Imagine agreeing to meet a friend at a cafe you’ve never been to before. You are already 20min late, but you’re confident your GPS will get you there. Suddenly, however, your GPS shows that you are in a different country and it’s the year 2038. What just happened? Someone spoofed your GPS.
GPS spoofing is an attack whose main goal is to override a GPS-enabled device’s original location. To do so, the attacker uses a radio transmitter that broadcasts a fake GPS signal and interferes with GPS receivers nearby. As a result, those devices display fake GPS locations. Smartphone owners can spoof their GPS by downloading third-party apps, which fool other apps into thinking that the device isn’t at its original location.
The Global Navigation Satellite System (GNSS), which GPS (the Global Positioning System) is a part of, is also used to sync the date and time across devices around the world. Thus, if your device is spoofed, it might also suddenly show that you have traveled to the future or back in time.
GPS spoofing attacks used to be very expensive, mostly relegating them to use in warfare. Why? Because GPS spoofing can fake ships’, airplanes’ and vehicles’ locations to confuse the enemy. While it is still used for this purpose, location spoofing has since become accessible to ordinary hackers. All they need is a portable radio signal transmitter with open-source software, which can be bought for under $300.
The GPS finds your location by using satellites orbiting the Earth. They continuously transmit radio signals that your GPS-enabled device uses to triangulate your location.
The problem is that by the time these radio signals reach your device, they become fairly weak. This means that any transmitter with a stronger signal can cause a denial of service attack. It simply overpowers them and makes your device show whatever location it wants. Why is that a problem? Because any GPS device can be affected.
Anti-GPS spoofing technology is being developed, but it may not be available (or necessary) for the average user any time soon. However, if you run a business, there are a few more things you should do to protect yourself:
For more cybersecurity tips, subscribe to our free monthly newsletter below!