GPS Spoofing Incidents: Black Sea, Drones, and Civil Aviation

GPS spoofing—the deliberate transmission of false GPS-like signals to deceive receivers into reporting incorrect positions—represents a more sophisticated electronic warfare technique than simple jamming. While jamming causes receivers to lose position fix (obvious to operators), spoofing causes receivers to believe they are at a different location, potentially causing vehicles, aircraft, or weapons to navigate to wrong destinations without any immediate indication of error. The Russia-Ukraine conflict has generated extensive documentation of GPS spoofing in both military and civilian contexts, accelerating defensive research and operational adaptation worldwide.

Maritime Spoofing in the Black Sea

Black Sea maritime spoofing incidents have become sufficiently common to attract systematic academic and journalistic investigation. The most widely studied pattern involves ship AIS systems reporting positions near airports—particularly Gelendzhik Airport, Sochi Airport, and Anapa Airport along the Russian Black Sea coast. Vessels' AIS transponders, which derive position from GPS receivers, reported coordinates at airport centers rather than their actual sea positions. C4ADS analysis of AIS data identified over 9,800 ship position anomalies of this type in a two-year period around Crimea, representing a scale of spoofing activity unprecedented in global maritime history.

The airport-position spoofing pattern is understood to represent Russian drone defense systems: spoofing GPS signals to show positions at airports rather than at ship/vehicle locations would cause GPS-guided drones targeting ships or vehicles to navigate toward airport coordinates instead, providing a stand-off protective effect. This interpretation is supported by the concentration of spoofing near high-value Russian naval assets and military installations, with spoofing intensity increasing during periods of Ukrainian drone threat elevation.

Drone GPS Spoofing Countermeasures

Ukraine has developed and received from partners several countermeasures to reduce GPS spoofing effectiveness against Ukrainian military drones. Multi-constellation receivers that simultaneously track GPS (US), Galileo (EU), and GLONASS (Russia) signals can cross-check consistency across constellations—spoofing all three simultaneously is significantly more technically demanding than spoofing GPS alone. Signal genuineness detection based on signal-to-noise ratio anomalies and time of arrival consistency can flag spoofed signals. Encrypted military GPS signals (P(Y)-code and M-code) from US-provided military receivers are not vulnerable to civilian-method spoofing attacks, though implementing these in small tactical drones is constrained by size, weight, power, and technology transfer considerations.

GPS Spoofing Detection Methods

Civil Aviation Spoofing Incidents

Civil aviation GPS spoofing near conflict zones has created safety incidents distinct from pure jamming. Several passenger aircraft approaching Moscow Vnukovo Airport between 2018 and 2022 reported GPS indicating they were located at Vnukovo VOR (a navigational fix), apparently due to location spoofing around the Kremlin security perimeter. In 2023-2024, EASA documented multiple incidents of commercial aircraft over the Eastern Mediterranean and Black Sea regions where GPS was providing positions offset from inertial reference positions by multiple kilometers—the hallmark of spoofing rather than jamming.

The practical safety concern in aviation is that modern GNSS-dependent navigation procedures—RNAV approaches, Required Navigation Performance (RNP) approaches, and GNSS-based separation procedures—assume GNSS position integrity. Spoofing that degrades position accuracy below required integrity levels may not trigger receiver integrity alerts if spoofing is configured to maintain plausible geometric consistency. Aviation safety research has identified this as a critical gap in current GNSS integrity monitoring standards.

Ukrainian Military Drone Spoofing Adaptations

Ukrainian military drone operators and manufacturers have adapted to the GPS spoofing environment through multiple approaches over the 2022-2024 period. Visual navigation systems that use optical flow and terrain image matching to supplement or replace GPS have been integrated into longer-range drones. Machine learning-based terrain matching, where onboard computers compare real-time camera imagery against pre-loaded satellite imagery databases, provides position derivation independent of GNSS signals. Commercial drone manufacturers Skydio (US) and Autel (although Chinese-owned) have incorporated spoofing detection algorithms in firmware updates distributed to Ukrainian operators.

