SkipToMainContent

Emerging Threats

GPS spoofing: What it is + spoofing attacks to watch for

A couple driving in their car looking at GPS — insinuating they are on a road trip.

September 21, 2021

GPS spoofing is when technology or a person alters data so that a device appears in a different location or time zone — and it’s a cyber threat that devices are susceptible to. 

That’s because we’re long gone from the days of unrolling a map to get ourselves from point A to point B. Today, digital citizens have navigation at their fingertips, thanks to global positioning systems (GPS) and GPS-enabled devices. 

Here, we’re overviewing just what is GPS spoofing and how to avoid it on your own GPS-enabled devices.

What is GPS spoofing?

GPS spoofing explained: GPS spoofing is when technology or a person alters data so that a device appears in a different location or time zone.


GPS spoofing is when technology or a person alters data so that a device appears in a different location or time zone. For a simpler GPS spoofing definition, GPS spoofing is essentially faking location coordinates or time zones. 

Reasons for GPS spoofing vary. Some individuals might spoof their own devices as a means to protect their online privacy or personal data from being tracked. In other instances, cybercriminals could be behind a GPS spoof for malicious purposes.

How does GPS spoofing happen + who’s behind it?

To understand how GPS spoofing works, it’s helpful to understand how Global Navigation Satellite Systems (GNSS) work — these satellites orbit the earth and transmit communication signals to our devices. Considering these signals have to travel so far, they can become pretty tired and weak by the time they reach our devices.  

GPS spoofing takes advantage of those weak signals by mimicking them and making these mimicked signals stronger so they overpower or override weaker, original signals. You can liken this to a loud person overpowering a soft-spoken individual in conversations. And because most all GPS signals are unencrypted, meaning they’re legible to all and no verification is required to transmit them, it’s pretty easy to mimic a GPS signal.  

But how does one spoof a GPS? This can involve a GPS spoofer or GPS spoofing technology, like an application, both of which alter data or these communication signals connected to a GPS. To do this, the transmitter needs to be near the GPS-enabled device you’re seeking to spoof. From there, it mimics the signal, tricking the GPS receiver into showing another location. 

And there are a few parties who might be interested in GPS spoofing:       

  • Militaries might GPS spoof their own locations or enemy drones for warfare gains.        
  • Criminals and cybercriminals might GPS spoof to redirect victims toward dangerous destinations, online, or in person.        
  • Gamers, especially Pokémon GO players, have been known to GPS spoof their devices for a competitive advantage.        
  • Individuals might GPS spoof themselves in the name of online privacy and to stop their location data from being tracked. 

Worth noting is that GPS spoofing can sometimes be confused with GPS jamming, which is when a cybercriminal blocks GPS signals. GPS jamming is illegal, whereas GPS spoofing is not if the spoofer is the GPS-enabled device owner.

Types of GPS spoofing attacks

The term “spoofing” essentially means faking. And many types of cyberattacks take this approach, including caller ID spoofing, email address spoofing, geolocation spoofing, IP spoofing, voice spoofing, and, of course, GPS spoofing. 

To further home in on GPS spoofing attacks, these can be executed in different ways, too. Generally, that’s either by mimicking signals or by generating slightly modified signals. The result is often all the same: Falsifying the location of a GPS-enabled device.

Who’s at risk of GPS spoofing attacks?

Anyone who relies on GPS-enabled technology is at risk of a GPS spoofing attack. This can include commercial companies, individuals, or countries.


Anyone who relies on GPS-enabled devices or technology is at risk of a GPS spoofing attack. Still, cybercriminals have different motives, depending on their victims. 

Commercial companies

Cybercriminals seeking financial gain might utilize GPS spoofing toward commercial companies, oftentimes for theft or other physical crimes with malicious intent. The following commercial companies all are at risk of having their navigation systems interfered with.

Shipping companies

Whether it’s air, land, or sea, shipping companies are all about moving cargo from one destination to another. And when it comes to spoofing these companies, criminals might redirect their navigation systems to a location where the precious cargo can be hijacked. What’s more, some shipping companies also have GPS-enabled locks that only open from a specific location. So, some hackers might also spoof a plane, truck, or boat’s location to be able to access their cargo from any destination.

Taxi and ride-sharing services

When it comes to taxi and ride-sharing services, GPS spoofing is often committed by the drivers themselves. This can be to fake their location — and alibi — to commit a crime. They might also spoof their coordinates to place themselves in areas with surge pricing to bring home a larger paycheck. Bottom line: It’s bad for passengers and bad for business. 

Construction 

Construction sites are teeming with expensive tools, equipment, and machinery, all prime for a thief’s picking. To avoid this, some construction companies put their materials under a GPS-enabled lock and key to ensure it stays in a worksite. But even these security measures can be spoofed, allowing for materials to be transported away from construction sites even though they appear to still be there.

Individuals

Everyday internet users can also become victims of GPS spoofing attacks, particularly in the event criminals want to lure victims to a dangerous area and commit other crimes. A few of our common GPS-enabled devices and platforms that might be spoofed include:        

  • Self-driving cars        
  • Travel apps        
  • Dating apps

Countries

Especially when it comes to warfare, being stealthy has its advantages. This is why some countries might spoof their military locations to disguise their activities or planned attacks. Russia is a common offender of this but also as an act of cyberwarfare. For reference, there have been as many as 10,000 reported incidents of Russia interfering with the satellite navigation of civilian vessels. 

How to avoid GPS spoofing attacks

A checklist of how to avoid GPS spoofing attacks including obscure your GPS antennas, install decoy GPS antennas, keep your GPS antenna unobstructed, and more.


GPS spoofing is no doubt a scary reality, especially for those who don’t realize they’re under a GPS spoofing attack. Thankfully, there are a few steps you can take to level up your GPS security: 

  1. Obscure your GPS antennas with opaque or transparent barriers.
  2. Install decoy antennas to redirect GPS spoofers away from your actual device.
  3. Keep your antenna unobstructed to ensure it has a strong signal.
  4. Invest in a sensor or other blocking technology that can detect GPS spoofing and GPS jamming attempts.
  5. Turn off GPS-enabled devices when they’re not in use.
  6. Change your passwords regularly on GPS-enabled devices.
  7. Use multi-factor authentication to access GPS-enabled devices. 

As consumers, GPS technology is supposed to keep us on the right track, be it as a means for navigation or to recommend nearby businesses. Understanding what is GPS spoofing — and following associated cybersecurity trends — can put you on the fast track to avoiding GPS spoofing attacks from the start.

The freedom to connect more securely to Wi-Fi anywhere

With Norton™ Secure VPN, check email, interact on social media and pay bills using public Wi-Fi without worrying about cybercriminals stealing your private information

Try Norton Secure VPN for peace of mind when you connect online


Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2021 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.