Expanded and updated, July 2020
From ship navigation to financial transactions, we’re increasingly reliant on GPS (or other GNSS systems, such as Galileo, GLONASS or BDS BeiDou). Jamming and spoofing can therefore cause significant disruption and represent a public safety threat. Fortunately, spectrum monitoring allows detection and location of jammers and the possibility to pre-empt attacks with anti-jamming and anti-spoofing technologies.
Can GPS be jammed? Yes, and without much difficulty. GPS jamming is a relatively uncomplicated technique that simply involves producing an RF signal strong enough to drown out the transmissions from GPS satellites. The subject of a GPS jamming attack will be instantly aware that something is wrong, as the system will be unable to produce a geolocation result. GPS jamming can be carried out either unintentionally or deliberately, and its prevalence is increasing – during an L1 and L2 GPS band monitoring campaign over just a few weeks in London, we detected significant jamming activity. This ranged from crude unmodulated sources of interference poorly centered on the L1 or L2 band to synthesized sources suggesting deliberate targeting.
Whatever the target of a GPS jammer, the devices do not discriminate, so there is usually additional collateral damage. Air Traffic Control (ATC), search and rescue operations, the electric grid and mobile phone services are all vulnerable to GPS jamming fallout. The London Stock Exchange has been subject to repeated GPS outages, affecting timestamping of financial transactions. In 2007, a navy exercise on loss of GPS communications in San Diego harbor meant that residents of the city were unable to withdraw cash from ATMs and doctors’ emergency pagers stopped working – it took 3 days to identify the ships as the cause. As jamming activity from civilian users becomes more prevalent, we risk similar disruptions as well as more fatal incidents such as aircraft colliding over populated areas.
Spectrum monitoring, as implemented in our London campaign, enables GPS jammers to be detected and located by mobile direction finding systems. Analysis of frequency spectra to determine duration of interference and signal type can also be used as an indication of whether the interference is accidental or deliberate. Those involved in unintentional jamming can then be warned and malicious attackers can be prosecuted. This results in quick resolution of disruption and danger caused by GPS jamming and acts as a preventative deterrent.
CRFS’s RFeye receivers have exceptional noise performance allowing detection and location over larger areas. Automation features minimize human intervention and allow triggering of alarms on detection of jamming activity. Our GPS holdover module also ensures accurate timing synchronization between receivers even if jamming activity (or poor reception) means GPS signal is lost. High-performance receiver boards can also be integrated into 3rd party anti-jamming and anti-spoofing systems for critical applications requiring a proactive approach. Anti-jamming and anti-spoofing systems can distinguish true GPS signals from jammers and spoofers, enabling GPS location and timing services to continue even while under attack.
CRFS recommends that law enforcement implement a wider strategy of spectrum monitoring to combat the rise in GPS jamming activity. Any organisation highly dependent on GPS services, whether a stock exchange or Air Traffic Control, is also advised to operate a dedicated counter-jamming system to ensure continuous protection of critical infrastructure.
GPS spoofing is a more insidious form of attack, which involves deliberately mimicking the form of transmissions from GPS satellites, tricking the receiver into believing that it has been sent information as expected. GPS spoofing in its simplest form (sometimes called denial-of-service spoofing) involves location information being sent to the GPS receiver which is clearly false (it might, for instance, tell a ship out at sea that it is currently located on land). It is immediately clear to the user that they are being spoofed, but it nonetheless stops them using their GPS system for its intended purpose. In these circumstances, spoofing basically functions as a more targeted form of jamming, that only affects GPS systems, rather than flooding the entire RF environment with noise.
An even more subtle and complex form of GPS spoofing, deception spoofing, involves hijacking GPS systems by initially sending them correct location information (so the spoofing is not immediately obvious), and then very slowly changing the information being sent so as to, for instance, drag vessels off course into hostile waters, or disable a vessel on a sand bank.
So how does it work? GPS satellites send out a pseudo-random code, and receivers on the ground can tell from this code what time the signal was sent from each satellite. This allows them to determine how long the signal takes to reach them, and therefore how far from each satellite they are. The obvious way to determine if spoofing is taking place is to work out where the received signals are coming from. If it turns out to be sent from near to the receiver, rather than high in the atmosphere, we can be fairly certain the receiver is being spoofed. This is where CRFS’s systems come in. Using a network of at least four RFeye Nodes, a time difference of arrival (TDOA) calculation can be performed to find out where it originated. Not only does this allow the spoofing to be detected, but knowing the location of the spoofers can allow measures to be taken to shut it down at source.
If you’re being affected by GPS jamming or spoofing, and would like to discuss how CRFS systems can help, then get in touch with our technical team – we’d be more than happy to help.