
A no-hand-waving technical primer for readers who want to understand the mechanics, not just the headlines.
1. Hook
In 2024 alone, aviation regulators logged tens of thousands of GPS interference events over the Baltic Sea, the Black Sea, and the Eastern Mediterranean — commercial airliners drifting off-course on cockpit displays, ships appearing to "teleport" onto airport runways in tracking data. This isn't science fiction. It's a mature, low-cost electronic warfare technique now shaping how militaries, airlines, shipping companies, and infrastructure operators think about navigation resilience — and understanding how it works is the first step to defending against it.
GPS (Global Positioning System) is the U.S.-operated example of a broader category called GNSS (Global Navigation Satellite System), which also includes Russia's GLONASS, the EU's Galileo, and China's BeiDou. A GNSS receiver calculates its position by listening to faint radio signals broadcast from satellites roughly 20,000 km overhead, each signal stamped with precise timing information and each satellite's orbital data (its "ephemeris").
The receiver measures how long each signal took to arrive, converts that elapsed time into a distance from each satellite (distance = speed of light × travel time), and then triangulates its own position from at least four such distances — a process called trilateration. The math is elegant. The physics is not forgiving.
The core vulnerability is simple: by the time a GNSS signal reaches Earth's surface, it is extraordinarily weak — often compared to trying to detect a car's headlight from 20,000 kilometers away. Signals this faint are trivially overpowered by anything broadcasting on the same frequency with more power, from a nearby, cheap, terrestrial transmitter. This single fact underlies both jamming and spoofing, and it's why GNSS has been called "a trillion-dollar system built on a whisper."

2.2 Jamming: Denial Through Noise
Jamming is the brute-force approach. A jammer transmits radio energy on or near GNSS frequencies (commonly the L1 band at 1575.42 MHz for civilian GPS) at a power level high enough to drown out the legitimate satellite signal in the receiver's front end. The receiver's signal-processing chain — which correlates incoming signals against known satellite code patterns to find a match — simply cannot find a clean signal beneath the noise floor.
There are several flavors of jamming, differing mainly in the shape of the interfering waveform:
The result of any of these is denial: the receiver reports "no fix," or the position estimate becomes wildly inaccurate and unstable. Jamming is conceptually straightforward and requires no knowledge of the target's cryptographic keys or signal structure — it's essentially a denial-of-service attack executed in the RF (radio frequency) domain rather than a network. Its effect is also obvious to the victim: a sudden, total loss of GPS lock is a clear red flag. This is precisely why jamming, despite being disruptive, is comparatively easy to detect — the receiver knows something is wrong, even if it can't fix the problem on its own.
Spoofing is a different animal entirely, and considerably more dangerous. Rather than drowning out the real signal, a spoofer broadcasts counterfeit GNSS signals that are structurally identical to genuine ones — same frequency, same modulation scheme, same civilian code sequences — but encoding false timing and orbital data. Because the fake signal is deliberately transmitted at slightly higher power than the authentic satellite signal, the receiver's tracking loops lock onto the counterfeit signal instead of the real one, computing a position, velocity, or time that the attacker has chosen in advance.
There are two broad spoofing strategies:
The most dangerous variant is the seamless handoff attack. Here, the spoofer starts by broadcasting counterfeit signals that align almost exactly with the real satellite signals the receiver is already tracking, then gradually increases transmit power to "capture" the receiver's tracking loop away from the genuine signal. Once captured, the attacker slowly "drags" the reported position, velocity, or time away from ground truth — small enough per second that automatic consistency checks and alarms don't trigger. The victim's instruments look completely normal throughout.

