DoD Seeks Sources for 50,000 eLoran/GPS Receivers

As reported by Inside GNSS: In a nod to the usefulness of international enhanced Loran (eLoran) systems the U.S. Department of Defense (DoD) in January began a search for companies able to supply some 50,000 eLoran receivers. Meanwhile a multi-agency team continues sketching out the structure of a potential U.S. eLoran system for federal officials weighing a relaunch of the program as a backup to GPS.

Worried about GPS vulnerabilities, the Department of Defense has become increasingly interested in being able to use the nearly jam-proof eLoran “signals of opportunity” in Europe, South Korea, and other countries. Even NATO is looking at the issue and was briefed on the technology in December.

On Wednesday (January 14, 2015) the Army issued a “Sources Sought” RFI (request for information) for potential receiver suppliers. The announcement makes clear that no funds are available (yet) to buy equipment but also says that the data may be used in development and acquisition strategy. Responses to the solicitation, which is number is W56KGY-15-R-ELOR, are due February 13.

Officials are seeking information on both stand-alone eLoran receivers and receivers that integrate eLoran and GPS. More specifically they are looking for data on the size, weight, power, and cost (SWaP-C) of eLoran receivers designed for maritime, aviation, vehicular, and timing applications.

Acquisition managers also want to know about antennas, how quickly receivers could be demonstrated, potential one-way messaging capabilities using the eLoran data channel and orientation capabilities from a single signal when the receiver is not moving. They told would-be suppliers to assume an order quantity of 50,000 when developing “Rough Order of Magnitude” per-unit costs.

Perhaps more intriguing to would-be vendors, the Army is asking suppliers to consider how they might be able to improve their designs after a five-year development program. In addition to advancing the characteristics and capabilities described earlier, the Army also wants to know about developing signal tracking in environments where GPS is often unavailable, such as indoors, underwater, and in urban environments.

The RFI came out as civil and military officials prepared to meet to develop a concept of operations for an eLoran system in the United States. When done, the CONOPS document will lay out how the system will be operated and by whom. A source familiar with the effort said it is a necessary step before deciding whether to undertake the program and will help determine what the system will cost.

In the past year, support has blossomed again for eLoran in other nations, on Capitol Hill, and among industry and section of the navigation community. Most approaches would repurpose some of the remaining assets of the old Loran system, which President Obama ordered to be discontinued in 2010.

The cost has been a key stumbling block. Although eLoran has been widely endorsed as a practical and cost-effective backup for system by experts, including the National Space-Based Positioning, Navigation, and Timing (PNT) Advisory Board, and many agencies agree they would use it, no government organization has been willing to accept financial responsibility for the program. Concerns over jamming, however, and an increasing understanding of how GPS, and especially GPS timing data, have become integrated into critical infrastructure may be enough to push it over the funding hurdles.

Although not directly related the widely anticipated Army RFI is seen as a plus by proponents for eLoran in the United States.

“The effect of the RFI is definitely positive for us just by nature of the fact that [the Department of Defense] is interested in the technology,” a source told Inside GNSS. “DoD as usual,” they said, “is stepping out to see the art of the possible.”

Google Could be Funding SpaceX's Satellite Internet

As reported by The Verge: After introducing the idea of creating a satellite-based internet back in November, Elon Musk went into further detail last week on his $10 billion plan to build out a network over the next five years. Now, The Information is reporting that Google might be a main investor.

According to an unnamed source in the article, Google has agreed to value SpaceX north of $10 billion, and the inclusion of other investors would make for a big round of funding. It would be another of a handful of network projects the company is invested in — most notable of which is Project Loon. A follow-up report from The Wall Street Journal pegs Google's actual investment at $1 billion, or a tenth of what the project is expected to cost.

Over the last few years Google was working on a similar satellite project with industry expert Greg Wyler, who left to form a company backed by Qualcomm and Virgin called OneWeb. (At one point last year OneWeb, then known as WorldVu, was rumored to be partnering with SpaceX.) That project — which Richard Branson is chipping in some of his own money to fund — is based around the technique of linking the satellites over specific radio spectrum. Musk's new idea, conversely, would reportedly connect the satellites with a laser-based system.

