Satellite Position Spoofing: Risks, Techniques, and Detection Methods

Modern life depends heavily on smartphones and maps. When positioning becomes inaccurate, serious problems can arise, such as failing to locate a taxi, missing a delivery, or even circling on a highway for hundreds of kilometers.

People expect precise positioning, especially after the successful deployment of the third generation of BeiDou. However, a hidden risk can degrade accuracy: the widespread use of satellite positioning spoofing (also known as location interference).

Satellite spoofing involves ground‑based fake base stations broadcasting counterfeit GNSS signals, causing nearby devices to believe they are receiving authentic signals and thus reporting a location preset by the attacker. While fake cellular base stations have been used for spam, location interference is becoming common in scenarios such as:

Driving test cheating: Fake signals make a vehicle’s recorder believe it has driven along the driving school route, allowing a learner to log required hours without actually practicing.

Remote clock‑in fraud: Employees falsify their location to manipulate work‑time statistics.

Ride‑hailing order manipulation: Drivers spoof their position to appear in a target area or to claim completed orders.

Drone counter‑measures: Enterprises interfere with drones’ GNSS signals, forcing them to think they are in a no‑fly zone or to deviate from their path.

Anti‑tracking: Vehicles equipped with BeiDou modules are protected by emitting false signals to hide their true location.

Various spoofing methods exist. Some affect only a single device (e.g., directly altering its reported coordinates), while GNSS fake base stations can disrupt all nearby devices. The interference range depends on the transmitter’s power: low‑power stations affect a few meters, whereas high‑power stations can cover dozens of kilometers, even indoors where satellite signals are weak.

The spoofed location can be set arbitrarily, with controllable speed and direction, resulting in trajectories that form circles or follow impossible paths.

The principle behind GNSS positioning is simple: a receiver captures satellite signals, extracts timestamps, and solves a set of four equations (x, y, z coordinates and clock bias) to compute its position.

Because GNSS signal specifications are public, an attacker can insert arbitrary timestamps into the message payload and transmit the crafted signal. The simplest approach records a genuine signal at one location and replays it elsewhere. To spoof a specific point, the attacker calculates the required timestamps for each satellite. Some commercial products now allow users to input target latitude, longitude, speed, and even a full trajectory, automatically generating the necessary spoofed signals.

Devices such as the HackRF can transmit custom signals, and open‑source software can generate GNSS soft‑signals for transmission, effectively creating a fake GNSS base station that can simulate multiple satellites simultaneously.

GNSS signals are vulnerable because the original GPS design did not incorporate strong security: messages are unencrypted and unauthenticated. Subsequent systems like Galileo, GLONASS, and BeiDou follow similar designs, making them equally susceptible. Military‑grade encrypted signals (e.g., “military code”) provide better protection but are not available for civilian devices.

Current countermeasures being explored by chip manufacturers and map providers include:

Carrier power verification: Detect abnormally strong signals that may indicate spoofing.

Signal direction verification: Check whether the signal originates from the sky; ground‑based sources are suspicious.

Message consistency check: Validate each field of the GNSS message against expected values.

Solution validation: Identify abnormal satellite ranges that suggest mixed genuine and fake signals.

Multi‑source validation: Cross‑reference GNSS results with inertial navigation, network positioning, or other methods.

While these techniques reduce the likelihood of successful spoofing, they cannot eliminate it entirely. Users can take the following steps to determine whether their device is being affected:

Check if the reported location falls near sensitive sites such as airports, oil depots, or driving schools.

Confirm that the device is using satellite positioning rather than network positioning. Android users can install Android GPS Test and look for a “Fix” or “ON” status; iPhone users can use phyphox and verify that the speed reading is non‑negative.

If multiple nearby devices show a similar large deviation (e.g., >200 m), a local spoofing source is likely present.

If spoofing is confirmed, the only recourse is to contact the local radio‑frequency management authority, which can detect and shut down illegal fake base stations.

For more details, refer to the original article: https://www.miit.gov.cn/gzcy/cydh/art/2020/art_ba58d28194884d66b0032861a11e0bd2.html

Related reading: Everything You Want to Know About Satellite Positioning