Hackers are now endangering flights in the sky by spoofing GPS, disturbing critical navigation

The aviation industry is facing a new and alarming threat as GPS “spoofing” incidents — where false GPS signals are broadcast to deceive aircraft — are on the rise.

This type of cyberattack has surged by 400 per cent in recent years, particularly near conflict zones, according to the aviation advisory group OPSGROUP.

While initially intended to confuse military drones or missiles, these spoofing attacks are now affecting commercial airliners, leading to serious concerns about flight safety and navigation.

What is GPS Spoofing and how does it work?
GPS spoofing is a cyberattack that involves sending incorrect GPS signals to an aircraft, causing it to misinterpret its actual location. This can result in navigational errors and disrupt critical onboard systems.

Although these attacks may not directly cause an aeroplane to crash, they introduce significant risks by creating confusion and potentially triggering a cascade of other issues that could lead to dangerous situations.

Major threat in aviation
Cybersecurity experts, including Ken Munro from Pen Test Partners, have highlighted the dangers of GPS spoofing at recent cybersecurity conferences such as DEF CON. Munro emphasized that GPS is not only crucial for determining an aircraft’s location but also for maintaining accurate time on board.

A disruption in GPS timing can cause serious malfunctions in critical systems, as evidenced by incidents where spoofing attacks have reset aeroplane’s clocks by years, leading to loss of secure communications and requiring extensive repairs that grounded the aircraft for weeks.

These disruptions are particularly concerning given the increasing reliance on GPS for navigation, which has largely replaced older, more robust ground-based systems. While GPS is more cost-effective and widely used, it is also more vulnerable to interference from cheap and easily accessible equipment.

This vulnerability has already led to real-world consequences, such as Finnair’s temporary suspension of flights to Tartu, Estonia, in April 2024, following GPS spoofing attacks that the Estonian government attributed to nearby Russia.

A domino effect
While experts like Munro assert that GPS spoofing alone is unlikely to cause a plane to crash, the risks it introduces should not be underestimated. By injecting small errors into an aircraft’s systems, spoofing can create a domino effect, leading to more significant problems over time.

The potential for these minor issues to escalate into more serious safety hazards makes GPS spoofing a critical concern for the aviation industry.

As these incidents become more frequent, there is an urgent need for enhanced cybersecurity measures to protect aircraft from these types of digital attacks.

The aviation industry must consider reinforcing GPS signals, updating onboard systems to detect and reject spoofed signals, and possibly reverting to or supplementing GPS with more secure, ground-based navigation systems to ensure flight safety.

The rise in GPS spoofing incidents is a stark reminder of the evolving threats that modern technology faces, particularly in critical industries like aviation. As cyberattacks become more sophisticated, the industry needs to stay ahead of potential threats and safeguard the systems that keep air travel safe and reliable.