Inside the Growing Threat of GPS Spoofing

Software-defined vehicles have created a significantly more dynamic ecosystem than what the automotive industry had just a few years ago. With consumers increasingly seeking advanced connectivity features, automakers must align their technology with consumer needs, providing robust ecosystems that deliver integrated experiences.

However, this heightened connectivity also exposes vehicles to increased vulnerability to cyberattacks. As connected ecosystems evolve, it becomes imperative for the automotive sector to proactively identify and tackle these emerging challenges.

ADAS systems have developed rapidly in the past five years. Tesla’s Autopilot system pioneered consumers’ interest and enthusiasm for systems that enable hands-free driving, and most large OEMs have followed suit, developing ADAS systems that are increasingly used as key selling points to customers.

These systems not only improve the driving experience; they also are shown to reduce accidents by as much as 62% and increase overall levels of safety on the road. Little wonder that the value of the sector is expected to rise from $27.3 billion globally to nearly $38.6 billion by 2028.

However, as cars become more connected and more reliant on technology, their vulnerability to cyberattacks increases. This vulnerability now seems to be affecting consumer confidence.

A recent YouGov survey revealed that half of respondents think vehicles with autonomous-driving capabilities will make roads more dangerous, citing the risk of cyberattacks as a factor influencing the decision to purchase a car with partial or full autonomous capabilities.

But many drivers and authorities remain unaware of the vulnerability of these systems to radio frequency (RF) cyberattacks by criminals who can use low-cost equipment to spoof (a form of cyberattack aimed at overriding a GPS device’s original location with non-legitimate RF signals) the GPS systems.

The recent research based on 2,000 U.K. consumers and motorists conducted by FocalPoint in association with YouGov shows that while consumer awareness of the threat is relatively low, concerns over cyberattacks could impact the rates of adoption for autonomous vehicles or vehicles with autonomous driver assistance systems (ADAS).

Eighty-two percent of those surveyed believe spoofing will have a detrimental effect on road safety as assisted driving applications and autonomous vehicles become increasingly available.

spoofed_signal_0.png

What Is GPS Spoofing?

The dangers of spoofing made headlines in 2019 when a Tesla Model 3 was experimentally spoofed. Using off-the-shelf hardware and software, fake satellite signals were illegally broadcast by a spoofer, disrupting the behavior of the vehicle, demonstrating how spoofing could cause it to exit the highway at the wrong location, enforce an incorrect speed limit and/or turn into oncoming traffic.

This proved the vulnerability of a modern vehicle to an attack where the spoofer disrupts the computed location, speed and heading of a victim’s receiver, causing vehicles to believe it is in a different location and even potentially provide false information about road conditions, traffic or obstacles. Spoofing also can be used as a method for theft and to hide the true location of a stolen vehicle as reported by its onboard security tracking systems.
Autonomous-vehicle systems rely on a combination of sensors and software, of which GNSS is an important part. Together they enable features like collision avoidance, lane keeping and navigation. Fake or spoofed GNSS signals can cause the vehicle to miscalculate its position, causing it to change lanes or speed up or slow down, putting passengers, pedestrians and other vehicles at risk.

With fleets of autonomous vehicles relying on accurate navigation, time synchronization and coordination with other vehicles, spoofing also has the potential to disrupt multiple vehicles simultaneously.

Can Spoofing Be Neutralized?

As the tools required for spoofing become cheaper and more readily available, it becomes more difficult to eradicate the threat. The traditional approach for protection against cyberattacks is encryption, but this is not viable for GNSS because it requires changes to be made by the owners of the GNSS satellite constellations. A viable option is to use expensive and bulky arrays of antennas that can measure the angle of arrival of the satellite signals, enabling the system to ignore any signals coming from untrusted directions. However, such an approach is not practical for mass-market devices due to its high cost.

Neutralizing GNSS spoofing in a cost-efficient way will require collaboration between navigation engine providers, measurement engine providers, sensor fusion providers and third-party companies that develop specialized GNSS processing software layers.

Improving Cybersecurity Across the Supply Chain

From July 2024, all newly manufactured cars under ISO/SAE 21434 need to have a high level of cybersecurity across the supply chain. It is therefore vital that OEMs and their suppliers adopt a rigorous approach toward cybersecurity. This includes protection against spoofing cyberattacks on advanced driving assistance systems (ADAS). Some effective strategies to help mitigate these risks might include:

OEMs Face a Growing Challenge of Security

A challenge facing the industry has been the lack of cybersecurity compliance and standardization. Arguably standards are not the only answer to the problem; they do, however, provide a useful framework to get the problems solved. ISO/SAE 21434 will help the automotive industry define a process that includes cybersecurity as part of the engineering design phase. Based on the current technology and methodologies, it will support information sharing within the ecosystem. This industry standard provides support for meeting the requirements of the UNECE Regulation No. 155, which has been adopted across 60 countries, with experts believing this will develop into a de facto global standard.

For non-UNECE member countries, including the U.S, the basis of UNR 155 is being adopted by U.S. Federal Motor Vehicle Safety Standards.  

Manuel Del Castillo FocalPoint