Hacking GPS

Can Car GPS Be Hacked?

GPS Tracking

Can A GPS Be Hacked?

How much do you know about GPS? The Global Positioning System (GPS) was first devised by the United States military but has since become ubiquitous in so much of our tech—including in our phones and vehicles. Let’s examine car GPS a little more closely, including how GPS tracker devices work, if they can be hacked, and more!

Can Someone Track My Car?

The short answer? Certainly! If your car GPS is online, someone can track it. Perhaps they’ve hacked the system (and are able to track your vehicle in that way), or perhaps they have a car GPS tracking system that they’ve hidden in or on your vehicle. Even if your car doesn’t have GPS, if you have your phone on you, someone can track you courtesy of your phone. Let’s look a little more at each of those ways of being tracked.

Car GPS: For cars with built-in GPS systems such as a car GPS, the likely purpose is for security (if your car is stolen, for instance, the car GPS can help authorities recover it via its location data) or safety (such as alerting emergency responders to your location if you are in an accident). If someone gains access to that data via a hacked system, they can track you even if that is not the original intent of the system.

GPS tracker: Even if your car doesn’t have a built-in car GPS feature, that feature can be added courtesy a vehicle tracker. This might be something you’re aware of (if you install it, for instance, such as for security, fleet management, or even to keep an eye on a teen driver), or it might not (such as if someone installs a GPS tracker on your vehicle without your knowledge). We’ll look at GPS modules a little more thoroughly in the coming sections.

Courtesy your phone (or any other device): If you have your phone (or any other GPS-enabled device on you) and are in your car, you can be tracked via that device if it or one of the systems (such as an app) that uses that data is hacked.

Where Is The Best Place To Put A GPS Tracker On A Car?

If you’re trying to track someone, the best placement for a hidden GPS tracker is somewhere where it won’t be found. Often that means a spot where a driver is less likely to look, such as in a wheel well, behind a bumper, or even behind a seat cushion.

Check out this list of the 10 most common places for hiding a car GPS device, working from the front of the car to the rear:

  1. Inside the front bumper. Because bumpers are generally made up of several layers of hard plastics, for instance, a device a GPS tracker can readily be hidden and stay relatively well protected from the elements as well.
  2. Inside or under the dashboard. This is an easy place to conceal a small device while still ensuring that the car GPS tracker gets good satellite reception, which makes it a favorite hiding spot.
  3. Behind the glove compartment. This is one of those places where a car GPS is most likely to remain undiscovered.
  4. Above the pedals. This is one of the most common hiding places because it can allow the installer to connect the live GPS tracker to the car’s systems, such as on the on-board diagnostic—meaning it doesn’t necessarily need to be battery-operated if installed correctly.
  5. On the undercarriage of the car frame. Though this requires a good waterproof case and magnetic body, very rarely do drivers actually check underneath their vehicles, meaning a GPS tracker can readily hide here and remain undetected.
  6. In the sun visor. This only works if a driver won’t notice it, of course, but is a great spot for ensuring a GPS tracker gets great reception, which is why it remains a favorite.
  7. Inside a car seat cushion. Car seats don’t always get very good cell service, however, which remains a note of caution—though the odds of a driver finding a GPS receiver if it’s zipped into their seat (or even better, a backseat) are slim-to-none.
  8. Behind the backseat. Provided metal won’t interfere with signal reception, this is one of those places a driver is unlikely to stick their arm, meaning a car GPS device is likely to remain hidden.
  9. In the trunk. The same caveat about metal applies here, but if well-hidden, a GPS tracker can remain unfound for years in a trunk.
  10. Inside the brake lights. A small device can readily be hidden behind the brake lights, though if the brake lights need to be replaced, for instance, this is a good place for getting a car GPS found, too.

Of course, those aren’t the only places a GPS tracker might be hidden—but they are the most common.

Is It Possible To Hack GPS?

Certainly! In fact, some hackers are getting really good at it, including—and especially—the Russians. Let’s back up for a second and talk about the GPS network—it’s not the only satellite system in use for positioning purposes. The whole system is referred to as GNSS—Global Navigation Satellite System—and includes the American-made GPS, Europe’s Galileo network, China’s BeiDou network, and Russian’s Glonass network of satellites. Collectively, they mean that GPS-enabled devices are a huge part of the international infrastructure.

And there’s evidence that Russia has gotten quite good at hacking it. This is a real bummer when you consider that anything dependent on GPS location and time synchronization, such as your phone, shipping schedules and routes, airline traffic, power stations, even law enforcement operations, can be compromised by hacked GNSS. Yet recent cyber intelligence reports suggest that the Russian government is quite skilled at blocking, jamming, and spoofing GPS signals. Security researchers suggest GNSS spoofing, data breaches, cyber attacks, and spoofing attacks will only rise as more people use GPS tracking apps and other easy to hack technologies. 

