Why GPS spoofing is a problem (and what to do about it)

What is GPS spoofing?

GPS spoofing alters the signals or data associated with the Global Positioning System to produce different position, navigation, or timing (PNT) information.  It’s a way to trick the GPS receiver (and the applications running on it) into thinking that you’re in another place or another time. 

How does GPS spoofing work?

GPS and other Global Navigation Satellite Systems (GNSS) circle the earth in medium earth orbit, which is around 12,550 miles above the ground – the equivalent of almost five trips from San Francisco to New York.  Since those satellite signals are transmitted across such a great distance, they are pretty weak by the time they actually reach your device.

In a GPS spoofing attack, a terrestrial radio transmitter mimics GPS signals at a greater signal strength than the actual system can muster, effectively replacing real GPS signals with fake “spoofed” radio signals. This used to be complicated, expensive electronics that only militaries could do.  Today, it’s almost ridiculously easy to gain access to such a transmitter. A GPS jammer is available on the internet for around USD 100.

One of the reasons that GPS is easy to spoof is that the signal is unencrypted.  Since no form of authentication or verification is required for GPS transmissions, just about anyone can use the publicly available specifications and falsify a location.

Who spoofs GPS, and why?

Who actually goes to the trouble to produce a fake GPS location?  Everyone from Vladimir Putin to privacy advocates to teens playing Pokémon Go. 

GPS systems were first designed for military use, and militaries were also the first to spoof it.  A 2019 study found that Russia frequently spoofs GPS data to mask military activity in Syria, Crimea, and elsewhere.  Over 7,900 ships have experienced GPS outages connected with Russian GPS spoofing activity since 2016 – a significant hazard for maritime activity that relies heavily on GPS receivers for positioning and navigation.  The study also found that Putin’s movements are frequently masked by GPS spoofing activity.

Today, you don’t need nation-state resources to spoof GPS.  GPS spoofing technology is virtually free, widely available, and very popular. 

Many people use GPS spoofers to prevent applications from precisely tracking their movements.  Some do it to maintain control over their personal data by telling location services that are overtly or covertly tracking users  that they’re in Kazakhstan.  Some do it to trick their parents into thinking that they’re doing homework at a friend’s house.  Others use GPS spoofing to perpetrate (or hide) fraudulent activity.

Spoofing your device’s GPS receiver so it displays  another place is also a popular way to obtain access to country-specific features of games and other applications.  Some rare Pokémon can only be found in certain parts of the world – if you can’t travel to get them, placing your phone there virtually is the next best thing.  Looking to get around NFL blackout rules?  Place your device in the home market for the game you want to watch and…voila!

What is the impact of GPS spoofing?

It’s hard to put a solid number on the impact of GPS spoofing on the economy – it’s a widespread practice but one that is difficult to actually monitor and put a price tag on.  What we do know is the increasing reliance on GPS as a part of the world’s critical infrastructure. 

Reliable, secure, resilient PNT is necessary for the functioning of critical infrastructure around the world. Whether for civil, commercial, or military use, nearly all sectors of the economy rely on accurate PNT information to provide services. However, the ubiquitous use of GPS as the primary source of PNT information makes these sectors vulnerable to adversaries seeking to cause harm by disrupting or manipulating GPS signals.

A recent NIST/RTI study estimated the value of GPS-enabled technologies across the entire US economy at 218 billion dollars in private and public benefits between 2007 (the first year for which benefits could be reliably calculated) and 2017.  The estimated the overall economic impact of GPS on nine critical US industries was $1.4 trillion dollars.  A similar study found that economic contributions of GNSS to the UK economy were £6.7 billion every year.  Those numbers alone suggest that GPS spoofing is something worth protecting against.

What can be done about GPS spoofing?

There are many ways to protect yourself from GPS spoofing.  The Department of Homeland Security suggests several methods businesses and individuals can take, most of which involve protecting antennas and other physical infrastructure.  Several companies offer high-end sensors and hardware designed to protect against standard GPS spoofing attacks.  

Those tactics are fine as far as they go, but they don’t really get to the core issue:  the fact that GPS itself simply wasn’t designed to meet today’s complex security requirements.  At a certain level, it becomes cheaper and easier to replace GPS with other solutions for position, navigation, and timing than it is to try and retrofit the existing system.  The built-in weaknesses of GPS like poor signal strength and lack of encryption are causing more end users to look for alternatives.

Here at NextNav, we’re building GPS 2.0 with our TerraPoiNT solution, and we’re doing it with security in mind.  TerraPoiNT directly addresses the security shortcomings of GPS with a secure, resilient PNT solution that supports conditional access and is nearly impossible to spoof. 

TerraPoiNT transmits PNT signals from right here on Earth.  With a signal strength over 100,000 times that of GPS, it would be very difficult (and expensive) to overwhelm any TerraPoiNT transmission through jamming.

TerraPoiNT also offers encryption, making its signals extremely difficult to reproduce or falsify.  Fake GPS signals, on the other hand, can be transmitted with open source software.

Learn more about NextNav’s TerraPoiNT solution and how it protects against GPS jamming and spoofing.