Chronicles of Sensor Spoofing

Era 2: GPS/GNSS Spoofing

As drones moved into wide-area surveillance and BVLOS (Beyond Visual Line of Sight) operations, they became critically dependent on satellite navigation. This dependency created a massive hardware vulnerability. Adversaries stopped trying to confuse the camera and started attacking the platform's fundamental understanding of where it was located.

Tactical illustration of GPS/GNSS spoofing on a military drone, showing a ground station emitting a conflicting signal that hijacks the navigation path (Era 2: image_12.png)

Look at the diagram above. A high-altitude military drone is shown flying. Faint cyan lines from satellites establish its true location. But on the ground, a mobile 'Spoofing Station' (a truck with a specialized antenna) is emitting powerful, pulsating orange radio waves. A graphical interface overlay ('SPOOFING STATUS: TAKEOVER DETECTED') projects the signal hijack. Arrows show the ground station forcing its conflicting coordinate data over the weak satellite feed, successfully steering the platform off its intended route (shown as the deviation between the planned green path and the hijacked red path).

The Exploit: Overpowering the faint signal

Drones rely on faint GPS/GNSS satellite signals (roughly -130 dBm) to calculate their coordinates. An attacker broadcasts a fake GPS signal on the same frequency (e.g., L1 at 1575.42 MHz) using a powerful ground transmitter (often >10 dBm). This is a brute-force hardware takeover. The drone's receiver, programmed to lock onto the strongest signal, accepts the fake coordinates and rejects the true satellite data.

Hijacking the PNT Matrix

This is a fundamental failure of the Position, Navigation, and Timing (PNT) matrix. By controlling the GPS input, the attacker can force the drone to believe it is miles away from its true location. A skilled adversary can utilize this to "steer" the drone into a mountain, force an emergency landing in hostile territory (relic of the RQ-170 capture), or simply render the Autonomous Target Tracking (ATT) matrix useless as the drone drifts off station, confused about its own spatial context.

The Countermeasure Arms Race

Military Fix: CRPA (Controlled Reception Pattern Antennas)

Defense integrators responded with sophisticated antenna hardware. CRPA arrays use multiple distinct antennas and sophisticated null-steering algorithms. CRPA listens to the arrival angle of incoming signals. It detects that the true GPS is coming from the sky, while the loud spoofing signal is coming from the ground. CRPA mathematically "steers a null" in the direction of the ground station, physically ignoring the interference.

SkyGuard Mitigation: Visual Odometry & VST

While SkyGuard leverages CRPA hardware on our FORTRESS and RANGER platforms, our primary software defense is **Visual Odometry**. We teach the drone to look at the ground and navigate by matching physical landmarks in real-time, completely bypassing the invisible radio spectrum. Our proprietary depth engine ensures that even if CRPA fails, O.T.I.S. can cross-reference the spoofed GPS data against the VST spatial mesh. If the GPS claims the drone is over open water, but the spatial mesh shows it is over a dense urban center, O.T.I.S. rejects the GNSS input and switches to full Visual Inertial Odometry (VIO).

Passive kinetic mitigation. mathematically undeniable geometry. See the full O.T.I.S. dashboard.