Fridges on the Highway: Road Traffic Poisoning of Navigation Apps
share
Navigation software apps have a huge impact on the daily commuting of people, by affecting both their estimated time of arrival and the traversed path. Indeed, such apps infer the current state of the road by relying on several information such as the position of the devices and their speed. The technological advancements in two independent fields, i.e., mobile phone virtualization and Software Defined Radios, enable new types of attacks, where an adversary might add or remove devices from an actual road. We refer to the aforementioned behavior as road traffic poisoning. Indeed, it is possible to create fake queues of virtual devices wherever in the world, and to remove actual users from a congested road, by spoofing their reported GNSS position. These attacks open up several dreadful scenarios, where users can be maliciously re-routed by creating congestion in target positions of large cities, possibly affecting people's safety. In this paper, we discuss different adversary models exploiting the aforementioned attacks, and we point out the related threat scenarios. We also propose several, novel countermeasures, both on the client side and on the cloud side, that could be adopted to mitigate the above threats. We believe that our analysis, the presented scenarios, and the discussion on the potential countermeasures will pave the way for future research in the area.
READ FULL TEXT