GPS is vulnerable to spoofing attacks. Here’s how we can defend these important navigation signals


Just hours before U.S. president Barack Obama delivered his final State of the Union speech in January, two U.S. Navy patrol boats wandered into Iranian waters. The Iranian military intercepted the vessels and captured 10 U.S. sailors, making for an awkward moment as the president took the stage.


The seamen were released the next day, but no military official seemed able to explain why the boats had strayed from their intended path. Defense Secretary Ashton B. Carter simply said the highly trained crew had “misnavigated.” An investigation is still under way.

Without a clear explanation, the incident prompted speculation that Iran had sent false GPS signals to lure the sailors onto another course. It would not have been easy for the Iranians to hijack the GPS system—military GPS signals are heavily encrypted—but the idea wasn’t inconceivable. In 2011, Iran boasted that it had captured a highly classified drone belonging to the CIA by fooling its GPS to make it land in Iran rather than Afghanistan.

Three years before the drone’s capture, one of us (Humphreys) had developed the only publicly acknowledged GPS spoofer that could perform such a feat.

llustration: Brian Stauffer


A spoofer transmits false GPS signals, which to a navigation system are indistinguishable from real ones. Meanwhile, the other of us (Psiaki) was hard at work on detectors to catch spoofers in the act.

Prodded by the Iranians, the U.S. Department of Homeland Security decided to investigate spoofing soon after the drone incident. The agency invited Humphreys’s group at the University of Texas at Austin to attack a helicopter drone at White Sands Missile Range, N.M., in June 2012. The team’s mission was to force the hovering aircraft to land by sending false positional data to its GPS. The spoofer told the drone it was climbing, causing it to automatically adjust—and nearly crash into the sand.

An operator averted disaster by manually overriding the spoofed autopilot before impact. Still, the White Sands drone hack made national news and rattled lawmakers. Soon after, Humphreys appeared before a U.S. congressional committee concerned with drone safety.

Since then, GPS spoofing has continued to pose a dangerous but poorly understood threat to the trustworthiness of critical navigation systems. To prevent spoofing, we need to understand how antagonists can corrupt GPS signals in the first place. With that knowledge, we must act quickly to develop ways to alert GPS users to these false signals.

The drone demonstration starkly indicated GPS’s vulnerabilities, but we believe that other targets are far more worrisome. Cellphone towers, stock exchanges, and the power grid all rely at least partly on GPS for precise timing. A well-coordinated spoof could interrupt communications, confuse automated financial traders, and inflict crippling power outages. In a worst-case scenario, a spoofer’s operator could overtake airplanes or ships to induce a crash, facilitate a heist, or even kidnap a VIP.

Those and other scenarios concerned Andrew Schofield as he listened to Humphreys present the details of his White Sands drone test at the South by Southwest Interactive conference in 2013. Schofield approached Humphreys after the talk and presented his card, on which his title read “Master of the White Rose of Drachs.” Then he asked, “How would you like to go after bigger prey?”

The White Rose is a 65-meter (213-foot) superyacht that relies on GPS to safely navigate the high seas. The US $80 million vessel, which boasts paintings by old masters and marble-and-gold bathrooms, belongs to a U.K. real estate tycoon. Schofield, the ship’s captain, was offering to take Humphreys out to sea to test whether his trusted ship could be spoofed.


The <i>White Rose of Drachs</i> frequents the waters off the shores of the Mediterranean under the care of Master Andrew Schofield.





The White Rose of Drachs frequents the waters off the shores of the Mediterranean under the care of Master Andrew Schofield. Photo: White Rose of Drachs


At first, Humphreys thought the offer sounded too good to be true. He spent hours verifying Schofield’s credentials as an experienced seaman and president of the Professional Yachting Association. Still, Humphreys wondered if Schofield had gone over to the dark side. To gauge the captain’s intentions, Humphreys casually mentioned that his spoofer would be equipped with a “poison software pill” to render it useless outside the planned test’s time frame and region. Schofield did not bat an eye and said it sounded like a wise precaution.

Reassured, Humphreys began to plan a Mediterranean voyage [pdf] to test whether the spoofer could generate a sequence of lies that could, quite literally, throw the White Rose off course. The attack would have to be launched in international waters and with the approval of the General Lighthouse Authorities of the United Kingdom and Ireland; otherwise, tampering with GPS signals would be a crime even if done purely for research purposes.

After months of planning, the White Rose set sail in June 2013 from Monaco to Rhodes, Greece. Atop the yacht were two GPS antennas feeding received signals to a pair of standard GPS receivers on the bridge. Also on board was Humphreys’s spoofer [pdf], which contains about $2,000 worth of software and hardware, including a radio-frequency receiver, transmitter, and digital signal-processing chips.

For the first portion of the trip, the yacht’s GPS receivers dutifully logged location information from several dozen satellites, as they would on any voyage. Then, on day two of the cruise, Humphreys’s team replaced the signals being received on the bridge with spoofed ones indicating that the ship was drifting 3 degrees to the left.

How did they do it? In normal operation, GPS receivers deduce their position by calculating their distance from several satellites at once. Each satellite carries an atomic clock and broadcasts its location, the time, and a signature pattern of 1,023 plus and minus signs known as a pseudorandom noise code (or PRN code). These codes identify a signal as originating from, say, satellite A versus satellite B, which is necessary because all GPS satellites broadcast civilian signals on the same frequency.

A ship's crew relies on GPS signals emitted from a constellation of satellites to safely navigate the seas.