The micro-satellites would orbit the Earth at an altitude of just 750 miles, far below the typical satellite orbit of 22,000 miles. The biggest advantages to putting the internet in orbit — as opposed to terrestrial options like fiber — are speed and coverage. "The speed of light is 40 percent faster in the vacuum of space than it is for fiber," says Musk. The expansive network would also allow for everything from improved coverage in rural areas to, one day, connecting us to Mars.

Elon Musk's Space Internet Venture Could Link With Future Mars Colony

As reported by Hot Hardware: You have to hand it to Tony Stark, err, I mean Elon Musk. The man helped to co-found PayPal and he’s the CEO of Tesla Motors, which has brought us wonderful electric vehicles like the Roadster and the outrageous Model S P85D. Musk also helms SpaceX, which just recently made its fifth successful trip the International Space Station (ISS) to deliver supplies via the Dragon capsule. The secondary mission of the latest ISS launch resulted in the “successful failure” of the Falcon 9 rocket, which Musk described as a Rapid Unscheduled Disassembly (RUD) event.

And let’s not forget that Musk is also the chairman of SolarCity, which produces commercial- and consumer-grade solar panels. You would think that Musk already has enough on his plate, but you’d be dead wrong. In addition to his Hyperloop side project, Musk is eyeing a space-based Internet network that would be comprised of hundred of micro satellites orbiting roughly 750 miles above Earth.

Elon Musk with President Barack Obama (Source: NASA)

The so-called “Space Internet” would provide faster data speeds than traditional communications satellites that have a geosynchronous orbit of roughly 22,000 miles. “Our focus is on creating a global communications system that would be larger than anything that has been talked about to date,” said Musk. He hopes that the service will eventually grow to become “a giant global Internet service provider,” reaching over three billion people who are currently either without Internet service or only have access to low-speed connections.

And this wouldn’t be a Musk venture without reaching for some overly ambitious goal. The satellite network would truly become a “Space Internet” platform, as it would form the basis for a direct communications link between Earth and Mars. “I think this needs to be done, and I don’t see anyone else doing it,” Musk told Bloomberg Businessweek.

Elon Musk has his eyes set on a Mars colony. (Source: SpaceX)

Musk’s endgame is to help establish a colony on Mars and all of the pieces of the puzzle (including SpaceX’s rapidly-reusable Falcon rockets) are slowly coming together. "The reason SpaceX was created was to accelerate development of rocket technology, all for the goal of establishing a self-sustaining, permanent base on Mars," said Musk at the 33rd annual International Space Development Conference in May of last year. "And I think we're making some progress in that direction — not as fast as I'd like."

Space Internet would also help to fund Musk’s efforts to establish a colony on Mars; well, that and the half billion price tag for a private citizen to make the trip according to his calculations.

WiGig: A Speedy Wireless Protocol Is Coming to Many Gadgets in 2015

As reported by MIT Technology Review: Smartphones, tablets and PCs should appear this year that can send and receive data wirelessly more than 10 times faster than a Wi-Fi connection. As well as transferring videos and other large files in a flash, this could do away with the cables used to hook PCs up to displays or projectors.

The wireless technology that will allow this is known as 60 gigahertz—after the radio frequency it uses—and by the name “WiGig.” Computing giants including Apple, Microsoft, and Sony have quietly collaborated on the new standard for years, and a handful of products featuring WiGig are already available. But the technology will get a big push this year, with several companies bringing products featuring WiGig to market.

WiGig carries data much faster than Wi-Fi because its higher frequency radio signal can be used to encode more information. The maximum speed of a wireless channel using the current 60 gigahertz protocol is seven gigabits per second (in perfect conditions). That compares to the 433 megabits per second possible via a single channel made using the most advanced Wi-Fi protocol in use today, which transmits at five megahertz. Most Wi-Fi networks use less advanced technology that operates even slower.

Qualcomm, a leading maker of mobile device processors and wireless chips, has invested heavily in WiGig. At the International Consumer Electronics Show in Las Vegas this month, the company demonstrated a wireless router for home or office use with the technology built in. That device will go on sale by the end of 2015.

Qualcomm has also designed the latest in its line of Snapdragon mobile processors to support WiGig. The “reference designs” Qualcomm shows to customers include its 60-gigahertz wireless chips, and the first devices built using the Snapdragon 810 processor are expected to go on sale in mid-2015. At CES, Qualcomm showed tablets built with that processor using WiGig to transfer video.

