Thanks

Thanks
Jim

First a bit of background. I’m a retired engineer (nuke) who spent a year driving an over the road truck just because I’ve always wanted to. I’m also a tinkerer, ham radio operator and former holder of a 1st class commercial radio license.

My tractor was equipped with a Qualcomm satellite information system like the majority of OTR tractors are. It may surprise you to learn that Qualcomm does NOT use GPS for radio-location. GPS is an extra-cost option but my company did not opt for it. I know for sure because I opened both the antenna dome and the control box to look for same. Neither are sealed. I also know because the system frequently reported me to be somewhat distant from my actual location as reported by MY GPS systems.

I can understand why Qualcomm doesn’t use GPS. I provided my own GPS mapping system with two receivers. One, the SiRF-based DeLorme receiver supplied with the Street Atlas software and two, a Trimble unit with a remote patch antenna that I mounted on the same mount that held the Qualcomm dome.

In many areas, around Dayton, Ohio is one I particularly recall, I would go miles at a time without a hint of a signal from either receiver. I discussed this on a GPS experts mailing list and the general consensus was that terrestrial interference, probably a harmonic from broadcast TV, was the problem. As long as I was underway, the Qualcomm, with its actively steered dish, always had contact with the satellite unless I entered a tunnel.

I can understand why Qualcomm offers GPS only as an option and doesn’t rely on it for the company’s core functionality. Too unreliable. GPS, at least consumer grade GPS, is far too easily jammed from innocent sources as it is. The trucking company doesn’t need to know where the truck is within feet. It only need to know that the truck is on the correct route and is in approximately the position the model says it should be.

Now let’s look at the Qualcomm. There are many conditions where the service goes down. Truckstops where many trucks are in close vicinity to each other is a prime example. Mutual interference. The Idle-Aire support structures also effectively shield the Qualcomm dome. The “out of service” light on my terminal stayed on much of my sleep time. If I wanted to hijack my truck, I’d simply go off-duty at a truck stop, wait for the signal to fail, foil the antenna and go. I’d have my entire mandatory 10 hour out-of-service interval to do my thing.

In fact, many truckers already take advantage of this for less nefarious purposes. If they want to go to a nudie bar or casino instead of sleeping during their mandatory down time, they simply wrap the Qualcomm dome in aluminum foil and go. The secret is to use deli foil that has a white paper backing that doesn’t stand out on the dome and perhaps attract a cop’s attention, as straight aluminum foil would.

The Qualcomm interfaces to the truck’s J1708 bus which enables the Qualcomm to report odometer miles, fuel economy, speed and other parameters. For “innocent” spoofs like trips to the casino, the driver has to think about that but since most companies allow up to a 10% “out of route” margin, it’s no big deal. For the nefarious individual or gang, they could not care less since that particular Qualcomm will probably never connect to the satellite again.

I hauled mostly “high value” cargo. That is, trailer contents worth >$1,000,000. Typically consumer electronics and pharmaceuticals. Even then our company did not use trailer trackers and only very occasionally did I detect a customer-owned tracker inside the trailer. The reason is simple. Other security mechanisms that I won’t discuss here are proven to work.

Besides, hijacking is but a very small concern to the trucking industry. Cargo theft IS. Cargo theft can be as simple as bribing a driver to park in a certain spot at the truck stop for his sleep interval and ignore the noises out back. The thieves open his trailer door, back another truck in contact with the target trailer and transfer the cargo. Another common method is to have one of the thieves hire on with a company as a driver.

There is such a driver shortage that if you have a CDL and are breathing, you’re hired. Gin up some fake paperwork (a scanner, printer and a laptop will do the job nicely), stop by your favorite drop lot and grab the trailer of your choice. A trailer in a drop lot has the bills-of-materials right there in a compartment on the front of the trailer. Bad guy driver can simply shop until he finds what he wants, hooks and goes. Depending on the drop lot, he may have to scan the BOM and substitute his “carrier’s” name for the legit one but that’s but another 10 minutes’ work. It’s typical for a legit driver to have to search the lot for half an hour to find his trailer so a guy going from trailer to trailer looking at BOMs isn’t unusual.

Computers in trucks are common now. I carried a laptop, scanner and printer. I scanned every piece of paperwork that went through my hands for my own protection. My company had a bad habit of “losing” paperwork as an excuse for not paying. I could print a copy of the signed-as-received BOM and “un-lose” the paperwork. Using that same hardware for bad purposes required only formulating bad intent.

Here’s an even simpler scenario. Buy or steal a tractor and decal it up to match a major fleet’s tractor. Or just steal a major fleet’s tractor. My company’s tractors were white with little more than the company name, a stripe and the required DOT data. Drive to the drop lot, select your booty and go. “Security” at a typical drop lot consists of recording the truck’s company name and tractor number and sometimes an inspection of the BOM. If an “XYZ Fleet” truck is hooked to a trailer with an “XYZ Fleet” BOM then everything’s good to go.

As Bruce Schneier says, this is just more movie plot make-believe. Sure it’s technically doable but it more resemble Rube Goldberg than a practical scenario. There are dozens, maybe hundreds of ways to achieve the same goal without the expensive hardware or complicated scenario that you postulate. Perhaps before you write another trucking security article, you could actually spend some time around the industry. You know, maybe just sit and chat with drivers in a truck stop or two.

John

Conversely, jamming GPS really is trivial squared! At short ranges, its as simple as using an off-the-shelf crystal oscillator module (about £20 in the UK, ratehr less in the US) and a 5V battery. I’ve tested several, and all work to a few metres; great for disabling the GPS tracker in a hire car. A really good medium power GPS jammer can be built by someone with modest amateur (ham) radio construction experience. Such a gizmo is good for jamming out to hundreds of metres to km.

So, for the hijack scenarios described, don’t bother thinking about spoofing the GPS. Attach a jammer to the vehicle, let it drive a few km away so the base station will have lost its location, then go ahead.

R-ECM

Secondly, if you have this unit you can pull right up to a truck and kill the cell phone signal and gps signal. They at that point can hijack a truck!

The units are currently sold on the market overseas. In addition, at trade shows right here in the USA (ISC Expo) i’ve had the unit in my hand practically and could of purchased the unit with no problem. However, for me it’s not worth it because I actually have no use for it!

Spoofing sounds ok and creates deception. However, if we are to worry about terrorist or truck hijacking the jammers in my opinion are something to fear more than spoofing!

Good question! Jon and Roger detail all seven countermeasures in their paper, “GPS Spoofing Countermeasures”:

http://www.homelandsecurity.org/bulletin/Dual%20Benefit/warner_gps_spoofing.html

I just listed the ones that Jon mentioned over lunch. Cheers– s