The first GPS navigation devices for cars were strictly "dumb" in the sense of picking optimal routes on speed or distance. The past few years have seen models incorporate traffic information to perform on-the-fly route optimization. That information used to come through inaudible frequencies through FM radio but the prevalence of smartphone GPS navigation applications is shifting that to a direct pull via the Internet. But how has that data been derived? Many of those smartphones in cars are transmitting speed and location information back to central servers that aggregate the data to determine flow rates on traffic routes. However, due to users demanding privacy, the traffic aggregators cannot guarantee authenticity of the originating source. What does this mean? Well, a BlackHat presentation shows a proof-of-concept for falsifying traffic data in order to "control" the information passed back to drivers. (pdf)

An attacker could send false location information to Google without being detected and therefore affect the traffic flow analysis. If, for example, an attacker drives a route and collects the data packets sent to Google, he can replay them later with a modified cookie, platform key and time stamps. The attack can be intensified by carrying out several delayed transmissions with different cookies and platform keys to simulate multiple cars. If the attacker adds noise to the measured values (e.g. to the signal strengths of wireless access points), uses different source IP addresses, a distinction between real and fake location information is no longer possible.