Mark Grodzinsky, a director of product management at Qualcomm, says WiGig technology should be much more reliable than Wi-Fi. As well as reducing congestion by providing a fresh chunk of airwaves to use, WiGig suffers less interference because it is directional. Whereas Wi-Fi devices blast their signal in all directions, WiGig ones use an array of tens of tiny antennas to point a beam toward the device they are connecting to.

“You’re not dirtying the air around you,” says Grodzinsky. “You could have a bunch of them in the same room and they would not interfere with each other.”

Those working on WiGig technology predict that demand for high definition video will make the technology necessary. The latest smartphones now record video at extremely high resolution. Grodzinsky says WiGig will start appearing in set-top boxes, making it easier to stream content from mobile devices to high definition TVs, or upload it to the Internet. Qualcomm calculates that its WiGig technology will make it possible to transfer a full-length HD movie in just three minutes.

The 60-gigahertz signals also have some disadvantages compared to Wi-Fi. They are blocked by walls, ceilings, and floors (although they can be picked up after bouncing off obstructions). This means they can generally only be used between devices in the same room.

Besides Qualcomm, Intel is preparing its own WiGig technology, and the company said at its annual developer conference last summer that WiGig chips would appear in laptops in 2015. In demos then and at CES this month, Intel showed a laptop using WiGig to connect with displays and other peripheral devices.

Samsung also expects to launch WiGig products this year. The company announced late in 2014 that it had developed its own implementation, and said it expected to commercialize it in 2015. The technology will appear in Samsung’s mobile, health-care, and smart home products.

The technology could eventually be used to extend the capacity of cellular networks. Last year, researchers led by Heather Zheng at the University of California, Santa Barbara, showed that the frequency can provide high-speed links at distances of 100 meters or more outdoors. “I think there’s real potential in certain deployments like a busy intersection or a shopping mall,” says Ben Zhao, a UCSB professor who worked on the project.

Zhao predicts that 60-gigahertz technology will find other uses as it becomes cheaper. He and Zheng worked with Google to test it as a way to replace some cables inside large data centers. They also found that a 60-gigahertz device can use its beam like a radar signal to detect the position and size of nearby objects.

The technology should also get faster. “Tens of gigabits per second will definitely happen within the next couple of years,” says Qualcomm’s Grodzinsky. “I think the spec will probably go upward of 100.”

Insurance Company Dongles Don't Offer Much Assurance Against Vehicle Hacking

As reported by Forbes: Corey Thuen has been braving the snow and sub-zero temperatures of Idaho nights in recent weeks, though any passerby would have been perplexed by a man, laptop in hand, tinkering with his aptly-named 2013 Toyota Tundra at such an ungodly hour.

He hasn’t been doing repairs, however. Quite the opposite. Thuen, a security researcher at Digital Bond Labs who will present his findings at the S4 conference in a talk titled Remote Control Automobiles, has been figuring out how he might hack the vehicle’s on-board network via a dongle that connects to the OBD2 port of his pickup truck. That little device, Snapshot, provided by one of the biggest insurance providers in the US, Progressive Insurance, is supposed to track his driving to determine whether he deserves to pay a little more or less for his cover. It’s used in more than two million vehicles in the US. But it’s wholly lacking in security, meaning it could be exploited to allow a hacker, be they in the car or outside, to take control over core vehicular functions, he claims.

It’s long been theorised that such usage-based insurance dongles, which are permeating the market apace, would be a viable attack vector. Thuen says he’s now proven those hypotheses; previous attacks via dongles either didn’t name the OBD2 devices or focused on another kind of technology, namely Zubie, which tracks the performance of vehicles for maintenance and safety purposes.

Corey Thuen messing with his Toyota in the middle of the night in Idaho

But he hasn’t gone as far to actually mess with the controls of his Toyota. By hooking up his laptop directly to the device he says he would have been able to unlock doors, start the car and gather engine information, but he chose not to “weaponise” his exploits, he told Forbes. “Controlling it wasn’t the focus, finding out if it was possible was the focus.” 

