How does GPS work – and what is GPS spoofing?
Basics: How a GPS receiver determines its position
A GPS receiver uses signals from at least four satellites to determine its own location. The propagation time of the signals is analysed in order to calculate geographical coordinates (longitude, latitude, altitude). This information is then used for navigation systems, tracking services and automated logistics processes.
GPS spoofing: manipulation using fake satellite signals
In GPS spoofing, attackers deliberately send fake signals with a stronger intensity than the real satellite signals. These are interpreted as ‘real’ by the GPS receiver, which leads to an incorrect location being determined.
Software defined radios (SDRs) such as the ‘HackRF One’ are used for this purpose. These make it possible to synthetically simulate satellite signals and manipulate them with pinpoint accuracy.
Areas of application for GPS – and why they are a target for attack
GPS trackers have become indispensable in many industries:
- Logistics and transport: tracking lorries, containers and shipments in real time
- Car sharing & fleet management: determining the location to release or block vehicles
- Personal and animal tracking: protection of children, senior citizens or pets
- Sport and outdoor: recording routes when jogging, cycling or sailing
- Asset tracking: theft protection for machines, works of art or other valuable goods
In transport logistics in particular, GPS trackers are crucial for planning, security and tracking – and therefore a worthwhile target for cyber criminals.
Example of a GPS spoofer
Realistic attack scenarios in logistics
1. GPS spoofing in lorry tracking
Scenario:
An attacker places a hidden GPS spoofer in the hold of a lorry or in the immediate vicinity. Falsified position data is sent while the lorry is at a rest area. The GPS tracking system continues to report an apparently correct route to the dispatcher – while the lorry is actually stationary or being moved to another location.
Target:
The freight can be stolen without the system raising the alarm or the police being called. The theft initially remains undetected.
2. Live spoofing during the journey
Scenario:
A mobile spoofer – e.g. in a perpetrator’s vehicle – approaches a moving lorry. Manipulated coordinates are fed in in real time, simulating a breakdown or deviation from the route. The haulage company responds with a diversion or stop signal.
Destination:
The lorry is specifically directed to a remote location where a robbery or theft is easier to carry out – without direct suspicion.
Protective measures against GPS spoofing
Companies should not regard GPS as the sole source of positioning data. The following measures are recommended to protect against GPS spoofing:
- Redundant positioning systems: combination with alternative satellite networks such as Galileo or GLONASS
- Signal quality monitoring: detection of sudden jumps or anomalies in signal strength
- Antispoofing algorithms: Modern trackers and software solutions automatically recognise anomalies
- Geofencing with additional sensors: combination with acceleration, door or temperature sensors for plausibility checks
- Audits and penetration tests: regular security checks of the tracking infrastructure
Conclusion: GPS is not infallible – spoofing is real
GPS spoofing is no longer a theoretical threat. The technology is affordable, mobile and easy to implement – especially in poorly monitored logistics processes. Companies that depend on reliable location data must take action: With a mix of technology, security awareness and proactive monitoring, the attack surface can be significantly reduced.
