Tag Archives: GPS

Security News bites for the Week Ending March 8, 2019

Commerce Department Wants Companies to Publish Ingredients of their Software

The Commerce Department is trolling around the RSA conference trying to get companies to publish the ingredients in their software – the so called bill of materials that I have written about before – so that users can understand what libraries are being loaded.  The objective is to avoid another Equifax style breach because people don’t know that this particular software package uses a vulnerable version of, say, Struts.  Then people have to figure out how to use it.  Big project, but a useful one.  Source: The Cybersecurity 202.

Massachusetts High Court Orders Man to Unlock Phone

Various courts have come down with different decisions regarding whether a person can be compelled to unlock his or her computing device after a warrant is issued.  In general, it has been held that you can be forced to look at your phone (face ID) or put your finger on your phone (fingerprint reader), but not to enter a password (compelled testimony).  But not all courts agree.

The Massachusetts Supreme Justice Court announced (seriously) “the end of privacy in the digital age” when it compelled an accused pimp to unlock his phone.

Whether this particular case winds up in front of the US Supreme Court or not, the issue will ultimately have to be decided there.  Source: Boston Herald.

Brits Say Brexit was a Russian Plot

As politicians scramble to spin reality regarding Russia’s inflluence peddling efforts, British foreign secretary Jeremy Hunt says that there is no evidence of successful Russian interference with UK polls in the face of lawsuits compelling the government to investigate if that happened.

He is likely right that the Ruskies did not try to literally break into the (digital) ballot box and change votes, but on the other hand, it is equally likely that they used their normal social media techniques to influence the outcome in a direction favorable to Russia.

Why Hunt thinks that England is in some kind of “no-influence” bubble is beyond me (other than to admit it would be politically damaging).  After all, governments around the globe (including the US) have been working hard to influence elections for decades.  Source: The Guardian.

Huawei Sues US Government Over Ban

The Chinese electronics giant Huawei sued the United States government on Wednesday, arguing that it had been unfairly and incorrectly banned as a security threat.

In what will likely be a years long court battle, China is demonstrating that it does not plan to roll over and play dead for Trump.  Source: The New York Times.


Its Y2K All Over Again

Its been a few years (like around 1977 or so), but I seem to recall that we discussed this at the time and it is in the spec, but who reads specs anyway.

The Global Positioning System tracks time in weeks since January 5, 1980.  It uses a 10 bit number (1024 weeks) because memory was expensive in 1977, so we knew it was going to roll over about every 20 years and our code (inside the receiver that was placed in a fighter jet) handled the rollover.

But, apparently, not every software developer is as forward looking as we were, so come April 6, 2019 (the next rollover day), some GPSes may become wonky.

In the case that the GPS is directing you to the nearest Starbucks, you might get lost.

If the GPS is controlling a weapon system or a piece of high precision nuclear medicine equipment…. well… people could wind up dead.

So at least a few people are doing the Y2K thing all over again.

I suspect that if you power off your GPS on the day before the rollover and then power it back on, everything will be fine (as I remember the code in the GPS, but that was a real long time ago).  That means you are on your own finding that Starbucks, but powering off that weapon system may not be an option.

It is very likely that the GPS firmware on your phone will be fine, I predict.  We shall see.  Source: Homeland Security.

Tanker Seems To Be At The Airport

Sometimes when the Russians don’t want you to know where you are, they seem to be able to do it.

Wired is reporting of a number of tanker ships that seem to be miles from where they actually were.

In June the 37,000 ton tanker Atria was transiting the Marmara Sea along the Bosphorous strait and into the Black Sea.  A simple journey, done by ships thousands of times.

When the ship approached the port of Novorossiysk things started to go wrong.

Modern ships, especially big commercial ships are outfitted with sophisticated GPS navigation systems.  Multiple ones in case of a failure.  GPS systems can track the position of a ship to within a foot or two.

In this case, as the ship entered the port, all GPS tracking failed.  Then the ship’s GPS systems claimed that the ship was at the airport, about 30 miles from where it actually was.

Normally, the captain said, if the GPS goes crazy, it shows the ship’s position a couple hundred feet from where it actually is.  In this case it was more like 25 or 30 miles.

U.S. maritime officials have confirmed that at least 20 ships have been affected by this GPS issue, but that likely dramatically underestimates the truth.

At the same time that the GPS said that the ship was at the airport rather than the port, the ship’s collision avoidance system showed it had company.  20 to 25 large ships were, according to the system, also at the airport.

For some reason, the Russians were messing with GPS signals.  Likely, they were overpowering the real signal with a fake signal which the ship’s GPS receiver accepts as valid.

According to the security firm FireEye, GPS spoofing is used in a number of locations in Russia.

For the ships, they understand that the Russians like to do this so they don’t place unfailing trust in the system.  They use their paper maps and dead reckoning – like sailors did a hundred years ago.  It is hard to hack a paper map and a sextant.

U.S. military equipment (vehicles and planes) also use GPS systems, but since the satellites that transmit the GPS signals are owned by the U.S. Air Force, we do have a few tricks up our sleeves.  I was part of the team that built the very first GPS system for the Air Force and while those tricks are likely quite effective, at least some of them would disrupt your ability to navigate to the nearest Starbucks.  When it comes to a choice between finding a Starbucks and World War III, I have a pretty good clue which option the Air Force will choose.

Still, it is a pretty interesting situation.  You rely on a technology for commerce that your adversary has the ability to disrupt.  Not a great story.

Information for this post came from Wired.