GPS satellite navigation devices have become an indispensable part of everyday life for millions of drivers the world over. Without these little technological route planning miracles, many of us would literally crash and burn as we struggled to regain control over that map while driving too fast and drinking a large cup of coffee simultaneously. OK, so that might be exaggerating things a little, but the truth is that most 21st Century drivers are dependent upon satellite navigation to get from A to B. Efficiency is the key here, and systems that incorporate Radio Data System (RDS) Traffic Message Channel (TMC) data have become de rigueur over the pond in Europe and gaining strength in North America as well.

Which is why the tech and automobile world get more than a little fidgety when word of a spanner in the satnav works leaks out. Take my revelation in January that some TomTom Go 910 devices were being sold complete with a Trojan or two pre-installed, with the full knowledge of the manufacturer which had decided not to come clean and ‘fess up until pushed by the global fuss this blog entry caused. Yet that was a security exploit that merely used the satnav device as a distribution channel, a means by which to get onto a Windows based host computer where it could do some damage. The satnav device itself, running on a Linux based OS, was safe from actual harm. Imagine then, if someone could come up with an exploit that caused real problems for the driver and was entirely focused on the satellite navigation device itself as the means for delivery.

Imagine no more, as two Italian hackers have done just that at the Vancouver CanSecWest conference this week.

It’s a neat twist on the kind of data injection exploits that have plagued online computer users for years, and to be frank the simplicity is perhaps the most worrying aspect as it means it can easily be copied by those who would do you harm. Harm as in sending you wrong directions, creating a virtual accident to ensure your vehicle is sent on an alternate route to avoid the non-existent delays, and well, the possible consequences are only too obvious in a world obsessed by the fear of terror attack.

Using just a RDS encoder costing a few dollars, a hand-held antenna of the type well known to any self-respecting drive by hacker and an equally cheap and readily available FM transmitter, the hackers have demonstrated how data can be encoded into the FM signals required to inject it into the RDS TMC stream. The TMC encryption is so simple it can be easily broken by anyone sampling just the smallest amount of data and having the smallest idea of what they are doing, because it exists for discriminatory rather than authentication application. Even if you cannot break the encryption it need not be a great problem considering that TMC terminals will accept unencrypted data anyway from what I have been told about the way they work.

During the presentation entitled ‘Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals’ Andrea Barisani and Daniele Bianco from Inverse Path not only demonstrated the obscure and scary messages that can be broadcast to drivers, but also the limitations of standard satnav systems when flooded with these unusual messages. In their abstract the pair even jokingly mentioned how hitmen in the audience would love the role that RDS TMC injection and jamming could play in a social engineering scam. I would add terrorists to the list of laughing out loud observers.

While there are some specific requirements in order to successfully inject data into the RDS TMC stream, not least knowledge of the codes that denote particular events to be flagged to the end user, these are not that hard to come by if you have access to Google. The plain truth is that whether you wanted to induce panic by popping up an alert on myriad drivers’ satnav device screens about a bomb alert, and the consequential potential for accidents and freeway mishap, or send a specifically targeted vehicle along a different route (terrorist ears are already pricking up) then this hack makes it all too easily possible.

So far, and quite predictably, the satellite navigation device manufacturers and routing software developers have remained unavailable for comment. But then it is a weekend, so maybe the news will have found an efficient route to their desks by Monday and the comments will come thick and fast.

In the meantime, I urge bloggers who care about security to kick up as much fuss about this as possible. If we let it wash over us as just another story, then we could find ourselves writing about a much more serious satellite navigation inspired terrorist story in months to come…

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

10 Years
Discussion Span
Last Post by Junyah

never seen the need for those gadgets.
My paper maps may seem cumbersome to today's electronic junkies but noone's ever hacked one of them (unless they hacked into the source data from which the maps were produced, before the map was ever printed).


I agree with jwenting but I also agree that there needs to be more security on the gps system.

I use a 7yr old trimble explorer with beacon on a belt. The beacon seeks out coast guard and refernce radio signals and corrects the gps to a couple of feet if not inches.. especially when there was "selective availablity". I use it as a "Tool" for GPS/GIS almost daily.

But I'm a dinosaur or old dog ... I beleive in having good "field sense" and "street sense". I know and have proven to field reps "GPS does not work everywhere" its a friggin machine its not failure proof to start with. There are shorts, glitches, and on portable units ... batteries go out.

Street Smart and Field Smart GPS AT/CT Hints

Get good intel/info before your trip. If its a spur of the moment at least think of where you're going and what's it near.

Carry a Thomas Guide and/or Maps in your car. (Before there was GPS us cops/firemen/ems used to use the grids/pages on Thomas Guides and/or we'd use "Run Cards" cards that gave point to point directions "like mapquest/yahoo or google" but actually driven ahead of time and timed for rapid response-Code 3)

Get TOPO maps if you're going rural or "deep in the woods"

Get a boy scout compass and learn land navigation skills. The skills work on streets also.

If you're lost or get a Questionalbe GPS reading ... pull over when its safe to get your bearing or to let the GPS get another read ... and correct your location.

Check for landmarks or road signs.

check your odometer and monitor the 1/10s of miles you go down roads. ( Rural Gamewarden and Deputy Sheriff Trick) ( I'd have you use ranger beads or a grease pencil and kick board but we aren't on foot or in the water) The main thing is you have to know the distances you've traveled.

Check your compass, maps or topos.

If all else fails ... ask the locals for directions.

Materials Source List
AAA or retalers for maps
Boy Scout Store, Sporting Goods or Surplus store for compass (spring for the ones that are over $5.00 US
TOPO maps - USGS (United States Geological Survey)

If your working or going to frequent a metropolitan area get the Thomas Guide .. The have a companion Disk Also

Oh and have to original analgog/digit-al PDA or Tablet Computer (A pencil and notebook or index cards)

If the hints seem like alot .. then go ahead and put your faith in the gps and "get lost".

All I know is in 20 yrs of working the streets/rural areas I got to the places I wanted to and in an emergency I was one of the first three to get to new locations. Unlike the horror stories i hear of PD/Fire/Ambulance personell that relied on and didn't question there GPS and ended up on the other side of town and in another county.

"Bad Cop, No Doughnut" :)

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.