GPS/GNSS Spoofing

Manufacturers of GPS spoofing technology and GNSS drone spoofers for defense and military CUAS applications
Overview GPS/GNSS Spoofing
By Dr Thomas Withington Last updated: January 5th, 2024

Position, Navigation and Timing (PNT) signals transmitted by Global Navigation Satellite Systems (GNSSs) can be jammed using GNSS jamming techniques.

GNSS jamming uses a signal more powerful than the PNT transmission the GNSS system receives from space. This is possible as the strength of a PNT signal is very weak when it reaches Earth. As a result, the stronger jamming signal drowns out the weak PNT transmission. Unable to ‘hear’ the PNT signal above the jamming, the GNSS receiver will struggle to provide reliable position, navigation and timing information.

GNSS spoofing is another tactic which can disrupt and degrade a GNSS receiver’s performance. Spoofing is a subtler approach which feeds the GNSS receiver with false PNT information.

Jamming Avoidance

When GNSS jamming is being performed, the attack essentially transmits electromagnetic noise into the GNSS receiver. The drawback of this tactic is that the GNSS system may be designed to recognise when it is being jammed by recognising this noise. Once the receiver determines it is being jammed it may take remedial measures to avoid this. These measures could include switching to an alternative like an Inertial Navigation System (INS). INSs use internal clocks and gyroscopes to determine movement. An INS does not depend on external Radio Frequency (RF) signals unlike a GNSS receiver.

Alternatives like LORAN (Long Range Navigation) can be employed. LORAN is an RF-based system that has gradually fallen out of use since the Second World War as GNSS popularity has grown. Like GNSS, LORAN uses radio signals, but their low frequencies of 100 kilohertz can be difficult to jam.

Finally, the GNSS receiver itself may use Electronic Counter-Countermeasures (ECCM) techniques to mitigate or avoid jamming. ECCM techniques include the GNSS receiver recognising the direction from where the jamming is coming. The receiver then blocks the reception of all signals coming from that direction. Even when taking these steps, the GNSS receiver may still receive PNT signals from a different direction. Similarly, the GNSS receiver may recognise the high-power levels of the jamming signal. As these signals do not retain similar characteristics to ‘true’ PNT transmissions they are ignored and the jamming blocked.

Spoofing

The advent of GNSS ECCM techniques has forced the Electronic Warfare (EW) community to rethink its approach to attacking PNT signals. Techniques have been sought from other EW tactics like the use of Digital Radio Frequency Memories (DRFMs).

DRFMs perform subtle forms of jamming which may not be immediately obvious to radars. A digital radio frequency memory may form part of a combat aircraft’s defensive aids subsystem. The DRFM will sample the incoming radar signal, modify it and transmit that signal back to the radar. The modified signal looks like a normal radar echo produced when an outgoing radar signal collides with a target. However, the DRFM signal’s discreet modification will start to feed false information into the radar. Echoes of the outgoing radar pulses may have been modified by the DRFM to show the target going at a different speed compared to its actual velocity. Likewise, the echoes may be manipulated to cause the radar to determine that several targets are airborne rather than one. The goal is to confuse the radar, and hence the radar operator frustrating their ability to identify and track a target.

GNSS spoofing works in a similar fashion. An electronic countermeasure employing this technique will transmit a PNT signal which appears genuine. It may have similar levels of incoming PNT signal amplification to those the GNSS receiver would expect. The content of the PNT signal will be manipulated in some way to feed the GNSS receiver with false information. This could include false PNT signals having incorrect or misleading timing information. As all navigation depends on timing this could result in the GNSS receiver giving the user false information with potentially disastrous consequences.

The subtlety of GNSS spoofing can also make it harder to recognise and hence protect against. It is noteworthy that, along with GNSS jamming, GNSS spoofing is seen in ongoing areas of conflict like Ukraine and the eastern Mediterranean. Employing GNSS jamming and spoofing tactics shows the extent these will be combined to cause maximum disruption.