2.4 Civilian vs. Military Signal Structure
Civilian GPS signals (like the L1 C/A code) are public and unencrypted by design — their structure is openly published in interface control documents so any receiver manufacturer worldwide can build compatible hardware. This openness is exactly what makes generated spoofing feasible against civilian receivers: the attacker already knows precisely what a "real" signal looks like, down to the bit.
Military GNSS signals use an encrypted code — the modern M-code, or the older P(Y)-code — which is not publicly known and is protected by classified cryptographic keys, making bit-for-bit generated spoofing of the encrypted signal vastly harder for an adversary without those keys. However, military receivers are not immune to attack overall — they remain fully vulnerable to jamming (which requires no knowledge of the signal structure at all), to meaconing of any signal type, and to spoofing on any civilian channels they also process for backward compatibility or civilian-mode operation.
It's worth pausing on why spoofing is the harder problem, because it explains most of the countermeasure design choices discussed later. A jammed receiver has direct evidence of attack: signal-to-noise ratio collapses, the number of tracked satellites drops, and the receiver's own internal health metrics scream "something is wrong." A well-executed spoofing attack produces none of these symptoms — signal strength looks plausible, satellite count looks normal, and the position solution converges cleanly. The receiver is, in a very real sense, doing exactly what it's designed to do: trusting the strongest, cleanest-looking signal available. The attack succeeds precisely by exploiting the receiver's correct behavior, not a flaw in it. Detecting spoofing therefore requires evidence from outside the GNSS receiver itself — comparing what GNSS reports against an independent source of truth.
| Attribute | Jamming | Spoofing |
|---|---|---|
| Goal | Deny position/time fix | Deceive with false position/time |
| Technique | Overpower signal with noise | Mimic and overpower with fake signal |
| Knowledge required | None (broadband noise works) | Signal structure (easy for civilian, hard for encrypted military) |
| Victim awareness | Immediate and obvious | Often invisible; instruments appear normal |
| Typical equipment cost | Very low (a few hundred dollars) | Low to moderate (software-defined radio, ~$1,000–$5,000) |
| Primary countermeasure | Anti-jam antennas, filtering | Cross-checking against independent sensors (INS, clocks) |

4. Worked Example / Analogy
Think of GNSS like trying to navigate by listening for four different lighthouses, each blinking its exact identity and the precise time it blinked. Jamming is like someone shining a floodlight directly in your eyes — you simply can't see any lighthouse anymore, and you know immediately that something is wrong. You stop, you know you're blind, and you switch to a backup method of navigation.
Spoofing is different, and far more insidious. It's like someone building a fake lighthouse, positioned closer and shining brighter than the real ones, blinking a plausible but false identity and time signature. You still see "four lighthouses" exactly as expected, and you calculate a position with total confidence using your normal procedure. You just don't realize that one of your four reference points is a decoy built specifically to deceive you. Your instruments show everything is normal — full signal strength, good satellite geometry, stable fix — but the destination your calculations are steering you toward is quietly, deliberately wrong.
This is why spoofing detection cannot rely on the GNSS receiver's own self-assessment. It requires cross-checking against an independent source — an inertial sensor that tracks motion without radio input, a stable atomic or oven-controlled clock, or a second, geographically separate receiver whose fix can be compared against the first.
Understanding the mechanics above is easier when grounded in observed behavior. Since roughly 2016, GPS interference incidents around the Black Sea, eastern Mediterranean, and Baltic Sea have been widely tracked by aviation safety organizations and maritime authorities, with commercial aircraft reporting sudden, large position jumps and ships' Automatic Identification System (AIS) tracks showing vessels apparently located on land or inside airport perimeters. In several documented cases, the interference pattern was consistent with area-wide jamming intended to protect specific ground assets, rather than a deliberate spoof of any single aircraft or vessel — a reminder that most real-world GNSS interference today is collateral, not precision-targeted, even though the underlying techniques are the same ones a precision attack would use.
For defense and aerospace platforms, GNSS spoofing and jamming aren't abstract threats — they're active, routinely observed tactics in contested airspace and maritime chokepoints. A jammed missile, drone, or aircraft loses precision guidance and reverts to less accurate backup systems; a spoofed platform may continue navigating confidently toward a wrong destination, which is operationally more dangerous because the failure mode is silent rather than obvious.
This drives several concrete design priorities in modern platforms:
Understanding the mechanics described in this primer is foundational to evaluating any of these countermeasures, since each one defends against a specific, distinct failure mode rather than "GPS attacks" in the generic sense — a CRPA antenna helps enormously against jamming but does little against a well-executed seamless-handoff spoof, while INS cross-checking helps against both but with very different response timelines.