Between 2005 and 2009, children and preteens and even some adults were inadvertently learning basic HTML coding skill as they sought to customize their MySpace pages with unique skins, music, and overall layouts that best represented their personalities.
Nearly a decade later, this same curiosity may allow people looking to cheat Pokémon Go, to inadvertently teach themselves to use GPS spoofing technology on their devices but researchers warn users, with great power comes great responsibility.
When the game first launched in July 2016 it didn’t take long for players to find ways to cheat the system using GPS spoofing technologies that make it appear as though a user is walking to new places in order to trick the game into offering new Pokémon and more in-game offers specific to a user’s location.
Yonatan Zur, CEO of Regulus Cyber, warned that the code can be modified and used to attack GPS applications.
Zur also warned these methods could threaten a lot more than the Pokémon game as the same technologies could wreak havoc on the automotive industry as autonomous vehicles become main stream.
While the players using Android devices didn’t really spoof GPS signals, but instead simply downloaded an app that fed user-defined coordinates to the Android operating system, Apple iOS users on the other hand utilized the HackRF One software defined radio and wrote a GPS signal generator (gps-sdr-sim).
“They then used the HackRF One SDR to transmit, as RF, the generated signals,” Zur said. “Those RF signals were received by the GPS receiver of the iPhone and were used to calculate the fake position the hacker wanted.”
Zur explained that both the the HackRF One SDR and the gps-sdr-sim are all open source with a huge community that updates these projects, constantly improving their capabilities and the concept of taking these existing technologies could motivate kids to delve into the world of hacking and cybersecurity.
Once a user obtains spoofing hardware such as SDR they are essentially spoofing not just their own device, but transmitting a spoofing signal in their vicinity essentially affecting every receiver in a certain radius.
As a result every single person that activates the device, would be damaging the functionality of nearby receivers and can cause serious incidents.
“When it comes to precautions, it is best not to use jammers and spoofers,” Zur said, pointing to a New Jersey truck driver that accidentally jammed Newark airport. “In some countries, it is even illegal to hold such a system not to mention activate one.”
In addition, Zur said the threat that GPS spoofing could have on the automotive industry could cause havoc across city traffic and even serve as a way for criminals to hijack a truck without being traced.
As more vehicles become automated, Zur warned that attacks could shut down shared driving services like Uber and Lyft from operating as GPS and GNSS navigation become the backbone of autonomous navigation.