GPS Spoofing

maby

Well-known member
Joined
12 Jun 2009
Messages
12,783
Visit site
Quite a few years ago, I was working with the GPS division of one of the big defence manufacturers. I asked them about spoofing and they told me it was very secret. When I left the office that evening, one of them told me to "enjoy Bucharest" - I started the car and found myself driving through the suburbs of that city ,��
 

grumpy_o_g

Well-known member
Joined
9 Jan 2005
Messages
18,983
Location
South Coast
Visit site
GPS jamming is fairly simple; spoofing is not so. In fact I'm highly sceptical, and I couldn't find any references to published research in that New Scientist article, or anything it linked to.


I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.
 

Kerenza

Member
Joined
19 Sep 2011
Messages
416
Location
Newport
www.24bit.ltd.uk

lw395

Well-known member
Joined
16 May 2007
Messages
41,951
Visit site
I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.
 

st599

Well-known member
Joined
9 Jan 2006
Messages
7,537
Visit site
I agree, I'm sceptical about spoofing. Apart from anything else it would need to simulate a few satellites surely? Most of the GPS's I know want 3 or 4 satellites locked before they'll play ball if I remember rightly. Not saying it can't be done but it would be very tricky indeed.

Why would you need to spoof all 4? Looking at the maths, you only need to change 1.
 

lw395

Well-known member
Joined
16 May 2007
Messages
41,951
Visit site
Why would you need to spoof all 4? Looking at the maths, you only need to change 1.

You need 3 spoofed satellites to generate a spoofed position.
1 spoofed satellite would need to have a very short delay from the true satellites or the indicated position would be nowhere near the earth's surface and probably moving at ludicrous speed. The receiver would therefore discard the spoofed satellite and make a fix with genuine ones.
 

maby

Well-known member
Joined
12 Jun 2009
Messages
12,783
Visit site
Spoofing a civilian GPS receiver to a fixed location is technically not very hard. You simply need to receive the signals from a handful of satellites at that location and re-broadcast them elsewhere at a high enough power to over-ride the true signals.
Generating the signals from scratch is not going to be beyond the means of the Russians who have developed their own system.

It's not something an amateur could knock up in a few evenings, but the principle is not hard.

I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.
 

JumbleDuck

Well-known member
Joined
8 Aug 2013
Messages
24,167
Location
SW Scotland
Visit site
I agree - the signalling protocol is published and the data rate is pretty low. Timing is critical, but most of the difficulty with timing in the real system is keeping multiple clocks on satellites many thousands of miles apart synchronised. If you are spoofing from a single transmitter, you will have a single master clock and derive all the signal streams from it.

Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.
 

maby

Well-known member
Joined
12 Jun 2009
Messages
12,783
Visit site
Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.

Twenty years ago, building a transmitter capable of generating a signal at over 1GHz was a bit of a dark art and that rather limited the hacker community - now you can pick up RF modules on eBay for a tenner that can be pressed into service.
 

dolabriform

Well-known member
Joined
12 Sep 2016
Messages
1,818
Location
Kent
freewheeling.world
There were presentations made at Defcon 2015 showing exactly how easy it was to do with off the shelf parts costing less than $500. A chinese hacker was selling kits for $300.
 

lw395

Well-known member
Joined
16 May 2007
Messages
41,951
Visit site
Year ago - twenty years? - gliding moved over to GPS loggers for badge and record attempts. Within months of the changeover, students somewhere had a proof-of-concept system running which let you out any track you liked into a GPS logger by spoofing the signal. Of course that was for a device about the size of a Garmin eTrex. Doing it to the Queen Victoria would be a tad more difficult.

These days, you can buy one off the shelf from Spectracom.
 
Joined
1 Mar 2011
Messages
241
Location
Lymington/New Zealand
www.jamesmarinero.com
James - I've never heard of calibrating your GPS before - how do you go about it?

Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!
 

Prasutigus

New member
Joined
14 Aug 2017
Messages
555
Visit site
Maybe calibrate is the wrong word. When approaching an unknown coast I set an offshore waypoint over a prominent sea bottom feature (that has enough safe water)! When the GPS tells me I'm over it - or about to cross the feature, I watch the depth sounder (or take a some compass bearings if shore is in sight). Then I know what the GPS offset is (ie charted position error). Just an extra check!

Interesting, got me thinking, this a very educational thread.
 
Last edited:

Prasutigus

New member
Joined
14 Aug 2017
Messages
555
Visit site
A good tip, to register the chart to the GPS.. although in general, wouldn't the GPS be more likely to be spot-on than a paper chart?
 
Top