Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The Global Positioning System (GPS) lies at the heart of an increasing number of technologies, from vehicle navigation systems to the power grid. And yet, although the military version of GPS includes security features such as encryption, civilian signals are transmitted in the clear. Now, researchers at Cornell University and Virginia Tech have demonstrated a relatively simple way to fool ordinary GPS receivers into accepting bogus signals using a briefcase-size transmitter.

Paul Kintner, a professor of electrical and computer engineering at Cornell, who worked on the project, warns that society is becoming dependent on GPS for an ever-broadening list of applications, including management of the power grid and tracking criminals under house arrest. “I’m just amazed at the way people are using these GPS systems,” Kintner says. “Ten years from now, there will be more ways that we just don’t know about–it migrates into our technological fabric, and we become dependent on it.”

Kintner and his group, which recently presented details of the spoofing attack at the Institute of Navigation’s Global Navigation Satellite Systems (GNSS) meeting in Savannah, GA, did not start out looking for a way to subvert GPS. They were working on a software-based GPS receiver to help them understand the effects of solar flares on GPS satellites. But as their design progressed, Todd Humphreys, one of the researchers in the group, realized that the same system could be used to spoof ordinary GPS signals.

Here’s how GPS works: roughly 30 satellites orbit the earth, broadcasting signals that can be picked up by a receiver virtually anywhere on the planet. By collecting signals from several satellites and measuring the time delay between each signal, GPS receivers can calculate their exact position and receive very precise time signals.

The software GPS device built at Cornell can receive and transmit any GPS signal. To attack a target receiver, the device need only be placed nearby. It would start out simply retransmitting ordinary satellite signals without any modifications. After a few seconds, the target receiver should focus on the signal coming from the device, because it’s the clearest source. At that point, the device could begin modifying transmissions, altering the signals little by little until the target receiver shows any time and position the attacker chooses. Kintner says that an attacker could use fake GPS signals to disrupt the power grid, potentially causing power spikes and even damaging generators. The same trick could let criminals under house arrest move around freely, he adds.

13 comments. Share your thoughts »

Credit: Paul Kintner and Steve Powell, School of Electrical and Computer Engineering, Cornell University

Tagged: Computing, security, GPS, infrastructure

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me