Distributed Multi-Antenna GPS Spoofing Attack using Off-The-Shelf Devices

Abstract

Global Positioning System (GPS) signals, though critical to numerous civilian and industrial applications, remain susceptible to spoofing due to their unencrypted nature. While many existing defenses focus on single-Antenna spoofing, multi-Antenna spoofing has been theorized as a significantly more potent threat. However, practical realizations of multi-Antenna spoofing have been limited by the stringent requirement of nanosecond-level synchronization. In this paper, we present the first low-cost, end-To-end implementation of a distributed multi-Antenna GPS spoofing attack using off-The-shelf devices. We systematically examine the technical prerequisites, establishing sub-50 ns alignment among spoofing signals as the requirement for successfully spoofing standard GPS receivers. Building on this analysis, we design a multi-Antenna spoofing system that continuously monitors and adaptively adjusts relative signal timing, mitigating hardware imperfections and oscillator drift in real time. Our prototype, built using HackRFs and Raspberry Pis, demonstrates that it can successfully spoof devices such as Android phones and commercial GPS receivers. Through controlled experiments in an anechoic chamber, we show that our attack can steer these receivers to falsified locations with an average error of 30∼m, while also evading detection by robust angle-of-Arrival-based systems. Finally, we discuss practical considerations for wide-Area deployments, along with countermeasures that may mitigate this emerging threat.