The adaptation has been a genuine engineering challenge: adding optical navigation and spoofing-resistant guidance increases drone cost, complexity, power consumption, and maintenance requirements. For low-cost expendable kamikaze drones where GPS-only navigation provides sufficient accuracy for the intended attack profile, implementing multi-modal navigation may be cost-prohibitive, requiring operational adaptations instead (attacking during periods of reduced spoofing, approaching from directions where spoofing coverage is assessed as weaker).

FAQ

How does the airport-position spoofing near Crimea work technically?

The spoofing transmits false GPS signals that, when received by a GPS receiver, produce a computed position at the target airport location rather than the receiver's true location. This requires a spoofer transmitting on GPS frequencies with calculated pseudorange values consistent with the spoofed airport location, and sufficient power to overwhelm genuine satellite signals. The receiver measures what appears to be consistent satellite range data pointing to the airport position, computes that position as its location, and navigation systems including AIS transponders report that position. The technical implementation requires signal generation hardware capable of computing and transmitting multiple satellite signal replays simultaneously.

Can ship navigators detect when their GPS is being spoofed?

When spoofing produces an obviously impossible position (such as being at an inland airport when the ship is at sea), experienced navigators immediately recognize the discrepancy by comparing GPS position with visual observation, chart plotter context, or radar picture. However, gradual spoofing that moves the reported position incrementally may not immediately trigger recognition, and automated navigation aids that sound alarms only for large rapid position jumps may not alert crews to slow spoofing drift. Best practices for mariners in spoofing-affected areas include systematic cross-checking of GPS position with radar-derived positions and visual observations.

What is the difference between the Kremlin security spoofing and military spoofing?

The Kremlin security spoofing (affecting Moscow civil aviation) appeared to be designed to protect the Kremlin's security perimeter from GPS-guided drone threats by displacing GPS-derived positions from the true Kremlin location—aircraft approaching for landing near Moscow would show positions offset from actual, deterring GPS-guided threats without affecting pilots who were visually and instrumentally monitoring the approach. Military conflict-zone spoofing is more aggressive in scale and sometimes serves combined objectives: protecting high-value assets from incoming GPS-guided weapons while degrading enemy navigation capabilities.

Does Ukraine's civilian population experience GPS spoofing effects?

Yes. Smartphone GPS spoofing effects that cause map applications to show incorrect positions have been reported by civilians in cities and regions closer to the frontline. Rideshare and delivery drivers have reported GPS map positions that placed their vehicles in incorrect streets or off roads entirely. These effects are generally tolerable nuisances for civilians but create operational complications for logistics companies, emergency services, and anyone depending on GPS-based navigation in affected areas. Some Ukrainian cities close to Russian electronic warfare coverage have removed GPS-dependent features from digital city services as a result.

Are commercial aircraft in danger of GPS spoofing when flying over Ukraine?

Commercial aircraft flying over Ukraine have been rerouted since February 2022 due to general conflict risk, significantly reducing civilian overflight in Ukrainian airspace. Aircraft flying near Ukrainian airspace—over Poland, Slovakia, Hungary, Romania, and Moldova—have received GNSS anomaly reports but typically at lower severity than aircraft closer to the conflict zone. Airlines operating these routes follow EASA guidance requiring crew training in GNSS-degraded procedures. The primary risk is GPS-based approach procedures in degraded GPS environments; traditional ILS and VOR approaches remain available as backup at airports affected by GNSS anomalies.

Sources

1. C4ADS — "Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria," c4ads.org 2019 (updated analysis 2022-2024)
2. EASA Safety Information Bulletin — "GNSS Vulnerabilities Including Spoofing," easa.europa.eu 2024
3. Humphreys, Todd — "The GPS War Over Ukraine," GPS World, May 2023
4. European GNSS Agency (GSA) — "GNSS User Technology Report," gsa.europa.eu 2023
5. NATO Communications and Information Agency — "GNSS Vulnerability Assessment for Allied Operations," ncia.nato.int 2023 (restricted; referenced in open sources)