GPS Jamming and Spoofing

GPS was designed in the 1970s as a US military system later opened to civilian use. The civilian signal was never cryptographically authenticated; it was assumed that anyone with the capability to disrupt it (mostly other militaries) would also have access to the military signal. In the 2020s, that assumption is broken: cheap consumer jammers and software-defined-radio spoofers have made GPS interference a routine threat. This article covers what jamming and spoofing are, the documented incidents, why civilian GPS is structurally vulnerable, and the mitigation options.

The /learn/how-gps-works pillar covers the system; this article covers what happens when adversaries deliberately attack it.

Jamming: drowning out the signal

GPS signals are extraordinarily weak when they reach Earth — around −155 dBW at the receiver, well below the noise floor of typical electronics. Modern GPS works because the receiver uses correlation processing to extract the signal from below the noise over millisecond integration times.

Jamming overcomes this by raising the noise floor: transmit a strong RF signal on the GPS frequency (1575.42 MHz for L1), and the receiver's correlation processing can no longer separate signal from noise. The result: the receiver loses its GPS fix and reports “no signal.”

The math is simple. A small ~1 watt jammer at 100 m distance delivers ~−40 dBW of noise to the receiver — over 100 dB stronger than the legitimate GPS signal. Even a jammer 50 km away can overwhelm GPS for a wide area. The vulnerability is fundamental: GPS signals are weak, and noise is easy to make.

Documented jamming incidents:

• Newark Liberty 2010: A truck driver using a $50 personal jammer on the New Jersey Turnpike disabled the airport's GPS-based landing system multiple times per week for months. The driver was eventually identified and fined $32,000 by the FCC. The case became the canonical example of how cheap consumer jammers can have outsized impact.
• Persian Gulf and Eastern Mediterranean (2010s onwards): intermittent jamming by Iranian, Syrian, and Russian military for electronic warfare. Civilian shipping and aviation report GPS outages routinely.
• Black Sea / Sea of Azov (2014 onwards): widespread jamming during and around Russia's war in Ukraine. Ship-tracking AIS shows hundreds of vessels with implausible positions during periods of heavy jamming.
• Middle East aviation (2023+): organised jamming of GPS over the Eastern Mediterranean and parts of Iraq / Iran / Syria, affecting commercial flights at cruise altitude. Multiple airlines have reported having to use inertial-only navigation for hours over affected regions.

The FCC strictly prohibits civilian use of GPS jammers in the US, with enforcement actions resulting in fines exceeding $30,000 for individuals. Despite this, jammers remain cheap and easy to acquire online; enforcement is reactive (someone notices interference, the FCC investigates) rather than preventive.

Spoofing: transmitting fake signals

Spoofing is technically more sophisticated than jamming. Instead of overwhelming the GPS signal with noise, a spoofer transmits fake GPS satellite signals — same frequency, same code structure, but with timing and content designed to make the receiver compute a false position.

The technique: a software-defined radio (SDR) generates the GPS signal structure for each chosen satellite, transmits all of them simultaneously at slightly higher power than the real satellites, and the receiver locks onto the fake signals. By manipulating the timing of the fake signals, the spoofer can move the receiver's computed position to any target location.

Documented spoofing incidents:

• Black Sea 2017: a Russian-linked operation spoofed 20+ ships in the Black Sea over multiple days; the ships reported their positions as inland Sochi Airport, several kilometres from their actual locations. The first widely documented civilian spoofing incident.
• Iranian capture of US RQ-170 drone (2011): Iran claimed to have spoofed the GPS of a US stealth drone, causing it to land in Iran. The details are disputed (Iranian and US accounts differ), but the incident is widely cited as a proof-of-concept for military spoofing.
• Tehran Stock Exchange (2019): reports of spoofing in central Tehran created unusual GPS-based navigation failures for commercial users.
• Middle East aviation (2023+): documented spoofing of commercial aircraft GPS over Iraqi airspace and the Eastern Mediterranean. Aircraft reported jumping hundreds of kilometres in position; some experienced clock-time errors causing FMS issues. The OpsGroup aviation reporting network published extensive analyses.
• Maritime spoofing near Iran (2024): tankers in the Persian Gulf and Strait of Hormuz reported positions inland at unrelated airports — a pattern documented by satellite-tracking watchers and likely related to Iranian electronic warfare.

Sophisticated spoofing requires more capability than jamming but is well within reach of national militaries and increasingly within reach of advanced criminal organisations. Civilian receivers have no built-in protection.

Why civilian GPS is vulnerable

GPS's civilian L1 C/A signal was designed in the 1970s with no cryptographic authentication. The signal structure is public; anyone with a software-defined radio can transmit a credible-looking civilian GPS signal. The receiver has no way to verify whether the signal it's receiving came from a real GPS satellite or from a ground-based spoofer.

Military GPS (P(Y) code, M-code) uses cryptographic authentication: the satellite signs the navigation message with a secret key, and the receiver verifies the signature. A spoofer can't forge a valid signature without the key. Military receivers are therefore much harder to spoof.