Even the Pentagon is worried. The Department of Defense is reportedly pushing for the development of back-up systems so that we would be less compromised should our GPS systems (which are used in all manners of national security, not just for targeting bombs) be hacked. The Navy, for instance, has suggested developing the PNT (Positioning, Navigation, and Timing) System that was originally suggested based on radio signals; its development was originally disrupted because the Defense Department believed GPS made it unnecessary. Now that Russia has shown such skill when it comes to hacked GPS, some are a bit wary. 

And Russia has shown much more skill than just hacked car GPS or GPS tracker devices, either; one recent report from a Defense contractor found that more than 1,300 civilian ships were affected by GPS tracker capabilities being hacked, with nearly 10,000 incidents recorded in all.

One such repeated application has been to disrupt traffic (including ships) when Vladimir Putin is in the area. Putin’s summer residence, for instance, has a permanent GPS spoofing area, meaning anyone using a car GPS or GPS tracker in the area would also find themselves with bad location data, courtesy of the hacked system.

And Russia has mobile spoofing capabilities, too; there have been numerous instances in which Putin’s travels have aligned with ships in the area going off course, courtesy of hacked GPS. Most of the instances have occurred in Russia and nearby locales such as the Black Sea, Crimea, and Syria—but it could happen anywhere.

With increasing frequency, it is happening anywhere and everywhere, too. Good spoofing equipment is now less than a thousand dollars in most cases; while an $80 million yacht was sent off course in a research experiment in 2013 with a briefcase-sized device that at the time cost $2,000, similar equipment now might only cost a few hundred dollars—cheap enough that some “Pokemon Go” players have used them to cheat.

Is Location Spoofing Illegal?

But is location spoofing—whether the sort of technology Russia or less advanced equipment such those rogue Pokemon Go players might use—legal?

The short answer is yes and no. While location spoofing—the equivalent of a hacked GPS location tag, whether for your phone, your GPS tracking apps, your car GPS tracker, or another use altogether—is illegal in the United States, it isn’t illegal everywhere.

GPS spoofers and jammers and other GNSS- or GPS- jamming, blocking, or spoofing equipment is produced on a large scale in places like China, and some of it may retail for as little as $100, though the better equipment does tend to cost more.

As great as it may sound, it’s really not a good idea—the consequences of location spoofing (depending on the context, of course) can be severe, such as if a plane’s autopilot corrected after being told it was somewhere it wasn’t by a GPS spoofer.

Can You Trick Your Car Location?

The short answer? Certainly. Using a location spoofer, for instance, would allow for a hacked location tag. You can probably do much more, too, than just trick your car into thinking you are somewhere other than where you are depending on the GPS tracker.

Not only can you trick your car GPS with spoofing or another method for your hacked Global Positioning System, but you might even be able to remotely control it. (No longer is this just a Fast and the Furious franchise plot device; at least one hacker has actually proven it can be done.)

At least one hacker has discovered that a hacked GPS tracker might be enough to kill a car engine, at the very least. 

A recent Vice story broke the news of a hacker who had remote control of thousands of GPS tracker accounts courtesy two different GPS tracker companies he hacked, giving him control enough over vehicles around the world that he could, courtesy a GPS tracker feature, stop the vehicles and turn their engine off if they were going 20 kilometers per hour (12 mph) or slower. All told, the hacker had control of nearly 30,000 accounts.

The hacked accounts were courtesy of a security system flaw in which ProTrack and iTrack each gave customers a default password that users were not forced to change. As a result, the hacker was able to use a script to remotely log in to thousands of accounts remotely using the default password, 123456.

Both ProTrack and iTrack are made by Chinese companies, iTryBrand and SEEWORLD, respectively.

Can Car GPS Be Hacked Article Resources:

  • https://nationalinterest.org/feature/the-pentagon-worried-about-hacked-gps-14898
  • https://www.businessinsider.com/gnss-hacking-spoofing-jamming-russians-screwing-with-gps-2019-4
  • https://www.vice.com/en_us/article/zmpx4x/hacker-monitor-cars-kill-engine-gps-tracking-apps
  • https://www.lifewire.com/find-hidden-gps-trackers-on-cars-4147187
  • https://rmtracking.com/blog/2014/08/04/how-can-you-tell-if-your-car-is-being-tracked/
  • https://trackimo.com/hide-gps-tracker-on-car/
  • https://www.directionsmag.com/article/8107
  • https://www.reddit.com/r/pokemongo/comments/4ui1bt/so_gps_spoofing_is_illegal_and_will_you_get/
  • https://medium.com/@theappninjas/what-are-gps-spoofing-apps-actually-doing-5c9f373540c4
  • https://www.govtech.com/security/GPS-Spoofing-is-No-Joke-Dangers-of-GPS-Data-Hacking-Realized.html