this post was submitted on 23 Nov 2023
426 points (98.9% liked)
Technology
59656 readers
2658 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The problem is with the way GPS works. Your device gets telemetry from the satellites. A fake signal can screw up the whole system.
But if they had authentication you would know that the message doesn't come from a legitimate satélite.
If their isn't then there's a big problem with implementing that now, which would require a retrofit of every single GPS system currently in use and likely a replacement of all GPS satellites
Edit: I'm slightly mistaken, the military uses encryption but they don't have that open for public use.
I would hope whoever designed the satellites had the foresight to allow remote software updates.
They're talking about the millions of receivers around the world, not the satellites.
Nah we just need a satellite mechanic astronaut
Software updates become useless if you hit hardware limitations
you can't have authentication in a one way system. satellites send days, planes receive it, but never send anything.
You can have a digital signature, so the recievers know it's legit
yes of course, but that isn't authentication.
Playing with semantics a little, it can be thought of as the satellite authenticating with the client using the signature as password.
That's not how PKI works?
Unless you know how digital signatures work better than me
You can't copy a signature, since it is different every time the signed content is different. You need to have the correct key in order to make a valid signature.
If you've figured out how to do that, a lot of governments would pay you a lot of money for your solution