Is it possible to guard against GPS attacks?

May 3, 2019

Driving downtown, you glance at your navigation app and see that it thinks that you are at the airport. A bit unsettling, no doubt. This is not a made-up situation; it’s a real example of GPS spoofing — that is, the shift of GPS coordinates using a fake (but stronger) GPS signal from the ground that drowns out the one from the satellite.

Who’s doing it and why is a bit of a mystery, but this trick has numerous practical uses — from hijacking drones to interfering with yacht and tanker navigation systems. The only good news is that protection solutions are beginning to appear, albeit slowly.

Has your sat nav ever insisted you are somewhere you are clearly not? Welcome to GPS spoofing

For those in a hurry, here are the basic facts of GPS spoofing:

  • GPS spoofing involves an attempt to deceive a GPS receiver by broadcasting a fake GPS signal from the ground. All navigators in the vicinity start showing the wrong location.
  • GPS spoofing can be used to hijack UAVs and cars, or confuse taxi drivers, drones, and sailors.
  • GPS spoofing tools are quite affordable — a few hundred dollars will buy everything required.
  • Anti-GPS spoofing technology is being developed, but mainly for large systems, such as maritime navigation.
  • The simplest (if inconvenient) way to protect your smartphone or tablet is to switch it to “battery-saving location mode,” whereby only Wi-Fi and cellular networks are used to determine your location, and GPS is disabled (this mode is unavailable on some devices).

And now some details for those wishing to dig a little deeper.

How GPS spoofing works

To understand why GPS can be faked at all, recall the general principles of satellite navigation. Here’s how it works: Suspended above the Earth in geostationary orbit are several satellite systems. They are American GPS, European Galileo, Russian GLONASS, and Chinese BeiDou.

Each satellite transmits a continuous radio signal containing the satellite code and the precise signal transmission time. Your phone or other navigator does not transmit anything at all, but simply receives these radio signals from space. By analyzing the exact receipt time of each signal, it is possible to calculate the distance from the GPS receiver to each of the satellites.

With a bit of math and a comparison of several such signals (at least three, but the more the merrier), the receiver can determine its precise location relative to the satellites. And because the coordinates of the satellites are known and unvarying, doing this calculation makes it possible to work out the location of the GPS receiver on the Earth’s surface.

The problem is that the satellite signals are attenuated by the time they hit terra firma — and the antennas of most receivers are not particularly sensitive. Therefore, just by siting a fairly powerful radio transmitter nearby and broadcasting a fake but technically sound GPS signal from it, it is easy to drown out the satellites and cause all GPS receivers in the area to compute the wrong coordinates.

At the same time, the receivers lack the technical means to determine the direction of the signal, so they do not know that the signal is coming from a completely different source. Even worse, GPS spoofing equipment is very inexpensive (about $300), and all of the programs needed are generally free. In other words, it’s not some complicated stuff accessible only by military or special services — almost anyone can do it.

Do-it-yourself GPS spoofing equipment

Stephan Gerling talks about DIY equipment for GPS spoofing at the Security Analyst Summit

Who needs to spoof GPS — and why?

Some known cases of hacking GPS systems are linked to research projects (for example, yacht hijacking — how do you like that?), poaching, and, most likely, military operations. As autonomous systems such as drones and unmanned vehicles develop, the list will undoubtedly grow. There have also been media reports on the hijacking of military UAVs, which suggests that the situation with civilian drones is unlikely to be any better.

How to protect against GPS spoofing

Although the problem has been known for some time, there is a major obstacle to developing protection measures — the key equipment is in space and will not be replaced right away. GPS satellites emit what they emit, and no one can add standard protection tools, such as encryption and certificates, to the signals. Security measures so far have been more experimental in nature and not for large-scale application.

One approach (which in addition to working against spoofing also provides more stable signal reception) is based on the use of multiantenna receiver configurations (2×2) and beamforming technology. This combination not only filters out noise and interference, but also can be used to determine the direction from which a signal is coming.

This technique makes it easier to distinguish a fake satellite signal from a real one. So far, such installations for GPS exist only as relatively large experimental prototypes, but going forward they could be implemented in more compact equipment. This will not be as difficult or costly as it seems; similar technologies are already used in 4G and 5G cellular networks.

Another approach uses a commercial solution that is already available but deployed only for fairly large GPS receivers (for example, on sea vessels): the so-called GPS firewall. This device is installed between the GPS receiver and its external antenna. It continuously matches the GPS signal against a set of rules to try to cut out false signals, so that only the true one reaches the receiver.

Makers of smartphone chips may someday be able to embed something like a GPS firewall directly in devices’ sat nav receivers, but it will be a few more years before it happens. Some high-profile hijackings may unfortunately be necessary to create hype and thus market demand.

In the meantime, if at some point you find your sat nav app stubbornly insisting that you are at the airport when in fact you are stuck in traffic downtown, try the following life hack: Switch the device to “battery-saving location mode.” In this mode, satellite navigation is not used at all and geolocation is based on Wi-Fi networks and cellular base stations. The accuracy is poor, but it’s better than nothing. There is no such mode in iOS, unfortunately, but Android users can usually activate it by going to Settings → Security & Location → Location → Mode → Battery saving.

Battery saving location mode in Android 8