Expanded and updated, July 2020
From ship navigation to financial transactions, we’re increasingly reliant on GPS (or other GNSS systems, such as Galileo, GLONASS or BDS BeiDou). Jamming and spoofing can therefore cause significant disruption and represent a public safety threat. Fortunately, spectrum monitoring allows detection and location of jammers and the possibility to pre-empt attacks with anti-jamming and anti-spoofing technologies.
GPS jamming is a relatively uncomplicated technique that simply involves producing an RF signal strong enough to drown out the transmissions from GPS satellites. The subject of a GPS jamming attack will be instantly aware that something is wrong, as the system will be unable to produce a geolocation result. GPS jamming can be carried out either unintentionally or deliberately, and its prevalence is increasing – during an L1 and L2 GPS band monitoring campaign over just a few weeks in London, we detected significant jamming activity. This ranged from crude unmodulated sources of interference poorly centered on the L1 or L2 band to synthesized sources suggesting deliberate targeting.
A common use of jammers in London is taxi and HGV drivers evading rules on maximum driving hours or trying to stop employers from tracking them. In other parts of the world, GPS jamming has been used for more sinister purposes. South Korea was subject to a major campaign of GPS jamming from North Korea in 2016, affecting ship and aircraft navigation. And with the advent of 5G systems moving into the frequencies used by GPS, interference is likely to become more and more widespread.
Whatever the target of a GPS jammer, the devices do not discriminate, so there is usually additional collateral damage. Air Traffic Control (ATC), search and rescue operations, the electric grid and mobile phone services are all vulnerable to GPS jamming fallout. The London Stock Exchange has been subject to repeated GPS outages, affecting timestamping of financial transactions. In 2007, a navy exercise on loss of GPS communications in San Diego harbor meant that residents of the city were unable to withdraw cash from ATMs and doctors’ emergency pagers stopped working – it took 3 days to identify the ships as the cause. As jamming activity from civilian users becomes more prevalent, we risk similar disruptions as well as more fatal incidents such as aircraft colliding over populated areas.
GPS spoofing is a more insidious form of attack, which involves deliberately mimicking the form of transmissions from GPS satellites, tricking the receiver into believing that it has been sent information as expected. GPS spoofing in its simplest form (sometimes called denial-of-service spoofing) involves location information being sent to the GPS receiver which is clearly false (it might, for instance, tell a ship out at sea that it is currently located on land). It is immediately clear to the user that they are being spoofed, but it nonetheless stops them using their GPS system for its intended purpose. In these circumstances, spoofing basically functions as a more targeted form of jamming, that only affects GPS systems, rather than flooding the entire RF environment with noise.
An even more subtle and complex form of GPS spoofing, deception spoofing, involves hijacking GPS systems by initially sending them correct location information (so the spoofing is not immediately obvious), and then very slowly changing the information being sent so as to, for instance, drag vessels off course into hostile waters, or disable a vessel on a sand bank.
So how does it work? GPS satellites send out a pseudo-random code, and receivers on the ground can tell from this code what time the signal was sent from each satellite. This allows them to determine how long the signal takes to reach them, and therefore how far from each satellite they are. The obvious way to determine if spoofing is taking place is to work out where the received signals are coming from. If it turns out to be sent from near to the receiver, rather than high in the atmosphere, we can be fairly certain the receiver is being spoofed. This is where CRFS’s systems come in. Using a network of at least four RFeye Nodes, a time difference of arrival (TDOA) calculation can be performed to find out where it originated. Not only does this allow the spoofing to be detected, but knowing the location of the spoofers can allow measures to be taken to shut it down at source.
Want to Know More?
If you’re being affected by GPS jamming or spoofing, and would like to discuss how CRFS systems can help, then get in touch with our technical team – we’d be more than happy to help.