Imagine agreeing to meet a friend at a café you’ve never been to before. You are already 20min late, but you’re confident your GPS will get you there. Suddenly, however, your GPS shows that you are in a different country and it’s the year 2038. What just happened? Someone spoofed your GPS.
GPS spoofing is an attack whose main goal is to override a GPS-enabled device’s original location. To do so, the attacker uses a radio transmitter that broadcasts fake GPS signals and interferes with GPS receivers nearby. As a result, those devices display fake GPS locations. Smartphone owners can spoof their GPS by downloading third-party apps, which fool other apps into thinking that the device isn’t at its original location.
The Global Navigation Satellite System (GNSS), which GPS (the Global Positioning System) is a part of, is also used to sync the date and time across devices around the world. So, if your device is GPS-spoofed, it might also suddenly show that you have traveled to the future or back in time.
GPS spoofing attacks used to be very expensive, mostly relegating them to use in warfare. Why? Because GPS spoofing can fake ships’, airplanes’ and vehicles’ locations to confuse the enemy. While it is still used for this purpose, location spoofing has since become accessible to ordinary hackers. All they need is a portable radio signal transmitter with open-source software, which can be bought for under $300.
The GPS finds your location by using satellites orbiting the Earth. They continuously transmit radio signals that your GPS-enabled device uses to triangulate your location.
The problem is that by the time these radio signals reach your device, they become fairly weak. This means that any transmitter with a stronger signal can cause a denial of service attack. It simply overpowers them and makes your device show whatever location it wants. Why is that a problem? Because any GPS device can be affected.
Spoofing somebody’s device and changing its location without the owner’s consent is illegal. A fake GPS location can disrupt public services, and law enforcement would take this type of offense seriously. If you’re not planning a GPS spoofing attack or illegal activities and only want to change your actual location, nobody will raise an eyebrow.
Fake GPS signals might be caught by accident, so you can do harm without even knowing about it.
Anti-GPS spoofing technology is being developed, but it may not be available (or necessary) for the average user any time soon. However, if you run a business, there are a few more things you should do to protect yourself against a GPS spoof attack:
A VPN hides your IP address, so hackers can’t track your location or see what you do online. NordVPN has more than 5,200 servers in 60 countries, allowing you to jump between servers with one click.
While a VPN won’t protect you from GPS spoofing attacks, it’s a useful tool to enhance your privacy and security. Your IP address can reveal your whereabouts and internet activities, but, with NordVPN enabled, wrongdoers won’t be able to access this information. Download the mobile apps for Android or iOS, take your personal data into your own hands, and hide your location.
Want to learn more about cybersecurity? Our newsletter will keep you up to date with the latest.