Quite an interesting spoofing incident

Since mid-April, Russian spoofing attacks on Polish airspace have intensified. You can clearly see this trend on the GPSWise website (just scroll back a few days, for example to April 20). These attacks have become more frequent and more advanced. In fact, nearly every aircraft flying over northern Poland has been reporting GNSS (GPS) anomalies to ATS services. This has almost become the norm.

3rd of May, we observed a particularly interesting spoofing incident. Among many aircraft affected, two gliders appeared to be deliberately targeted by Russian spoofing. These gliders were physically flying in the vicinity of Olsztyn Dajtki Airport (EPOD). This is approximately 100 km from the alleged source of the attack. 

Why does this case is so interesting?

• The attack seemed targeted at two aircraft (we have strong evidence supporting this hypothesis).

• We have the impression that the attack was carried out by very precise directional antennas.

• Although more aircraft were flying in the area, only two gliders were affected. We focus on them in this analysis below.

• The spoofing itself was technically simple (as most attacks from Kaliningrad). First, GNSS signals were jammed, then spoofed. It was a non-coherent attack.

• Both position and time were altered during the spoofing.

• Both, the standalone GNSS receiver and a GSM-assisted smartphone behaved similarly.

• Attacks like this happen regularly in this region, but this time we seem to have caught a moment when only two specific aircraft were affected in the same way.

• The spoofed positions were semi-realistic - both GNSS receivers showed realistic changes in flight direction but in incorrect, spoofed locations.

Based on our ground and airborne sensors (including ADS-B), we observed nearly continuous jamming during this period. This was confirmed by our own terrestrial data, as well as by GSPWise (SKAI Spoofing) and GPSJAM services.

The key question remains: Were only these two gliders affected by the spoofing? Most probably yes.

Few words about measurement:

• Glider 1 used a low-cost autonomous OGN tracker (not GSM-assisted), supporting multiple satellite systems.

• Glider 2 used an Android phone, assisted by cellular network.

Below is a picture showing merged tracks of both gliders (in real they were flying close to each other, approx 10km). This picture shows entire flight of both gliders.

Here is zoom on "turning corner"

And here big picture on spoofed locations:

Below is a chart showing the Signal-to-Noise Ratio (SNR in dB) and the number of available satellites (white-background chart).

Our data suggests that, despite other aircraft flying in the same area and time, only these two gliders were spoofed. Spoofing started at around 400 meters above ground level (AGL).

Other aircraft were flying at similar altitudes in the area. While it could be argued that other receivers were more resistant to interference, we believe the spoofing was strong enough to affect any civilian-grade receiver.

Commercial aircraft flying at altitudes around FL300 at that time and in that area (and there were several of them) were not recorded as spoofed by the GPSWise portal.

The counterargument to our hypothesis may be that the aircraft in that area were turning off ADS-B. We continue the observations. Please standby.

Our ground-based receivers near the border also recorded similar anomalies as those seen in the air, which suggests that the source of the attack was near Kaliningrad.