Blog Editor’s Note: This article was written by RNTF President, Dana A. Goward.
GPS circle spoofing discovered in Iran
–
In March, the U.S. government received an unusual inquiry about GPS disruptions. It
was from a user in Iran reporting what appeared to be “circle spoofing” — a phenomenon that had only previously been observed in China.
“Some of GPS devices received fake signal and show the fake valid location. Yesterday I test a device, it can get signal and give real position. After 10 minutes the device show moving around a big circle in tehran by 35 km/h speed. I can’t fix this problem by restarting the device.
“The GPS module time is correct but the location is not. I attach Excel file of data and map of the track. I can’t get any response from Communications Regulatory Authority (CRA) of The I.R. of Iran. Do you know about this?”
Here is one of the images provided by the reporting source:
A little internet research showed that the spoofing was taking place at or near Iran’s “AJA University of Command and Staff,” formerly called the “War University.” It is the staff college for Iran’s Army.
Reports to the U.S. government about GPS disruption are normally listed on the U.S. Coast Guard’s Navigation Center website. This one has not been posted. Coast Guard officials said that it is because the report was received by another agency and did not contain sufficient information. Attempts by Coast Guard personnel to contact the reporting source for more information to enable the report to be posted were unsuccessful.
GPS spoofing is often easiest to detect in maritime areas. Ship automatic identification system (AIS) transmissions include location data and are detected by satellite. The data is then aggregated and used by various companies for a number of applications. Viewing ship location reports over time has revealed thousands of ship receivers spoofed to airports in Russia, and hundreds spoofed into circles (presumably around the spoofing device) in China.
Clearly, though, any system that aggregates and displays GPS location data can help detect wide area spoofing activity.
Strava is a mobile app for runners and cyclists. The company aggregates location data and displays it on a heat map to highlight athletes’ favorite routes.
The Strava heat map for Tehran shows that circle spoofing has also been employed in at least one other location. The below screenshot shows GPS-enabled fitness trackers circling a government complex that houses offices for several defense and technology-related organizations.
Iran was the first nation to publicly announce it had the ability to spoof GPS signals and seems to have used it to great advantage.
In 2011, a CIA drone that had been operating across the border in Afghanistan landed at an Iranian airfield. Iran’s government claimed that its forces had sent false signals to the drone’s GPS receiver in order to capture it.
At first, U.S. government officials said that this kind of spoofing was not possible. Several months later, Prof. Todd Humphreys demonstrated how it could be done to a drone at the University of Texas football stadium.
U.S. officials then admitted that spoofing was possible, but said it wasn’t what happened to the CIA drone. At the same time, they offered no alternate explanation of how the drone was captured.
In 2016 Iranian forces captured two U.S. Navy boats that had strayed into Iran’s territorial waters. This was just after President Obama had succeeded in pressing that nation to give up nuclear weapons research, and was on the same day as Obama’s last State of the Union address. There was little reason for the U.S. Navy boats to have veered so far off course, and it was clear that the Iranian Navy was waiting for them.
Many speculated that Iran had spoofed GPS signals to lure the U.S. Navy boats into Iranian waters. U.S. officials have denied that this was the cause of the incident, but have not publicly offered an alternate explanation other than “mis-navigation.”
During heightened tensions in the Persian Gulf in 2019, Iran shot down a U.S. surveillance drone and President Trump seemed ready to launch a retaliatory strike. This was called off at the last minute. According to some reports, the strike was canceled because of the likelihood the drone was in Iranian airspace at the time.
At about the same time British intelligence was warning merchant vessels in the area that Iran was attempting to use GPS spoofing to lure them into Iranian waters as a pretext for seizing the ships.
While the Middle East has been a hotbed of jamming and conventional spoofing for years, these recent circle-spoofing incidents are the first of the kind we know of in the region. It may well be that Iranian forces have recently received equipment from China and are experimenting with it. They could also be using it to deter GPS guided drones and disrupt other surveillance systems in the vicinity of sensitive government facilities.
Dana A. Goward is president of the Resilient Navigation and Timing Foundation. The non-profits C4ADS and Skytruth contributed to this article.