GPS spoofing, its vulnerabilities and how to prevent it.

GPS spoofing is a danger that has been lurking for several years, but due to technological advancement we take it for granted. Learn more about GPS spoofing.

For several years now, different ways of spoofing have been developed in various fields. One of them is GPS spoofing that has existed since the popularization of the use of GPS; which has generated a large number of attacks on these devices; the targets of these attacks have evolved over time, and have focused from identity theft attacks to cyberterrorism. It is therefore advisable to gather all these advances and precautions on GPS spoofing.

Before knowing how spoofing is performed, we must first know how GPS works…

GPS spoofing
GPS spoofing

What is GPS and how does it work?

The Global Positioning System, or GPS; is a satellite navigation technology commonly used by terrestrial travelers to properly get from point A to point B using digital guidance. Like many of the technologies we know today, GPS was primarily intended as a military resource; however in the 1980s it was decided to commercialize this device for civilian use. Looking at the characteristics of GPS we can see that it works anywhere in the world; regardless of weather conditions or time gaps and currently many devices have this technology; be it cars, Smartphones, etc.

The way these devices work, as we mentioned before, is through satellite signals. GPS satellites circle the planet daily, in a very precise orbit which allows transmitting the signal data to the earth. GPS receivers take this data and use triangulation to calculate the exact location of the person or device.

Basically, the GPS receiver compares the time a piece of evidence was transmitted by a satellite with the time it was received. The time difference tells the GPS receiver how far away the satellite is. Now, with distance measurements from many satellites; the receiver will verify the user’s position and display it on the electronic map which is what we view.

Now, how does GPS spoofing happen?

While GPS technology has brought many, many benefits to people over the years; it has also proven to be potentially vulnerable and dangerous. GPS spoofing occurs when someone uses a transmitter to send a fake GPS signal to a receiving antenna to counter a legitimate or real GPS satellite signal. Most navigation systems are designed to use the stronger GPS signal; so the fake signal overrides the weaker, but legitimate satellite signal.

There is likewise another similar attack, which is GPS signal jamming; however these should not be confused, as electronic GPS jamming occurs once a cybercriminal blocks GPS signals altogether. The commoditization or exploitation of GPS jamming tools that can block communications is prohibited within the United States. While GPS jamming appears to be the greatest threat, GPS spoofing offers a negative leverage towards businesses.

GPS spoofing allows hackers to interfere with navigation systems without operators noticing. Fake GPS feeds cause drivers, ship captains and other operators to deviate without any coercion. Companies that are mainly exposed to GPS spoofing are transportation companies, cab services, construction companies, shipping companies, etc.

Is there more than one type of GPS spoofing?

YES! And they are as follows:

  • GPS signal spoofer: In this class, a GPS signal machine concatenated with an RF front-end is used to mimic authentic GPS signals. The signals generated by this class of spoofer do not appear to be basically synchronized with the true GPS signals. Therefore, the spoofing signals appear as if they are noise to an operational receiver in tracking mode (even if the power of the spoofer is higher than that of the authentic signals). However, this type of spoofers effectively deceives business GPS receivers especially if the spoofing signal strength is beyond the authentic signals.
  • Receiver-based spoofers: This type of spoofer is difficult to discriminate from authentic signals and is much more sophisticated than the previous class. The biggest challenge for the realization of this type of spoofer is to get the signals to the victim’s receiver with relevant delay and signal strength. The power of the spoofing should be slightly higher than the power of the authentic signal in order to successfully fool the target receiver, however, it should not be much more than the ordinary power of GPS signals.
  • Sophisticated receiver-based spoofers: This class is the most complicated and effective of the spoofing classes. It assumes that this class captures the cm-level position of the center of the antenna part of the target receiver, to fully synchronize the spoofing signal code and carrier part with those of the authentic signals at the receiver. This type of spoofer will take advantage of most transmit antennas to defeat direction-of-arrival anti-spoofing techniques.

How can we prevent these attacks?

There is certainly no way to completely protect GPS signals, because they are in space, being transmitted by a satellite in orbit; so implementing some security tool or method is a technology that is still unattainable at the moment. However, there are techniques that can be implemented to prevent these attacks; one of these that is already available, but is deployed only for fairly massive GPS receivers is the GPS firewall. This device is placed between the GPS receiver and its external antenna. It constantly compares the GPS signal with a set of rules to eliminate false signals, so that only the real one reaches the receiver.

As for mobile GPS, smartphone chip manufacturers may at some point be able to inflict a sort of GPS firewall directly on the devices’ navigation receivers, however, it will be a couple of years before it happens. Unfortunately, there is still a lack of time and awareness on the subject before there will be a real demand.

Interesting related articles: How COVID-19 changed technology.

Other articles that may interest you: 5G technology and its risks.