A GPS weakness could allow hackers to remotely track smartphone users, or even completely take over mobile devices, University of Luxembourg researcher Ralf-Phillip Weinmann reported last night at Black Hat. Instead of directly using GPS satellites, most mobile devices receive much faster assisted GPS (A-GPS) signals from cellular networks to determine approximate location. However, Weinmann discovered that these A-GPS messages are transmitted over a non-secure internet link, and could be switched for messages from an attacker.
Weinmann demonstrated this vulnerability on several Android devices, and explained that a hacker could use this security hole to instruct the smartphone to report its location every time an A-GPS message is sent. He also explained that these messages are not processed by the phone's GPS or radio chip, but rather by the main processor, which means that hackers could use the messages to trigger a crash, and then use another exploit to completely gain control of the device.
This problem can be solved, Weinmann says, but smartphone manufacturers have not yet implemented the technology to prevent such an attack. Software developers and manufacturers alike will need to develop quick responses to these types of exploits as smartphones become an increasingly attractive target for hackers.