Full Report
Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…
Analysis Summary
# Incident Report: Large-Scale GPS Interference in Indian Airports
## Executive Summary
Local authorities in India have detected widespread GPS spoofing and jamming incidents affecting at least eight major airports, reported by the Civil Aviation Minister. The incidents, occurring sporadically since 2023 with recent activity in Delhi, required pilots to switch to manual navigation methods but reportedly caused no harm. Investigations are underway by the Wireless Monitoring Organization to identify the sources of this radio frequency interference.
## Incident Details
- Discovery Date: Revealed through a written answer to Parliament, referencing "recent" incidents, with continuous reports since 2023.
- Incident Date: Sporadic incidents reported since 2023, with recent activity noted in August 2025 affecting at least one flight.
- Affected Organization: Eight major airports, including Delhi (Indira Gandhi International Airport), Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai.
- Sector: Civil Aviation / Air Transport
- Geography: India
## Timeline of Events
### Initial Access
- Date/Time: Sporadic reports dating back to 2023; recent incident in August 2025.
- Vector: Use of specialized radio frequency equipment to transmit incorrect GPS signals (spoofing) or overpower legitimate satellite signals (jamming).
- Details: Attackers broadcast radio signals targeting GNSS receivers used by aircraft navigation systems.
### Lateral Movement
- Not applicable. This appears to be a physical/RF-layer attack rather than a network intrusion.
### Data Exfiltration/Impact
- Data Impact: None reported.
- Operational Impact: Pilots were forced to rely on alternative navigation methods (non-satellite based) during incidents, such as the August 2025 event.
### Detection & Response
- Detection: Incidents were detected by flight operations and subsequently confirmed by local authorities reporting to the Ministry.
- Response Actions: Airports Authority of India (AAI) requested the Wireless Monitoring Organization to investigate and identify the source of the interference.
## Attack Methodology
- Initial Access: Radio Frequency (RF) transmission manipulation.
- Persistence: N/A (Intermittent RF events).
- Privilege Escalation: Not applicable (Non-network based attack).
- Defense Evasion: Techniques exploit weaknesses in GPS signal reception, which are inherently weak and susceptible to terrestrial broadcasting.
- Credential Access: Not applicable.
- Discovery: N/A (Physical infrastructure being targeted directly).
- Lateral Movement: Not applicable.
- Collection: N/A.
- Exfiltration: N/A.
- Impact: Denial of service/degradation of critical navigational aids (GPS reception).
## Impact Assessment
- Financial: Not specified, though rerouting/delays could incur costs.
- Data Breach: None reported.
- Operational: Temporary reliance on manual navigation procedures for aircraft, creating potential increased workload for pilots.
- Reputational: Minor impact confirmed by government acknowledgment, though immediate danger was averted.
## Indicators of Compromise
- Network Indicators: N/A (RF-based attack).
- File Indicators: N/A.
- Behavioral Indicators: Unusually strong or localized radio interference patterns near airport facilities coinciding with GPS signal anomalies at aircraft locations.
## Response Actions
- Containment Measures: Pilots adhered to standard operating procedures, switching to alternative navigation methods when GPS signals were compromised.
- Eradication Steps: AAI has requested monitoring organizations to locate and neutralize the illegal RF transmitters/sources.
- Recovery Actions: Restoration of reliable GPS service once interference ceases or is located.
## Lessons Learned
- GPS reliance in aviation remains a significant vulnerability, requiring resilience against sophisticated RF attacks like jamming and spoofing.
- Coordinated, multi-agency response (Aviation Authority and Wireless Monitoring Body) is necessary for timely detection and mitigation of RF threats.
- The aviation sector must continue to invest in advanced cybersecurity solutions, even against non-traditional threats like RF interference, as noted by the Minister referencing ransomware/malware risks alongside physical threats.
## Recommendations
- Accelerate the deployment of advanced cyber security solutions specifically aimed at monitoring and analyzing the RF spectrum around critical airport infrastructure.
- Invest in military-grade or certified anti-spoofing technologies for critical navigation receivers where feasible.
- Increase mandatory training for air traffic control and flight crews regarding identification and response protocols for sophisticated GPS interference scenarios.