We think of global positioning system (GPS) technology as being reliable and relatively infallible. Aside from your phone’s map application occasionally failing to update a new road or having trouble finding a specific house address, our interactions with GPS tend to be overwhelmingly positive. However, this technology might not be as safe as we think. In the world of cyber crime, it’s the next big point of emphasis for hungry hackers.
The Garmin Cyber Attack
On July 23, 2020, millions of Garmin users were frustrated by the fact that they couldn’t upload their exercise data to the network. The problem became so widespread that the company quickly confirmed that there was an outage and posted a message to its website and social media accounts explaining the extent of the problem. They mentioned that, “This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats.”
After a five-day outage, Garmin was able to restore all services and quickly reassured users that no personal data was lost or stolen. And just like that, everything went back to normal for users. But it was what happened behind the scenes that continues to send a chill down the collective spine of business owners and those in cyber security fields.
While Garmin has been quiet on the issue, internal sources and unnamed individuals close to the matter say the outage was connected to the WastedLocker ransomware – a cyberattack that was able to encrypt the company’s servers and freeze everything. The suspected culprit was a Russian cybercrime group who demanded $10 million in return.
It’s believed that Garmin paid the multi-million dollar ransom, despite the fact that the FBI has long discouraged victims from doing so.
While the media’s main emphasis has been on how the Garmin ransomware attack affects the millions of consumer devices on the market, it could be argued that there are much bigger concerns.
“Navionics (GPS plotter charts), flyGarmin (aviation database app), and inReach (satellite communication with GPS) users also experienced outages,” Mission Secure explains. “Some airplane pilots found themselves grounded, unable to download Garmin’s aviation database, ‘crucial for navigation and compliance with the FAA regulations.’ Garmin Pilot was also down, further hindering flight schedules. In maritime, captains could not access the Navionics server, Navionics Boating app, Chart Installer, and Navionics Chart Viewer.”
If there’s one thing that leading cyber defense organizations like Mission Secure believe, it’s that this attack could have been much worse and that it’s just a matter of time before there’s a bigger attack.
GPS Spoofing at the Geneva Motor Show
While not nearly as serious or costly as the Garmin attack, a recent event at last year’s Geneva Motor Show in Switzerland shows the potential for GPS attacks to wreak havoc on our future lives.
During the popular car show, an attack from an unknown source impacted the GPS systems of Volkswagen, Audi, Rolls-Royce, Peugeot, Renault, BMW, and Daimler-Benz vehicles. And instead of showing the current date and location, all of the vehicles claimed they were located in Buckingham, England…in the year 2036.
Inside the cybersecurity industry, this sort of attack is known as “GPS spoofing.” And though it sounds innocent enough, the future implications could be quite serious.
“The mass spoofing of vehicles demonstrates the real cyber threat that exists, regardless of car, model, etc., via any GPS\GNSS device,” industry insider Roi Mit says. “Finding the location of the spoofing source is extremely difficult leaving the hacker with little to no accountability for their actions.”
In an age when everyone wants to talk about self-driving vehicles, the idea that a hacker could infiltrate a vehicle’s GPS system and change settings (without being traced) is rather alarming. It’s indicative of just how important investments in cybersecurity will be in the coming months and years.
The Future of Cyber Attacks
Nobody knows where the future of cyber attacks lies. The challenging thing is that cyber attackers and massive online crime organizations are constantly evolving and changing their approaches. This requires cyber defense companies and experts to stay one or two steps ahead at all times.
As both of these attacks show, GPS cyber crime is a serious matter and should become a greater point of emphasis moving forward. Otherwise, instances like these will become commonplace.