GNSS Spoofing: Navigating the Growing Threat

Jul 25, 2025

If you follow the positioning, navigation and timing (PNT) space, you’ve likely seen recent headlines about the growing risk of signal spoofing targeting GPS and other global navigation satellite system (GNSS) technologies. But while the headlines may be new, the risk is not. The basic idea of spoofing—tricking receivers into reporting incorrect information—has been around for decades. But two recent developments have transformed GNSS spoofing from a theoretical risk to a growing problem for commercial aviation, logistics, and every other sector that depends on accurate PNT data.

The first change is simply the explosion of devices and use cases that now incorporate GNSS data, from emergency services to precision agriculture to consumer ride-sharing apps. But the bigger change has been to spoofing technology itself. Historically, GNSS spoofing required considerable RF expertise, expensive hardware, and advanced technical skills—effectively limiting such attacks to state-sponsored actors. Indeed, prior to 2015, documented spoofing events outside academic research or large-scale electronic warfare were practically unheard of. Today? Anyone with a couple of hundred dollars and an internet connection can buy a cheap software-defined radio (SDR), download some open-source software, and start spoofing GNSS signals. Additionally, these attacks don’t just affect their targets; they can disable or disrupt all nearby unprotected receivers. When used within large-scale electronic warfare, they can affect devices for miles around zones of conflict.

For teams developing or integrating GPS receivers, especially for safety-critical or liability-critical applications, the era of widespread GNSS spoofing has officially arrived. If you haven’t started accounting for it in product design and testing, it’s time to get started.

Inside GNSS Spoofing

Over-the-air (OTA) GNSS spoofing attacks can come in multiple forms depending on the specific receiver operations attackers are targeting, as well as their equipment and knowledge. Methods include:

  • Meaconing: These attacks capture authentic GNSS signals and retransmit them to targets. If successful, the target receiver reports the position derived from the re-transmitted data instead of the true position.
  • Code and carrier manipulation: This type of attack proceeds in two phases. First, an RF signal generator replicates legitimate GNSS signals with the goal of aligning the replicated signals with authentic ones being transmitted to the target receiver. Next, the attacker increases power so that the replicated signals overpower the legitimate ones. Once the receiver is tricked into locking into the replica signals, the attacker can manipulate the signals so that the receiver reports a false position.
  • Navigation Data Attacks: These work similarly to code/carrier attacks but manipulate the navigation message itself. Here, the goal is to cause a denial-of-service by provoking gross errors in the target receiver, such as by broadcasting hacked ephemeris information or false clock correction messages. These attacks require more detailed knowledge of the target receiver and its software configuration. But if successful, the receiver will require a hard reset, even after leaving an area with spoofed signals.
  • Multi-method attacks: Other attacks may combine multiple spoofing techniques, along with sophisticated technology like antenna arrays, high-powered transmitters, and even low Earth orbit (LEO) satellites. For example, such attacks might start by jamming target GNSS receivers with high-powered interference, with the goal of forcing them into signal re-acquisition mode, where they will be especially vulnerable to locking onto false signals. (Given the complexity and costs of multi-method attacks, these are still typically seen only in the context of state-sponsored electronic warfare.)

These OTA RF spoofing attacks can target receivers at various stages in the process of computing a position, velocity, and time (PVT) solution. These include the initial stage, where the receiver identifies satellites in view and estimates the ranging signal parameters, through signal tracking, fine synchronization, and signal acquisition. Attacks can also vary depending on the initial state of the receiver and the reliable time and positioning data available when it begins acquisition. (Note: the examples above and throughout this article focus on OTA RF spoofing. However, those developing GNSS receivers must also protect against other types of spoofing attacks outside the scope of this discussion, such as man-in-the-middle [MITM] attacks. These work more like traditional hacking, where an attacker gains access to the device electronically to manipulate the data output by the receiver.)

Mitigating the Threat

GNSS receivers designed for authorized government and defense applications can defend against spoofing by using encrypted signals such as the GPS P(Y) code or Galileo’s Public Regulated Service (PRS). For the large and growing range of commercial applications that rely on GNSS data, however, alternate approaches are needed. Today, GNSS system developers and integrators are applying strategies in three basic areas, based on the PTA framework championed by Professor Bradford Parkinson:

  • Protect: The first line of defense for many applications is to adopt new procedures to safeguard users and equipment from the effects of spoofing attacks. These solutions don’t eliminate spoofing, but they help ensure that users won’t rely solely on a receiver’s output or assume it’s always correct. For example, commercial aircraft crews can now use GNSS spoofing alerting services that inform them when they’re approaching areas with known spoofing activity.
  • Toughen: System developers are also exploring new approaches to harden their PNT against spoofing attacks, such as powerful antenna systems that identify and isolate spoofed signals. Other options include the use of new authenticated civil GNSS signals such as Galileo OSNMA.
  • Augment:  For safety- and liability-critical applications that demand reliable, highly accurate PNT data, adding another source of PNT data can be hugely powerful. GNSS has inherent advantages, so it forms the basis of most multi-sensor systems, but having extra sources of data means you don’t need to prevent spoofing attacks; you just need to have your system configured to cope with them by using unaffected sensors at the right time. System developers can add complementary technologies such as inertial sensors, cellular or Wi-Fi positioning, or holdover clocks for timing applications. By cross-validating reported GNSS data against secondary references, systems can identify anomalies that indicate potential spoofing. Note: Configuring systems to use the appropriate sensors under different conditions requires significant testing of attacks and corner cases. Implemented effectively, these techniques should improve the system’s ability to recover from attacks or to continue to function while under attack.

Regardless of which specific mitigations developers and integrators pursue, rigorous testing and validation is essential. That starts with the ability to simulate realistic spoofing scenarios so that testers can accurately evaluate systems and validate that spoofing defenses function as intended. There isn’t a silver bullet answer to spoofing – understanding how your systems will perform under attack is paramount.

Looking Ahead

Over the past decade-plus, GNSS receivers have been incorporated into countless devices serving hundreds of diverse consumer and enterprise use cases. In the next 10 years, the use of GNSS and the need for highly reliable and accurate PNT data will only grow. Unfortunately, so will the threat of GNSS spoofing. By starting to develop and implement new mitigation techniques now, backed by sophisticated testing and emulation, developers and integrators can protect their customers against this evolving threat.

Contributed by

Spirent Communications

Country: United Kingdom
View Profile