At least seven car manufacturers were hit by GPS spoofing attacks that took place at the annual Geneva Motor show last week. Preparators had spoofed the GPS signals of LabSat device in order to cause real troubles for drivers. By spoofing the false GPS signals, they created confusion among the drivers by showing them wrong dates and locations.
What is the issue - According to Jalopnik, attackers leveraged the bug in the default ‘Location’ setting of the LabSat device and changed the locations of many cars to Buckingham. In addition to this, the attackers were also able to change the current year shown on the GPS systems as 2036.
The car manufactures affected by this false GPS signaling are Audi, Peugeot, Renault, Rolls-Royce, Volkswagen, Daimler-Benz, and BMW.
“Thomas admitted that the location is the default setting of their LabSat device, which suggests that it is one of their devices sending the signal. But, in order to cover as much area as the signal is covering, someone would have to deliberately amplify the signal, or connect the LabSat to a much larger antenna,” said Jalopnik in its research.
Why it matters - The GPS spoofing attack will not only put the drivers in confusion but can also make automatic cars extremely vulnerable to attacks.
And, remember, whoever is broadcasting the signal would have had to deliberately set up equipment to boost the signal strength to cover the area of the show. So it can’t be just something as simple as someone left a piece of equipment on.
It is still unknown if any threat actor was involved in the attack or whether it was accidental.