GPS spoofing: The dangers of geolocation spoofing and how to protect yourself

Your location is more than just a dot on a map. It’s navigation data, the basis of financial transactions, and a key element of personal security. But what if this information can be easily faked? GPS spoofing is a real threat, both in harsh real-world conditions and in everyday life. In this article, we’ll explore how this deception works, its consequences, and, most importantly, how to protect yourself.

GPS spoofing is a malicious activity aimed at misleading a GPS receiver by transmitting false signals. This attack exploits location data, allowing attackers to disguise their true location or spoof the location on other devices to mislead them.

The consequences of GPS spoofing are significant for both businesses and consumers, with a global impact. The most vulnerable are key industries whose operations directly depend on precise geolocation: maritime logistics, construction, and transportation services (like taxis and car-sharing).

The dangers of GPS spoofing

  • Disruption of supply chains

By altering GPS data, attackers can direct a vessel onto a dangerous route or into an unsafe zone. Such incidents can lead to cargo delivery delays, disrupting global supply chains.

In early 2025, police in Bologna, Italy, arrested a 15-year-old hacker who had attacked Ministry of Education websites to change failing grades to passing ones. Law enforcement discovered his activity after receiving a report about a disruption in the operation of computer software. The investigation revealed that, in addition to changing the grades, he had also played a type of electronic game involving «ships,» where he determined the routes of merchant ships and oil tankers in the Mediterranean. The investigation assessed the teenager’s actions as an intrusion for «entertainment,» which, without any apparent benefit, jeopardized the safety of maritime navigation.

  • GPS spoofing in aviation

This can lead to deviations from the flight plan or force pilots to rely on onboard landing systems.

According to OpsGroup research, by mid-2024, the number of GPS spoofing incidents in aviation had increased by 500%, affecting an average of 1,500 flights per day, compared to only 300 per day in the first half of the year.

  • Location spoofing, a radical profit boost in taxis

Taxi apps often set inflated prices during peak hours, and drivers can exploit GPS spoofing to position themselves in these high-demand zones for financial gain. This can also allow them to establish false alibis and commit crimes during working hours.

  • Sending people on «fake» dates

Scammers can use a single spoofed GPS coordinate on a dating app to send a trusting partner to a dangerous location or even into the hands of criminals.

In 2016, a group of thieves in the US turned Pokémon Go’s game mechanics into a tool for robbery. Using the game’s geolocation feature, which is designed to find items, they created a fake «Poke Stop» beacon to lure victims into deserted areas and rob them without encountering serious resistance.

  • Fake car navigation

Drivers often use GPS to plot routes. Faking location information can lead them astray. The consequences could be particularly severe for fully autonomous cars, whose navigation relies entirely on accurate data.

According to an experiment conducted by Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research, the vast majority of drivers (95%) trust voice navigation so blindly that they don’t even notice when it leads them down a false, dangerous, or otherwise unsafe route. The experiment used an inexpensive GPS spoofing device that remotely intercepted smartphone signals. As a result, 38 out of 40 drivers strictly followed directions that led them away from their original destination.

Illustration showing a «ghost route» calculated for a driver using GPS spoofing

Furthermore, the growing availability of GPS spoofing poses a threat not only to drivers who rely on satellite navigation systems but also to passengers in self-driving cars who rely entirely on automated navigation.

Thus, in one series of experiments, researchers confirmed the possibility of hacking and redirecting Tesla cars operating on Autopilot: a remote experimenter managed to manipulate the car’s sensor data and disrupt its perception of lane markings, including forcing it to change into the oncoming traffic lane on a highway.

How to verify and prevent GPS data spoofing

By analyzing information from social media, satellite imagery, and other open digital sources, it’s possible to reconstruct a complete picture of an object’s movements and connections. OSINT methods useful for geolocation verification include:

Geolocation OSINT is based on the analysis of metadata automatically stored in digital files such as photographs, videos, and documents. This data can include GPS coordinates, the date the image was taken, and even the device model, allowing one to determine the location and time the file was created.

  • Social media analysis

Geotagging on social media allows users to attach GPS coordinates to their posts or mark points on a map. This not only indicates a precise location but also enriches the content with important geospatial context.

  • Mapping tools

To analyze geodata, OSINT specialists use a wide range of mapping services and GIS platforms. Tools like Google Maps and Esri ArcGIS allow you to visualize data, overlay layers, and perform proximity analysis, transforming disparate geotags into a comprehensible spatial picture.

  • IP geolocation

IP geolocation is based on searching for IP addresses in commercial or public databases. These databases, maintained by ISPs and Regional Internet Registries (RIRs), contain mappings between IP address ranges and geographic locations. When a user accesses a server, it can query these databases to determine the user’s approximate location based on their IP address.

  • Satellite imagery

Satellite surveillance platforms like Google Earth and DigitalGlobe allow you to combine high-resolution imagery with other geospatial data to identify key features and monitor changes over time.

  • Determining signal arrival direction

Spoofing attacks can be detected by analyzing signal geometry. While an attacker transmits false data from a single location, genuine GPS signals are received simultaneously from multiple satellites. This discrepancy can be detected using direction-finding techniques, such as determining the direction of signal arrival.

  • Signal distortion detection

This method is based on using multi-channel receiving equipment capable of analyzing signal amplitude with high accuracy. This approach allows for the detection of a characteristic signal «spike» that occurs during an attack, when both genuine and spoofed GPS signals are present simultaneously. By detecting this anomaly early — before the original signal is completely suppressed — the attack can be prevented.

  • Power saving mode

The simplest way to protect your smartphone or tablet from a spoofing attack is to put it into «power saving mode.» In this mode, only Wi-Fi and cellular networks are used to determine your location, as the GPS is disabled. However, this mode is not available on all devices.

GPS receivers and related equipment should be disconnected from the network when not in use. Two-factor authentication should be used, passwords should be changed regularly, and operating system and application updates should be installed promptly. It is also important to use antivirus protection, firewalls, and other cybersecurity measures.

The arms race between spoofing attackers and security system developers is intensifying. While spoofing technologies are becoming more accessible, verification methods, especially those that combine OSINT and cartography, are becoming more accurate and sophisticated. Therefore, reliable navigation in a world where any point on the map could be a trap requires a hybrid approach: cross-checking satellite data with cellular networks and conducting a comprehensive analysis of all digital traces.