{"id":219,"date":"2008-03-16T22:36:30","date_gmt":"2008-03-17T06:36:30","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/03\/16\/security-review-car-gps-navigation-systems\/"},"modified":"2008-03-16T22:36:30","modified_gmt":"2008-03-17T06:36:30","slug":"security-review-car-gps-navigation-systems","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/16\/security-review-car-gps-navigation-systems\/","title":{"rendered":"Security Review: Car GPS Navigation Systems"},"content":{"rendered":"<p><strong>Summary<\/strong><\/p>\n<p>Car GPS navigation systems are handy tool for finding one\u2019s way on the road. With features like local points of interest, address book and SD card backup it would not be surprising if becomes a common everyday item soon. Here is a review for a GPS navigation system similar to the Magellan Maestro 4200:<\/p>\n<p><!--more--><\/p>\n<p><strong>Assets and Security Goals<\/strong><\/p>\n<ul>\n<li>Addresses stored on the device<\/li>\n<li>Location of the car<\/li>\n<li>The route the car is driving on as well as the destination<\/li>\n<li>The GPS system functioning properly<\/li>\n<\/ul>\n<p><strong>Potential Adversaries<\/strong><\/p>\n<ul>\n<li>A person seeking to follow the user<\/li>\n<li>A person wanting access personal addresses and information <\/li>\n<li>A person trying to make the user lost (or drive somewhere unsafe)<\/li>\n<\/ul>\n<p><strong>Potential Weaknesses<\/strong><\/p>\n<ul>\n<li>No passwords for use or backup (stealing is easy if there is access      to the device)<\/li>\n<li>Possibility to eavesdrop      information from the GPS communication (route, destination address,      location)<\/li>\n<li>Possibility of sending the      device incorrect information either directly or through compromising a      server<\/li>\n<li>Possibly making another      device with the same id as the user\u2019s and confusing the system as to the      actual location of car<\/li>\n<\/ul>\n<p><strong>Potential Defenses<\/strong><\/p>\n<ul>\n<li>Passwords for startup of the machine<\/li>\n<li>Good encryption &amp; integrity checks for all data sent back and      forth<\/li>\n<\/ul>\n<p><strong>Risks and Conclusion<\/strong><\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 If only a couple addresses are stored on the machine, it probably isn\u2019t worthwhile for someone to do a complicated tracking scheme to find out information that could be figured out by simply following the car. However, as more people depend on the system to get around in the future, it may be reasonable to do harm by messing with the system. Therefore the security features of GPS Tracking system will be an important factor to consider when buying such systems in the future.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary Car GPS navigation systems are handy tool for finding one\u2019s way on the road. With features like local points of interest, address book and SD card backup it would not be surprising if becomes a common everyday item soon. &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/16\/security-review-car-gps-navigation-systems\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":30,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,9,5],"tags":[],"class_list":["post-219","post","type-post","status-publish","format-standard","hentry","category-availability","category-privacy","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=219"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/219\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}