Everything you need to know about GPS spoofing

GPS spoofing is an attack aimed at overriding a GPS-enabled device’s original location. To do so, the attacker uses a radio transmitter that broadcasts fake GPS signals and interferes with GPS receivers nearby. As a result, those devices display fake GPS locations. If they wish, smartphone owners can spoof their own GPS by downloading third-party apps, which fool other apps into thinking that the device isn’t at its original location.

The Global Navigation Satellite System (GNSS), which GPS (the Global Positioning System) is a part of, is also used to sync the date and time across devices around the world. So if your device is GPS spoofed, it might also suddenly show that you have traveled to the future or back in time.

GPS spoofing attacks used to be very expensive, which mostly relegated their use to warfare. Why? Because GPS spoofing can fake ships’, airplanes’, and vehicles’ locations to confuse the enemy. While it is still used for this purpose, location spoofing has since become accessible to ordinary hackers. All they need is a portable radio signal transmitter with open-source software, which can be bought for under $300.

The GPS finds your location by using satellites orbiting the Earth. These GPS satellites continuously transmit radio signals that your GPS-enabled device uses to triangulate your location.

The problem is that by the time these radio signals reach your device, they become fairly weak. This means that any transmitter with a stronger signal can cause a denial of service attack. The transmitter simply overpowers the signals and makes your device show whatever location it wants. Why is that a problem? Because any GPS device can be affected.

A GPS spoofing app falsifies the actual geographical location of your device. If you want to avoid GPS tracking — or broaden your dating pool — you might consider changing the actual geographical location displayed by your device. GPS spoofing works on iOS as well as on Android devices. However, these GPS location spoofers will make all your other apps think that you are somewhere else. You might not want to use them if you need reliable directions.

If you do not want to risk downloading a GPS spoofing app but still want more privacy and to expand your search results, you can change your location on Google Chrome.

• Warfare. GPS spoofing can change the perceived location of ships, planes, and other vehicles. For example, a hacker could make a fake aircraft appear on an airplane’s GPS so that a pilot would think there’s another aircraft approaching them when there isn’t.
• Taxi trips. Taxi drivers can use GPS spoofing to fake their location to earn more money for standing (even though the trip wasn’t completed), or it could be used to disguise their location for criminal activities. This can be a huge security risk for passengers.
• Construction disruption. GPS navigators are used to control some construction machinery. Just imagine the fatal effect a ton of bricks would have if it was dumped in the wrong place – all as a result of a GPS spoof attack.
• Geofencing. GPS systems are used to track delivery drivers and deliveries. Long-distance truck drivers usually have GPS-powered geofencing systems that lock the truck until it reaches its destination. Malicious actors can GPS-spoof the truck’s location to steal its cargo.
• Gaming. Spoofing your smartphone’s location might be convenient if you play games like Pokémon Go (but be aware of the risks that come with Pokémon Go), where a certain GPS location can give you an advantage.
• Choosing a different location on dating apps. If you live in a little town with a small pool of potential matches, you may want to use a GPS spoofing app to fake your GPS location so that the dating app shows you people from a different area, not just your local community.

You might have heard the term “spoofing” in other contexts as well. Aside from GPS spoofing, these are the other common types of spoofing:

• URL spoofing. It is the process of creating fake URLs that pose as a different website. A spoofed URL looks like a legitimate source, but it is used for stealing your data.
• IP spoofing. It is a hacking technique when a packet’s original IP address is changed to a fake one. IP spoofing allows cybercriminals to carry out malicious activities and avoid detection.
• DNS spoofing. It is a cyberattack that directs internet users to fake or malicious websites. DNS spoofing is carried out by replacing real IP addresses with different ones.

Spoofing somebody’s device and changing its location without the owner’s consent is illegal. A fake GPS location can disrupt public services, and law enforcement takes this type of offense seriously. If you’re not planning a GPS spoofing attack or illegal activity and only want to change your own location, nobody will raise an eyebrow. However, fake GPS signals may be caught by accident, so you can do harm without even knowing about it.

Bear in mind that not everyone is eager for you to change your location. Advertisers love knowing and using your physical location to their advantage — this is called geotargeting. It is a form of advertising that sends smartphone users targeted content and advertisements based on their geographical location. It is typically done by apps that you have granted access to your GPS location, like food delivery apps. However, multiple websites use trackers to find out information about you, including your location, without asking for your consent in advance. We advise using a tracker blocker to avoid this type of snooping.

Anti-GPS spoofing technology is being developed, but it may not be available (or necessary) for the average user any time soon. However, if you run a business, there are a few things you should do to protect yourself against a GPS spoof attack:

• Have a backup system ready if you see a sudden change in GPS coordinates and time. For example, rubidium or cesium clocks can be used as backup timing systems until the original connection is restored.
• If you need to track drivers, deliveries, planes, or ships from an office building, you may want to obscure your building’s antennas. Fake transmissions will usually come from closer than a satellite signal would. They will also come from the ground up. Obscuring your antennas will protect your building from receiving fake signals.
• If you run an app or a business that uses GPS data, you could use machine learning and other analytics to cross-check suspicious data. You also need to guarantee that employees can securely access apps without compromising the whole infrastructure.
• A VPN hides your actual IP address, so hackers can’t track your virtual location or see what you do online. NordVPN has more than 5,500 servers in 60 countries, allowing you to jump between servers with one click. While a VPN won’t protect you from GPS spoofing attacks, it’s a useful tool to enhance your privacy and security. Your IP address can reveal your whereabouts and internet activity, but with NordVPN enabled, wrongdoers won’t be able to access this information, because you can change your IP and location with a VPN. Download the mobile apps for Android or iOS, take your personal data into your own hands, and hide your virtual location.

Want to learn more about cybersecurity? Our newsletter will keep you up to date with the latest.