GPS Spoofing:
For most of the history of global navigation satellite systems (GNSS), the risk of signal spoofing—someone transmitting fake GNSS signals to trick a receiver into reporting false time and position—was limited to military contexts. Given the high costs and RF expertise needed to mount such attacks, they weren’t considered a significant threat to commercial applications. Indeed, prior to 2015, there were approximately zero reported spoofing incidents outside of academic research or nation state-level electronic warfare.
Note the past tense. Over the past decade, GNSS/GPS receivers have come to play a central role in myriad commercial applications, from fleet management to ride-sharing and delivery apps, to precision agriculture, to basic safety and automation systems in commercial aircraft. Any of these applications, and dozens more, are now ripe for disruption from GNSS spoofing. Meanwhile, it’s now possible for anyone with a couple hundred dollars to build a reasonably effective RF signal spoofer and download open-source code to make use of it.
If you’re involved in developing systems that utilize or depend on GNSS—especially those supporting safety-critical or liability-critical operations—spoofing is now a very real threat that must be accounted for.
Inside the Threat
As uncrewed drones have become first-line tools of warfare, the use of GNSS spoofing to disrupt their operations has accelerated. Indeed, it’s now common to find large regions around military conflicts where signals reported by GNSS receivers cannot be trusted. For authorized military and defense applications, GNSS receivers can protect against spoofing by using encrypted signals like the GPS P(Y) code and Galileo’s Public Regulated Service (PRS). But as the effects of spoofing bleed into more commercial applications, developers and integrators need new strategies to combat it.
Part of the challenge is that the range of spoofing attacks can vary a great deal—from low-level criminals using inexpensive software-defined radios (SDRs) to outwit nearby law enforcement, to sophisticated military-grade equipment that affects receivers across many kilometers. It’s therefore not just targeted attacks that commercial system developers have to worry about. Depending on the equipment used, there’s a high risk of collateral damage from any GNSS spoofing attack. Any nearby unprotected receivers will likely be disabled or disrupted, even if they’re not the intended target.
Spoofing attacks can be carried out in multiple ways depending on the attacker’s intentions, equipment, and budget. We see five basic types:
- Meaconing, or re-transmitting authentic GNSS signals to a target receiver, so that it uses the re-transmitted data to determine position rather than the true signal
- Code/carrier attacks that use an RF signal generator to mimic authentic GNSS signals, then increase power to trick a targeted receiver into locking its tracking loops to the fake signal
- Navigation data attacks that work similarly, but instead of manipulating the signal code and carrier, they change the navigation message to cause a denial-of-service or produce errors in the receiver
- Application-level spoofing, which shares characteristics with a typical cyberattack, in that it involves gaining access to the receiving device and manipulating the processing of GNSS signals to output incorrect time and location information
- Multi-method attacks that combine multiple techniques with advanced equipment to overcome any defense measures the user equipment may employ
The effects of these attacks can vary according to, for instance, the state of the receiver—whether it is activating from a cold start (with no time and position and no valid almanac or ephemerides data), a warm or assisted start with some or all of that data, or during re-acquisition after a signal has been lost.
For those developing and integrating GNSS receivers, it’s important to understand the potential impact of all of these types of attack on the receiver’s operation under the full range of operating conditions.
Combatting Spoofing
As the spoofing threat for commercial GNSS systems grows, developers and integrators are applying three primary mitigation strategies:
- Updating procedures: The most immediate mitigations involve revising operational procedures to ensure that users do not rely entirely on GNSS receiver output, and stay vigilant for anomalies. In commercial aviation, for example, crews and controllers continually drill on safely operating without key automation and safety systems if GNSS is compromised.
- Augmenting PNT: For safety-critical applications especially, developers are adding complementary or alternative positioning technologies (such as inertial sensors, Wi-Fi/cellular positioning, or holdover clocks for timing applications) to reduce the risk of systems acting on false PNT information.
- Hardening receivers: System developers and integrators are also taking steps to enhance a receiver’s ability to detect and block spoofing. Mitigations range from simple alarms to advanced mechanisms to automatically reject spoofed signals.
Within these categories, developers and integrators can and should employ various mitigation techniques. For example, as part of hardening and augmentation strategies, receivers can use antenna-aided techniques like beamforming and null steering to avoid spoofed signals. Since spoofed signals are often “louder” than legitimate ones, some receivers can detect likely attacks by monitoring for input signal power variations. Receivers that use additional frequencies and constellations can be used to offer greater resilience.
To augment GNSS for PNT, developers are also applying supplemental systems like inertial measurement units or “dead reckoning” sensors like gyroscopes and accelerometers. Some also use approximate position from an alternate system, like cellular ID or Wi-Fi, to validate the computed GNSS position.
Some industries, like commercial aviation, are also adopting detection and alerting services that notify crews when spoofing activity is detected—in some cases, with detailed locations and altitudes to provide a full 3D picture of the threat. Via such services, airlines are able to make informed risk assessments on travelling to or through any location, and are able to prepare crews and equipment for the expected instance and type of threat. While integrating new equipment and new techniques will likely take a significant amount of time, detection and alerting is enabling greater levels of resilience today.
Testing Becomes Essential
The types of attacks affecting commercial GNSS applications will continue to evolve. Developers and integrators should be thinking carefully about the risks that spoofing could pose for users. All of these efforts start with accurate testing and emulation. The goal should be to test under scenarios as close as possible to real-world spoofing conditions, and to account for the numerous variables encountered in the real world. This is the only way to fully understand the impact of spoofing on a system and the specific mitigations needed to ensure that it can continue functioning as expected. For an in-depth technical discussion of GNSS spoofing and recommended testing strategies to address it, download our white paper GNSS Signal Spoofing: How to Evaluate the Risks.
