It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low. It may influence all the civilian use GPS chipset. In this presentation, the basic GPS system principle, signal structure, mathematical models of pseudo-range and Doppler effect will be introduced. The useful open source projects on Internet will be shared with attendees.
HUANG Lin is a wireless security researcher, from Unicorn Team of Qihoo 360 China. Before entering Qihoo, she worked for telecom operator Orange, for 9 years, as a wireless researcher. Her interests include the security issues in wireless communication, especially the cellular network security, and also other problems in ADS-B, GPS, Bluetooth, Wifi, and automotive electronics. Twitter: @huanglin_bupt She is one of the earliest users of USRP in China, and keeps active in SDR/USRP research and development since 2006. She contributed to several UMTS/LTE soft base station projects, e.g. Open Air Interface. In 2009, She wrote one free e-book for GNU Radio training, which is very popular in China.
YANG Qing is the team leader of Unicorn Team in Qihoo 360 Technology Co. Ltd. He has rich experiences in wireless and hardware security area, including WiFi penetration testing, cellular network interception, IC card cracking etc. His interests also cover embedded system hacking, firmware reversing, automotive security, and software radio. He is the first one who reported the vulnerabilities of WiFi system and RF IC card system used in Beijing subway.