Full Report
ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers at Oak Ridge National Laboratory in Tennessee have created what they say is the most effective system yet for detecting GPS interference, which could help blunt such attacks.…
Analysis Summary
# Tool/Technique: GPS Spoofing and Jamming
## Overview
GPS interference consists of two primary techniques: **Jamming**, which involves flooding GPS frequencies with noise to deny service, and **Spoofing**, which involves transmitting counterfeit satellite signals to manipulate a receiver's perceived location or time. These techniques are increasingly used by threat actors to hijack cargo, misdirect logistics, and interfere with aviation/maritime navigation.
## Technical Details
- **Type**: Technique (Electronic Warfare / Signal Interference)
- **Platform**: Logistics (Trucking), Aviation, Maritime, and Autonomous Systems
- **Capabilities**: Denial of Service (Jamming), Signal Manipulation/Deception (Spoofing)
- **First Seen**: Historically used in military contexts; civilian/commercial transit exploitation has seen a significant rise in the 2020s.
## MITRE ATT&CK Mapping
- **TA0009 - Collection**
- **T1602 - Data from Network Shared Drive** (Contextual: Monitoring cargo movement)
- **TA0040 - Impact**
- **T1491 - Defacement** (Contextual: External Latent Deception)
- **T1498 - Network Denial of Service** (Effective result of Jamming)
- **T1565 - Data Manipulation** (Stored/Transmitted location data manipulation)
## Functionality
### Core Capabilities
- **Signal Overpowering (Jamming):** Transmitting high-power radio frequency (RF) noise on GPS bands (L1/L2) to prevent the receiver from locking onto legitimate satellite signals.
- **Signal Mimicry (Spoofing):** Generating fake GPS packets that mimic the structure of real Global Navigation Satellite System (GNSS) signals to feed a receiver false coordinates.
### Advanced Features
- **Zero-Differential Spoofing:** The ability to inject fake signals even when they are at the same power level as legitimate signals, making standard "peak power" detectors ineffective.
- **Logistics Obfuscation:** Used in "highway heists" to keep dispatchers from realizing a vehicle has diverted from its planned route.
## Indicators of Compromise
- **File Hashes:** N/A (Hardware/RF-based attack)
- **Network Indicators:** 1575.42 MHz (L1 band) and 1227.60 MHz (L2 band) interference signals.
- **Behavioral Indicators:**
- Sudden loss of GPS "lock" or "fix."
- Unexpected "jumps" in geographic coordinates.
- Discrepancy between GPS data and inertial sensors (accelerometers/gyroscopes).
- High noise floor in the 1.5 GHz spectrum range.
## Associated Threat Actors
- **Organized Crime Groups:** Known to use portable jammers/spookers for high-value cargo theft (e.g., the "Guy Fieri Tequila" heist).
- **State-Sponsored Actors:** Historically linked to GPS interference in conflict zones and near international borders to disrupt aviation.
## Detection Methods
- **Software-Defined Radio (SDR) Analysis:** Utilizing devices like those developed by ORNL to perform mathematical RF analysis of incoming waves.
- **Independent Reference Validation:** Comparing GPS data against non-GPS sources (e.g., cellular trilateration, dead reckoning, or the ORNL method of mathematical RF signature analysis).
- **Signal Strength Monitoring:** Detecting "abnormally strong" signals on GPS frequencies (though this fails against advanced equal-strength spoofing).
## Mitigation Strategies
- **ORNL Portable Detector Kit:** Deployment of specialized detectors that use embedded GPUs to perform real-time radio frequency analysis to distinguish real signals from fakes.
- **Multi-Constellation Receivers:** Using devices that track GPS, GLONASS, Galileo, and BeiDou simultaneously to identify inconsistencies.
- **Redundant Navigation:** Relying on Inertial Navigation Systems (INS) that do not depend on external RF signals.
## Related Tools/Techniques
- **Software-Defined Radios (SDRs):** HackRF One, BladeRF (frequently used as the hardware base for spoofing tools).
- **GPS Simulator Frameworks:** Open-source projects (e.g., `gps-sdr-sim`) used to generate spoofed signal data.
- **Signal Jamming:** Broad-spectrum "noise makers" used for Area Denial.