Civilian modernisation efforts are slowly closing the gap:

• L1C: modernised civilian signal on L1, includes anti- spoofing features (no cryptographic authentication, but improved signal structure).
• L5: modernised civilian signal on a different frequency band, harder to jam because adversaries need separate hardware to attack each band.
• Galileo OS-NMA: cryptographically signs the navigation message. A receiver can verify the message authenticity. Rolled out in 2023; consumer hardware adoption underway.
• Future: full civilian authentication on GPS (proposed “Chimera” signal) and Galileo (improved OS-NMA).

For the next several years, expect civilian GPS to remain spoof-vulnerable while Galileo OS-NMA becomes the practical defence for users who need it.

Mitigations

For users who care about protection:

Multi-GNSS receivers: tracking GPS + Galileo + BeiDou + GLONASS simultaneously. A single-frequency jammer covering only GPS L1 doesn't affect the other constellations on their own frequencies. Spoofing all four constellations simultaneously is much harder than spoofing just GPS.

RAIM (Receiver Autonomous Integrity Monitoring): the receiver cross-checks the consistency of its satellite measurements; if some satellites are inconsistent, RAIM warns the user that the position fix is unreliable. Mandatory in FAA-certified IFR aircraft.

Inertial sensors: an IMU (Inertial Measurement Unit) provides dead-reckoning positioning that continues working when GPS fails. Fused with GPS, IMU drift is bounded; without GPS, the IMU position drifts at ~10 m/min for consumer-grade units, ~1 m/min for tactical-grade, sub-1 m/hour for navigation-grade.

Anti-jam antennas: Controlled Reception Pattern Antenna (CRPA) arrays use multiple antenna elements and signal processing to suppress jamming from directions that don't look like “up.” Standard in military aircraft; commercial CRPAs available for ~$10,000+.

Galileo OS-NMA: cryptographically authenticated Galileo signal. Receivers that track Galileo OS-NMA can verify the signal authenticity. Currently rolling out; expect mainstream support in late-2020s smartphones.

Backup navigation: maritime users increasingly carry backup eLoran or radar-based positioning; aviation users maintain VOR / DME / inertial as backup. The post-GPS “defence in depth” approach is gaining adoption across critical infrastructure.

Detecting GPS spoofing

A receiver experiencing spoofing might show:

• Sudden position jumps (the spoofer moves the fake position abruptly).
• Inconsistent altitude or time (spoofers often get the 3D geometry wrong).
• Unusual signal strength (spoofed signals often have higher C/N0 than real GPS).
• Disagreement between GPS-derived and inertial-derived velocity.
• Trajectory implausible given vehicle dynamics (a ship “jumping” 10 km in 30 seconds).

Aviation pilots are increasingly trained to recognise these signs and switch to backup navigation when they appear.

Common misconceptions

“GPS jamming is illegal so it's rare.” It's illegal and common. The FCC issues fines for individual truck-driver-jammer cases but lacks the resources to enforce at scale. Wartime electronic warfare bypasses legal frameworks entirely.

“Spoofing requires nation-state capability.” Increasingly no. SDR hardware costs ~$300; open-source GPS-simulation software is freely available. Sophisticated spoofing (smooth position dragging that doesn't trigger RAIM) still requires expertise, but basic spoofing is accessible to hobbyists.

“Modern smartphones detect spoofing.” They don't — there's no spoofing detection in standard smartphone GNSS firmware. Some apps perform sanity checks (comparing GPS position with cell-tower position), but these are easily fooled.

“Jamming and spoofing don't happen in the US / EU.” They do. The FAA reports hundreds of GPS interference incidents per year in US airspace, mostly involving consumer jammers. EU regulators publish similar reports. Most are benign (truck drivers, criminals trying to defeat trackers); some are deliberate testing or experimentation.

“The military controls GPS so it can't be spoofed.” The military controls the satellite broadcasts. Spoofing happens at the receiver end, where any ground-based transmitter on the GPS frequency can manipulate civilian receivers within range. The satellites are unaffected; the receivers are the vulnerability.

“Encryption would solve the problem.” Full civilian authentication would substantially help — it's what Galileo OS-NMA delivers. But authentication doesn't prevent jamming (which is about overwhelming the signal, not faking it), and full GPS-civilian authentication has been proposed for years without deployment. Galileo's OS-NMA is the first deployed civilian-authentication GNSS feature.

“Just turn off GPS and the problem goes away.” GPS is foundational to many systems that don't advertise it: cellular network timing synchronisation (GPS provides the phase reference for 4G / 5G base stations), financial timestamping (GPS is the standard time source for trading floors), electric-grid synchronisation, autonomous-vehicle navigation, emergency-services dispatch. A jamming or spoofing incident can disrupt all of these simultaneously, with cascade effects far beyond “the navigation app showed the wrong location.” This is why GPS is increasingly classified as critical infrastructure in many countries.

“Civilians are not realistic targets for spoofing.” Increasingly disputable. Documented civilian-spoofing scenarios: fishing-vessel position manipulation to evade catch limits; location-game cheating (Pokémon Go was famously spoofed by GPS-simulator apps in 2016 onwards); GPS-tagged-asset theft-evasion; ride-share driver manipulation of position to collect rides further from actual location. The line between “state-actor attack” and “hobbyist nuisance” is thin in 2026, and the consumer-receiver side has done little to keep up.