When GNSS Can No Longer Be Trusted

When GNSS Can No Longer Be Trusted

Global Navigation Satellite Systems (GNSS) have long been regarded as a fundamental component of navigation and positioning. In today’s autonomous vehicles, however, their role has changed. GNSS is no longer a standalone source of positioning data but an integrated part of a complex sensor ecosystem in which accurate positioning is critical for both functionality and safety. At the same time, the threat landscape has evolved rapidly. Spoofing and jamming are already realities, but future challenges will involve a much broader range of attack vectors. And how do you test a system that is supposed to distrust its own sensor data?

Jamming, the Most Widespread Threat

Jamming is the most common threat and involves overwhelming GNSS signals with radio interference. Since satellite signals reach the Earth’s surface at power levels around -130 dBm, relatively simple transmitters can disrupt reception across large areas.

For autonomous vehicles, jamming primarily results in a loss of positioning accuracy. However, the consequences may be more far-reaching. Many functions related to HD maps, geofencing, fleet management, and V2X services rely on continuous GNSS availability. When the signal disappears, the vehicle must be able to degrade gracefully without compromising safety.

Protection against jamming is therefore largely a matter of robust system design. Integrating GNSS with IMUs, wheel-speed sensors, lidar, and camera-based localization has already become standard practice in modern autonomous platforms. The question is not whether GNSS will become unavailable, but how long the system can maintain sufficient positioning accuracy without satellite signals.

Spoofing, a Growing Problem

Spoofing is more sophisticated than jamming. An attacker generates counterfeit GNSS signals that the receiver interprets as legitimate. As a result, position, velocity, or time can be gradually manipulated without the receiver necessarily detecting the error.

For autonomous vehicles, this is particularly problematic because the reported position may still appear plausible. A vehicle could, for example, be displaced by several meters from its actual location without triggering any obvious system faults. For applications such as lane-level positioning, this may be sufficient to create hazardous situations.

Traditional GNSS receivers are often poorly equipped to handle advanced spoofing attacks. As a result, signal authentication and sensor fusion are becoming increasingly important. By continuously comparing GNSS data with inertial navigation, map matching, and environmental sensors, systems can identify inconsistencies before they lead to incorrect decisions.

Several satellite constellations are also introducing authentication services. Galileo OSNMA (Open Service Navigation Message Authentication) is one example, allowing receivers to verify that navigation messages genuinely originate from the satellite system. This reduces the risk of certain spoofing attacks, although it does not eliminate all attack scenarios.

Timing Attacks

GNSS is used not only for positioning but also as a global time reference. Many vehicle platforms synchronize their internal systems using GNSS-derived time. Manipulated timing information can affect sensor fusion, logging, V2X communication, and cybersecurity functions. As vehicles become increasingly connected, timing attacks are likely to attract greater attention.

Robust systems should therefore treat GNSS time as one source of information among several and continuously validate timing references against internal clocks and alternative synchronization mechanisms.

Threats to Sensor Fusion

Future attacks may not target GNSS signals directly. Instead, attackers may attempt to compromise the sensors used to validate GNSS data. Manipulated lane markings, altered landmarks, attacks on HD maps, or falsified V2X information can create situations in which multiple sensor sources simultaneously provide incorrect references. The result is that the sensor fusion framework loses its ability to detect anomalies.

This means that future security efforts must shift focus from protecting individual sensors to securing the entire localization chain. Resilience will become more important than precision.

How Should We Prepare?

For developers of autonomous vehicles, the conclusion is clear: GNSS can no longer be regarded as an always-available and fully trustworthy positioning source. System architectures must assume that GNSS signals will occasionally be incorrect, manipulated, or entirely unavailable. This requires redundancy through independent sensor sources such as IMUs, lidar, cameras, and map-based localization.

At the same time, systems must continuously compare information from these sources to identify inconsistencies and anomalies. Authenticated GNSS services will become an important tool, but they must be complemented by monitoring of the radio-frequency environment to detect jamming and spoofing attempts in real time. Equally important is defining from the outset how the vehicle should behave when confidence in positioning decreases. The ability to degrade functionality in a controlled manner may, in many cases, be just as important as positioning accuracy itself.

From Accuracy to Trust

Historically, GNSS development has focused on accuracy. For autonomous systems, trust is at least as important. Future positioning systems must not only know where the vehicle is; they must also be able to determine when they no longer know. This is likely where the next major step in GNSS evolution will occur. The key question will not be how many additional centimeters of accuracy can be achieved, but how effectively a system can withstand intentional and unintentional disruptions in an increasingly complex and threat-prone environment.