Skip to Content

“Spoofers” Use Fake GPS Signals to Knock a Yacht Off Course

Civilian GPS is vulnerable to being spoofed—and researchers are looking for ways to ensure the signals are legit.

University of Texas researchers recently tricked the navigation system of an $80 million yacht and sent the ship off course in an experiment that showed how any device with civilian GPS technology is vulnerable to a practice called spoofing.

Lurking trouble: A console on the yacht that was taken over by University of Texas researchers who made bogus GPS signals seem legitimate.

Led by GPS expert Todd Humphreys, the researchers used a handheld device they built for about $2,000. It generates a fake GPS signal that appears identical to those sent out by the real GPS. The two signals reach the targeted system in perfect alignment. The strength of the fake signal slowly ratchets up and overtakes the real one.

The yacht’s captain offered up his boat for the experiment after seeing Humphreys give a presentation at this year’s SXSW conference. The takeover took place in June while the boat was traveling in the Mediterranean off the coast of Italy. From a perch onboard the yacht, the spoofing researchers shifted the ship’s course three degrees to the north. They also convinced the yacht’s GPS system that the boat was underwater.

“[The captain] invited me to basically try kicking the tires of his security system,” Humphreys says. “And yeah—they were flat.”

Until now, the threat of spoofing existed mostly on paper. Humphreys’s team had demonstrated the device in experiments with unmanned aerial vehicles. Those tests established that the technology can work from up to 30 kilometers away, Humphreys says.

Now the yacht experiment shows it can be used to fool a navigation system in the real world. This has implications for any system that relies on civilian GPS—a list that includes commercial aviation, smartphones, and the stock market.

“Civilian GPS is not encrypted and not authenticated, so that means it’s entirely predictable,” Humphreys says. “Predictability is the enemy of security.”

Although there is no evidence that spoofing has been used maliciously, other researchers are developing preëmptive solutions.

Mark Psiaki at Cornell University, a former adviser of Humphreys, has been at the problem for several years. Psiaki’s group has a patent pending on a device that would help civilian GPS piggyback off military signals. In this scenario, incoming civilian GPS signals would be compared to military GPS signals that are broadcast on the same frequency. Although the military’s GPS is encrypted, it contains some distinctive features that indicate its relationship to the true civilian GPS signal.

The signals would be processed by one or more intermediate receivers in a secure location unlikely to be spoofed—such as the middle of a desert. However, this means that the solution would require substantial infrastructure to work on a large scale, with receivers spread out in desolate areas around the country.

A simpler answer might be better. Psiaki’s team has built a modified GPS receiver that wiggles its antenna back and forth a couple of inches at a high frequency. Moving the GPS antenna like this alters a characteristic of the incoming signal called the carrier phase. True GPS signals arrive from multiple locations, and this will be evident when looking at the differences in their carrier phases. Fake GPS signals, which are broadcast from a single location, will show the same signature in each carrier phase.

Psiaki’s team tested a prototype based on this idea last year while Humphreys was demonstrating his spoofing device on a drone helicopter. Psiaki says his group detected the spoofing attempt. “If we’d taken [our prototype] out on the yacht, the yacht would not have been fooled,” he says.

Keep Reading

Most Popular

Russian servicemen take part in a military drills
Russian servicemen take part in a military drills

How a Russian cyberwar in Ukraine could ripple out globally

Soldiers and tanks may care about national borders. Cyber doesn't.

Death and Jeff Bezos
Death and Jeff Bezos

Meet Altos Labs, Silicon Valley’s latest wild bet on living forever

Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

ai learning to multitask concept
ai learning to multitask concept

Meta’s new learning algorithm can teach AI to multi-task

The single technique for teaching neural networks multiple skills is a step towards general-purpose AI.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.