What is GPS Spoofing?

GPS Spoofing is the process of using an RF transmitting device to intentionally make a GPS receiver calculate a false position. The transmitting devices used to do this are called spoofers and they are RF transmitters that are closer to the targetted GPS receiver than the GPS satellites and hence are able to overpower the weak signals coming from the satellites. GPS spoofers recreate GPS signals of higher power compared to the real GPS signals and trick the relatively simple GPS receivers that are pre-programmed to use the signals with the highest possible power to calculate time and position.

GPS signals are of two types - the encrypted Military GPS signals called P(Y) code for government authorized use only and the civilian GPS signals called C/A code. As the C/A code structure is openly published in a public signal-in-space interface specification, it can be recreated by a relatively competent adversary who can then accurately generate a “spoofed” version of the GPS signal and then transmit them to deceive a local GPS receiver. If the targeted GPS receiver is unable to tell the difference between the real satellite signals and the spoofed signals, it will calculate its position according to the false signals and hence display the receiver as appearing to be at a different location.

The encrypted P(Y)-code GPS signals are resistant to spoofing attacks because they can't be recreated. The decryption key to these signals can only be used by special GPS receivers called Selective Availability Anti-Spoofing Modules (SAASM). These modules are also usually tamper-proof to prevent reverse engineering attempts by adversaries. SAASMs are only available to government-authorized customers like the military, high-ranking officials etc., and their sales and distribution are tightly controlled by the United States Department of Defense.

Spoofing is also done intentionally in some military scenarios. Secretly operating military forces and individuals spoof their own location so that it is much more difficult for them to be caught by adversaries. Some civilians also spoof their location in some cases like when using region-locked apps and services on their smartphones. Spoofing in these cases is done by third-party apps or software that change values generated by the smartphone’s GPS receiver to make the targetted region-locked application to think the phone is at a location where it actually isn't. These kinds of spoofing are usually detectable and may or may not be legal and will depend upon the IT laws of the state/country.

What can you do to stop GPS Spoofing?

GPS anti-jamming is the process of protecting GPS receivers from spoofing. The best way to be protected against spoofing is to use P(Y) code signals of GPS, but they're only available to a select few entities to keep its security features intact. The general public, however, has to use C/A code signals of the GPS. Among civilian GPS receivers anti-spoofing measures usually consists of using multi-constellation receivers that can receive PNT signals from multiple GNSS constellations. Spoofing GNSS signals of multiple constellations simultaneously would require significantly more powerful and complex RF transmitters. Hence, using multi-constellation signals these civilian receivers can refer to signals from other constellations to ensure that the GPS signals they are receiving are authentic and accurate. Some other anti-spoofing strategies also include using an inertial measurement unit (IMU) which is a device that measures and reports the body's specific force, angular rate, and sometimes the orientation of the body, using a combination of accelerometers, gyroscopes, and sometimes magnetometers. IMUs can be an additional measure of protection by aiding the navigation solution as an adversary cannot spoof the Earth's gravitational field or vehicle dynamics and cause the IMU to think it has moved in a way that it hasn't.