dates back a lot longer than many people realize. The principles behind SatNav were first tested back in 1967, but it took nearly 30 years before the NavStar GPS System first began operation as a military application in the mid 1990s. Civilian use of GPS navigation was made available soon after the military launch, but the initial costs of using the system were very high, and required ongoing subscriptions to be paid. The first people who took advantage of GPS were pilots, and surveyors, who needed to be able to measure distances with pinpoint accuracy. In the early days , an affordable GPS auto navigation system was out of reach for the average car owner.