GPS Spoofing

Quite a few years ago, I was working with the GPS division of one of the big defence manufacturers. I asked them about spoofing and they told me it was very secret. When I left the office that evening, one of them told me to "enjoy Bucharest" - I started the car and found myself driving through the suburbs of that city ,��
 
elton said:
GPS jamming is fairly simple; spoofing is not so. In fact I'm highly sceptical, and I couldn't find any references to published research in that New Scientist article, or anything it linked to.
Click to expand...


I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.
 
grumpy_o_g said:
I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.
Click to expand...

Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.
 
grumpy_o_g said:
I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.
Click to expand...

Why would you need to spoof all 4? Looking at the maths, you only need to change 1.
 
st599 said:
Why would you need to spoof all 4? Looking at the maths, you only need to change 1.
Click to expand...

You need 3 spoofed satellites to generate a spoofed position.
1 spoofed satellite would need to have a very short delay from the true satellites or the indicated position would be nowhere near the earth's surface and probably moving at ludicrous speed. The receiver would therefore discard the spoofed satellite and make a fix with genuine ones.
 
lw395 said:
Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.
Click to expand...

I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.
 
maby said:
I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.
Click to expand...

Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.
 
JumbleDuck said:
Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.
Click to expand...

Twenty years ago, building a transmitter capable of generating a signal at over 1GHz was a bit of a dark art and that rather limited the hacker community - now you can pick up RF modules on eBay for a tenner that can be pressed into service.
 
There were presentations made at Defcon 2015 showing exactly how easy it was to do with off the shelf parts costing less than $500. A chinese hacker was selling kits for $300.
 
JumbleDuck said:
Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.
Click to expand...

These days, you can buy one off the shelf from Spectracom.
 
Polly's Kettle said:
James - I've never heard of calibrating your GPS before - how do you go about it?
Click to expand...

Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!
 
James Marinero said:
Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!
Click to expand...

Interesting, got me thinking, this a very educational thread.
 
Last edited:
A good tip, to register the chart to the GPS.. although in general, wouldn't the GPS be more likely to be spot-on than a paper chart?
 
You must log in or register to reply here.

Share this page

Top