He started by extracting the firmware from the dongle, reverse engineering it and determining how to exploit it. It emerged the Snapshot technology, manufactured by Xirgo Technologies, was completely lacking in the security department, Thuen said. “The firmware running on the dongle is minimal and insecure. It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies… basically it uses no security technologies whatsoever.” 

The researcher noted that for a remote attack to take place, the concomitant u-blox modem, which handles the connection between Progressive’s servers and the dongle, would have to be compromised too. Such systems have been exploited in the past, as noted in a paper here from Ralf-Philipp Weinmann, from the University of Luxembourg.

Corey Thuen’s Toyota, ready to be compromised

Regardless of the steps needed for a successful attack, it’s apparent such dongles are insecure, posing a genuine risk to people’s lives, Thuen added. “I suspected that these dongles were built insecurely, and I was correct. The technology being used in them is outdated and vulnerable to attack which is highly troubling considering it is being used to remotely access insecure by design vehicle computers,” he said. “A skilled attacker could almost certainly compromise such dongles to gain remote control of a vehicle, or even an entire fleet of vehicles. Once compromised, the consequences range from privacy data loss to life and limb.

“Also, there is the attack vector of Progressive backend infrastructure. If those systems are compromised, an attacker would have control over the devices that make it out to the field.
“In simple terms, we have seen that cars can be hacked and we have seen that cell comms can be hacked.”

Privacy of data within cars is also a growing concern, one highlighted by Thuen’s research. BMW this week said it had repeatedly been asked by technology companies and advertisers to hand over the data their cars generated, but it has refused to give in to those requests. Thuen said it would be possible to intercept data passed between the dongles and the insurance providers’ servers, likely including location and performance information, as they “do nothing to encrypt or otherwise protect the information they collect”.

Xirgo had not responded to Forbes requests for comment. Thuen said he’d tried to disclose his findings to Xirgo but got no response. Progressive said it hadn’t heard from Thuen, but handed this comment via email to Forbes: “The safety of our customers is paramount to us. We are confident in the performance of our Snapshot device – used in more than two million vehicles since 2008 – and routinely monitor the security of our device to help ensure customer safety.

“However, if an individual has credible evidence of a potential vulnerability related to our device, we would prefer that the person would first disclose that potential vulnerability to us so that we could evaluate it and, if necessary, correct it before the vulnerability could be exploited. While it’s unfortunate that Mr. Thuen didn’t share his findings with us privately in advance, we would welcome his confidential and detailed input so that we can properly evaluate his claims.”

The findings landed on the same day as the World Economic Forum’s Global Risks 2015 report warned about the increasing potential for digital attacks on cars. “There are more devices to secure against hackers, and bigger downsides from failure: hacking the location data on a car is merely an invasion of privacy, whereas hacking the control system of a car would be a threat to life. The current internet infrastructure was not developed with such security concerns in mind,” the report read.

One of the report’s contributors, John Drzik, president for global risk and specialties at insurance giant Marsh, told Forbes the insurance industry hasn’t quite grasped the problem of vehicular digital security.

Drzik said insurance companies could actually provide much of the impetus required to secure cars from hackers. They could, for instance, develop standards for being insured against such cyber risks or within the technologies, he added.

Black Hat: Global Terrorism and the Internet of Things (IoT)

As reported by the Daily Beast: Forget old techie movies. In Blackhat, the hacking is astoundingly accurate.

We’ve all seen hacker movies that feature utterly preposterous situations and technology. We’re looking at you, Hackers, Swordfish, and The Net.

But Blackhat, a high-tech Bourne-type thriller is surprising plausible, and seems almost rooted in reality.

The plot is fairly straightforward: formerly incarcerated Nick Hathaway (Chris Hemsworth) is pitted against a malicious hacker causing nuclear disasters, stock market crashes and other mayhem. If Hathaway catches this “blackhat” hacker, his criminal record is wiped. The chase is on, and it makes for an exciting movie.

The thing is: the situations described are very real, and even likely. Some of them have already happened.

SPOILER: Don’t read further if you want to stay away from movie details

SCADA Systems

In the movie, a malicious hacker (called a “blackhat”) infiltrates industrial computer systems and plants malware to take control of critical internal infrastructure. These systems are typically referred to as SCADA (Supervisory Control and Data Acquisition) systems, or industrial control systems, and they run everything. We’re talking power, water, oil, communications, manufacturing, transportation—basically everything that keeps our economy moving. In the real world, defending these industrial control systems is a major concern for U.S. security agencies.

