Spoofing shutterstock 1

The real threat of fake GPS to business and consumers

Spoofing attacks pose a fundamental challenge to the future of connected devices. With growing recognition over such security threats to the GNSS industry, there is a key opportunity for lawmakers to insist on the creation of spoofer resilient spoofer devices.

We spoke to one of our Senior GNSS Engineers, Ross van der Merwe, who is about to finish his doctorate on GNSS spatial spoofing detection. In this article he offers insight about the growing threat of spoofing to consumers, industry and government.

The real threat of fake GPS signals to businesses and consumers

Spoofing is used by criminal networks, malevolent actors, and fraudsters to broadcast fake satellite signals that confuse GNSS receivers such as those found in mobile phones, automobiles, airplanes, or ships. It can be used to redirect vehicles, disrupt law enforcement and affect security systems that use location for validation - including payments and banking.

The impacts of spoofing on everyday life have started to come to the fore in recent years. For example, in March 2022, the European Union Aviation Safety Agency issued an alert warning about satellite navigation systems being jammed or spoofed around Ukraine and in nearby regions. In a further example from 2020, the New Yorker reported that interference from GPS jammers on the New Jersey Turnpike, being used by truck drivers to thwart their bosses’ fleet tracking system, had caused significant disruption to the GPS-based landing system at the nearby Newark Liberty International Airport, putting aircraft, passengers and crew at risk.

In the past, spoofing attacks required high effort and knowledge but can today be conducted using relatively cheap software-defined radios (SDRs) and open-source software. Spoofing poses a critical threat to any business and indeed consumers, particularly as the criminals become more sophisticated and the cost of spoofing technology comes down.

Is this a new threat or are we just starting to understand the impact of cyber security within the GNSS space?

Whilst this topic is increasingly coming to light, it has been a topic discussed in the Defence and Security domains for decades. The famous real-life spoofing demonstration by the University of Texas in 2013 was the tipping point that showed that spoofing has transitioned from high-tech laboratory setups to practical field attacks.

The next big event was the release of Pokémon Go! in 2016 that resulted in many lazy Pokémon trainers spoofing their mobile phones from the comfort of their home.

In our modern world where so much relies on GNSS - from banking to synchronizing power grids - it is clear that there is a high risk from spoofing and significant proof that it is relatively simple to do. Security experts have recognised this problem early on and several countermeasures are already in place, for example, the Galileo Open Service Navigation Message Authentication (OSNMA) can detect false satellite messages and was made available in December 2022. However, there is still much more that can be done to really ensure resilient navigation.

What are the most effective ways being used to mitigate this increasing threat?

Mitigation is possible, but this usually results in impacting the size, weight, power, and of course cost (these are known as SWAPC) of systems. A popular and effective approach is to use sensor fusion to compare the GNSS position with other positioning technologies such as inertial navigation (e.g., using the accelerometer in a smartphone), WiFi-fingerprinting (e.g., matching the local Wifi networks to a database), or 5G-positioning (positioning relative to 5G base station).

Given this needs quite a bit of extra equipment, it is not easily available for low power devices such as wearables. Using authentication approaches, such as the Galileo OSNMA or GPS Chimera provides a spoofer detection method, but they don't offer mitigation capabilities. It is better to be able to detect and overcome a spoofing attack, than it is to just know you are currently being spoofed.

Spoofing attacks usually have few transmitting antennas, which makes spatial methods to check where the signals come from great for detection and mitigation. It is usually done with an array of receiver antennas that tends to be large and too bulky for most applications. This is where FocalPoint’s Supercorrelation™ technology is really able to differentiate - it uses the GNSS receiver’s movement to create a virtual antenna array, from which it can achieve direction finding and spoofing mitigation. It brings spatial mitigation methods to the simplest of GNSS receivers, making it truly low cost but with all the power of more expensive approaches. As a chipset-level software, it can be implemented directly in a whole range of consumer devices including smartphones, wearables and automotive navigation systems, mitigating the threat of spoofing attacks at the earliest opportunity.

A future with resilient navigation

Spoofing poses a real threat to GNSS - not only to businesses and government, but also consumers who rely on location accuracy and integrity. With the future of autonomous driving dependent on a solution, there is a need to ensure anti-spoofing approaches are not only cost-effective but are also low power solutions. We are starting to see some practical methods making an impact in industry which will go a long way to ensuring the future of resilient navigation - with our Supercorrelation™ technology providing a much needed solution.