Everything you need to know about GPS spoofing

What is GPS spoofing?

GPS spoofing is an attack whose main goal is to override a GPS-enabled device’s original location. To do so, the attacker uses a radio transmitter that broadcasts fake GPS signals and interferes with GPS receivers nearby. As a result, those devices display fake GPS locations. Smartphone owners can spoof their GPS by downloading third-party apps, which fool other apps into thinking that the device isn’t at its original location.

The Global Navigation Satellite System (GNSS), which GPS (the Global Positioning System) is a part of, is also used to sync the date and time across devices around the world. So, if your device is GPS-spoofed, it might also suddenly show that you have traveled to the future or back in time.

How a GPS spoofing attack works

GPS spoofing attacks used to be very expensive, mostly relegating them to use in warfare. Why? Because GPS spoofing can fake ships’, airplanes’ and vehicles’ locations to confuse the enemy. While it is still used for this purpose, location spoofing has since become accessible to ordinary hackers. All they need is a portable radio signal transmitter with open-source software, which can be bought for under $300.

The GPS finds your location by using satellites orbiting the Earth. They continuously transmit radio signals that your GPS-enabled device uses to triangulate your location.

The problem is that by the time these radio signals reach your device, they become fairly weak. This means that any transmitter with a stronger signal can cause a denial of service attack. It simply overpowers them and makes your device show whatever location it wants. Why is that a problem? Because any GPS device can be affected.

What is GPS spoofing used for?

• Warfare. GPS spoofing can change the perceived location of ships, planes, and other vehicles. For example, a hacker could make a fake aircraft appear on an airplane’s GPS so that a pilot would think there’s another aircraft approaching them when there isn’t.
• Taxi trips. Taxi drivers can use GPS spoofing to fake their location to earn more money or standing (even though the trip wasn’t completed), or it could be used to disguise their location for criminal activities. This can be a huge security risk for passengers.
• Construction disruption. GPS navigators are used to control some construction machinery. Just imagine the fatal effect a ton of bricks would have if it was dumped in the wrong place – all as a result of a GPS spoof attack.
• Geofencing. GPS systems are used to track delivery drivers and deliveries. Long-distance truck drivers usually have GPS-powered geofencing systems that lock the truck until it reaches its destination. Malicious actors can GPS-spoof the truck’s location to steal its cargo.
• Apps. Some apps can help you spoof your smartphone’s location. This might be convenient if you play games like Pokemon Go (which has some privacy issues). However, these GPS location spoofers will make all your apps think that you are somewhere else. You might not want to use them if you need reliable directions.

Is it illegal to spoof your location?

Spoofing somebody’s device and changing its location without the owner’s consent is illegal. A fake GPS location can disrupt public services, and law enforcement would take this type of offense seriously. If you’re not planning a GPS spoofing attack or illegal activities and only want to change your actual location, nobody will raise an eyebrow.

Fake GPS signals might be caught by accident, so you can do harm without even knowing about it.

How can I protect myself from GPS spoofing?

Anti-GPS spoofing technology is being developed, but it may not be available (or necessary) for the average user any time soon. However, if you run a business, there are a few more things you should do to protect yourself against a GPS spoof attack:

• Have a backup system ready if you see a sudden change in GPS coordinates and time. For example, rubidium or cesium clocks can be used as backup timing systems until the original connection is restored.
• If you need to track drivers, deliveries, planes or ships from an office building, you may want to obscure your building’s antennas. Fake transmissions will usually come from closer than a satellite signal would. It would also come from the ground up. Obscuring your antennas will protect your building from receiving fake signals.
• If you run an app or a business that uses GPS data, you could use machine learning and other analytics to cross-check anything suspicious. You also need to guarantee that employees can securely access apps without compromising the whole infrastructure.

• A VPN hides your IP address, so hackers can’t track your location or see what you do online. NordVPN has more than 5,200 servers in 60 countries, allowing you to jump between servers with one click.

  While a VPN won’t protect you from GPS spoofing attacks, it’s a useful tool to enhance your privacy and security. Your IP address can reveal your whereabouts and internet activities, but, with NordVPN enabled, wrongdoers won’t be able to access this information. Download the mobile apps for Android or iOS, take your personal data into your own hands, and hide your location.

Want to learn more about cybersecurity? Our newsletter will keep you up to date with the latest.