At the start of the movie, the blackhat uses his malware to force a water pump failure at a nuclear power station. This results in a reactor meltdown. Sensational for sure, but how likely is it that something like this could happen? Well, something like it already has.

Stuxnet

In 2010, thousands of nuclear centrifuges at Iran’s Natanz uranium enrichment facility started to spin too quickly and were damaged, and the country’s nuclear enrichment program experienced significant setbacks. The cause behind the damage turned out to be a piece of custom-written malware named Stuxnet.

Just like inBlackhat, custom-written malware can be used to damage critical infrastructure.

Stuxnet was probably written by the United States or Israel. It likely spread to the Natanz computer network via an infected USB drive, and was written so that it would only deliver its payload if it was on a computer in Iran using variable-frequency drives that was running a specific type of industrial control software. This was software written for a very specific purpose—to slow down Iran’s ability to make a nuclear bomb.

Just like in Blackhat, custom-written malware can be used to damage critical infrastructure. It’s difficult and expensive to do, but it has happened. It’s also probable that these types of events will occur in the future.

And if you think we’ve got a handle on cyber security, you need only look at news reports of data breaches at Target, Home Depot, Adobe, JP Morgan Chase, Ebay, TJ Maxx, the U.S. military, or the 2014 Sony data breach—the largest hack in history—to know that the fight is ongoing.

Internet of Things

The vulnerability of industrial systems becomes even more concerning when you consider the Internet of Things. This is the idea that more “things” (like centrifuges, water pumps, heaters, air conditioners, eye glasses, watches, refrigerators, etc.) are going to have the ability to connect to networks. They’ll be able to send and receive data, receive updates and be remotely configured.

From a consumer’s perspective, this is great news! Everything will be smart, just like your phone. The great thing about smart phones, of course, is that they operate more like a pocket-sized computer than simply a telephone. The downside: they’re also a lot more vulnerable to malicious hackers.

Blackhat deals with larger threats to national security, but what if hackers decide to target individuals: What happens when your new smart car or smart house gets hacked?

No, all you luddites out there, the answer isn’t to abandon all technology and stick with “dumb” things. The answer is to build security into products (software with security in mind), behave more securely (why would you ever put a strange USB into your computer?), follow reasonable security advice like using strong passwords and support laws that strengthen the security of critical industrial systems.

The movie gives us a realistic look at the vast implications of cyber security threats—threats that are more real that most people probably realize. These could make the movie not so much a thriller but a horror film.

Falcon 9 Landing Turns Into "Unscheduled Disassembly" (Video)

As reported by Planetary Society and TechCrunch:  Genius futurist, entrepreneur and expert Twiterrer Elon Musk revealed some new information about SpaceX’s most recent reusable rocket landing attempt following the launch of its Dragon space capsule to resupply the International Space Station. In a conversation with John Carmack, formerly of ID and current VR software guru at Oculus, Musk shared still frames from SpaceX’s autonomous seafaring drone landing ship, which show the rocket’s RUD (rapid unscheduled disassembly) in spectacular glory.

Musk had previously revealed that the rocket landed hard, but despite its fantastic fireball, the test was actually a relative success for SpaceX’s efforts to recapture its first stage rocket for re-use. Explosions aren’t always signs of failure when you’re dealing with science, and in the case of spacefaring tech that’s even more true.

After posting the photos (and new SpaceX Vine, just added) above, Musk also reiterated that SpaceX will get another chance to test the landing and recovery capabilities of its reusable rockets and the autonomous barges it is using as mobile landing platforms in about two to three weeks’ time. With his trademark wry humour, he said the next test would involve “way more hydraulic fluid,” and that it “sh[ould] explode for a diff[erent] reason” at the very least. Failing for new reasons is basically the definition of scientific progress, is basically what he’s getting at.

Musk ended his flurry of tweets saying his motivation in posting the photos to Carmack is a desire to get the legendary programmer back into aerospace tech. Carmack founded Armadillo Aerospace back in 2000, with the aim of building suborbital space tourism spacecraft, but essentially shuttered the project in 2013, so Musk may be only half-kidding.