Today at the IAA (International Motor Show) in Frankfurt, Regulus Cyber announced a new software-only GPS spoof detection product. This product, Pyramid GNSS, is what the company was hyping when it executed a Pied Piper attack on a Tesla Model S this June.
Regulus Cyber demonstrated the new product, Pyramid GNSS, to us yesterday via Web conference from the IAA.
Pyramid GNSS was running on a Linux-powered laptop with GPS receiver and successfully intercepted spoofed GNSS signals coming from another laptop with a software-defined radio a few feet away. An iPhone in the same room picked up the spoofed GPS signals and erroneously showed itself driving down a nearby highway. But the laptop running Pyramid—which had a copy of what appeared to be Google Maps running—remained stationary.
It’s important to recognize what this solution isn’t, of course. Pyramid GNSS does not enable a protected system to get positioning data when its GPS receiver is being spoofed—it just prevents the system from believing and acting on the false data.
In the real world, you can look at this as downgrading an actual GPS hack to a simple denial of service. A navigation system protected by Pyramid GNSS would not be misled by false GPS data, but it still wouldn’t have access to real GPS data either. Such a navigation system would be forced to make do with its other sensors (cameras, accelerometers, inertial navigation) as long as the spoofed signal was targeting it.
Regulus is, unfortunately, playing its cards extremely close to the vest in terms of how the system works. “We’ve learned how to perceive anomalies between legitimate GNSS signals and spoofed signals by researching the variations in the satellite signals protocol and recognizing the inter-relationships between signal parameters,” CTO and co-founder Yoav Zangvil explains in the press release; this and the system diagram supplied to Ars don’t add up to much beyond “this works.” The video demonstration was convincing, however, both in its minor frustrations (the unprotected iPhone was slow to acknowledge the spoofed GPS signal and begin “moving”) as well as its successes.
Ars requested a test kit, but Regulus Cyber’s attorneys denied it due to concerns around “teaching someone to hack GPS.” Assuming Pyramid GNSS holds up under more rigorous, hands-on testing—and Regulus can convince OEMs to license it—its software-only nature should lend itself to easy, widespread adoption, particularly in Android and other Linux-based devices.