GNSS-WASP: GNSS Wide Area SPoofing

OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 4.82 MB)

Author / Producer

Tibaldo, Christopher Sathaye, Harshad

Date

2025

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 4.82 MB)

Data

Rights / License

In Copyright - Non-Commercial Use Permitted north_east

Abstract

In this paper, we propose GNSS-WASP, a novel wide-area spoofing attack carried by a constellation of strategicallylocated synchronized transmitters. Unlike known attacks, which are constrained by the attacker’s ability to track victim receivers, GNSS-WASP manipulates the positions measured by all the receivers in a target area without knowing the victim’s positions. This allows GNSS-WASP to spoof a swarm of victims to another location while preserving their true formation (i.e., their relative distances). This opens the possibility of advanced attacks that divert entire fleets of vehicles and drones in a large area without the need to track specific victims. As such, GNSS-WASP bypasses state-of-the-art spoofing countermeasures that rely on constellations of receivers with known distances and those that rely on sudden, unpredictable movements for spoofing detection. While previous works discuss the stringent requirements for perfect spoofing of multiple receivers at known fixed locations, GNSS-WASP demonstrates how to spoof any number of moving receivers at unknown positions in a large area with an error that can remain hidden behind the legitimate noise. In addition to extensive simulations, we implement a prototype of GNSS-WASP with off-the shelf software-defined radios and evaluate it on real GNSS receivers. Despite the error introduced by the proposed attack, GNSS-WASP can successfully spoof two receivers while maintaining their relative distance with an average error of 0.97 m for locations 1000 m away from the reference position. Finally, we also highlight possible countermeasures.

Permanent link

https://doi.org/10.3929/ethz-b-000731910

Publication status

published

External links

https://www.usenix.org/conference/usenixsecurity25/presentation/tibaldo north_east

Editor

Book title

Proceedings of the 34th USENIX Conference on Security Symposium

Journal / series

Volume

Pages / Article No.

7039 - 7058

Publisher

USENIX Association

Event

34th USENIX Security Symposium

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Organisational unit

03755 - Capkun, Srdan / Capkun, Srdan check_circle

Notes

Conference lecture held on August 15, 2025.

Funding

180545 - NCCR Automation (phase I) (SNF)

Related publications and datasets

More

Show all metadata