GPS Jamming

Prepare for tomorrow. Find Vulnerabilities today.

GPS Jamming and Spoofing 

An increased number of GPS jamming and spoofing attacks have been reported and documented over the past five years. With high-quality software-defined radios (SDRs) becoming more affordable, hardware capable of GPS jamming and spoofing is more available than ever. It is critical to test your PNT systems against these attacks. BroadSim is a software-defined GNSS simulator that enables users to easily model true and spoofed signals.


BroadSim is revolutionizing the way in which GNSS testing and simulation is performed yet again by enabling the simultaneous generation of jamming signals and GNSS signals all in one system. Generate complex spectrums by leveraging BroadSim’s 4 Tx outputs. BroadSim is capable of generating high fidelity jamming and interference signals of multiple types, provides Intuitive control using Skydel software and utilizes 4 RF outputs, each with multiple simultaneous constellations.

The Solution

Old jamming testing method without BroadSim


Users required to attach a separate signal generator for each interference waveform to be generated


The number of interference sources is limited to the number of signal generators available


Signal generators would need to be integrated into software or be operated real-time by an engineer


Jamming power levels were determined based on what signal level was to be received at the receiver front end independent of the location of the simulated jammer or transmit power


New jamming testing method with BroadSim


Unlimited number of interference signals can be generated with 1 RF output


Each interference signal within 1 RF output can have different power levels, modulations, and locations


Jamming can be turned on and off through the SDX GUI and API


Users can specify the location and power of jamming transmitters and BroadSim will calculate the received power at the receiver based on the location to the transmitted and user-selected loss model

Enables users to create real-world threat laydowns to better support the warfighter.

For the Joint Navigation Conference (JNC) our engineers created and designed a plugin for the computer game Kerbal Space Program (KSP) which allowed for the demonstration of BroadSim’s hardware in the loop (HILT) capability as well as the new advanced jamming feature.


The aircraft seen in the video is being controlled by user input through a joystick. The path of the actual flight is shown by the red trail. As the user is controlling the airplane in KSP, the computer is sending the location of that plane in real-time to BroadSim which is generating and transmitting the corresponding RF signals to a uBlox GNSS receiver and a spectrum analyzer. The receiver and spectrum analyzer data are simultaneously being collected by the computer and plotted on the same screen. The reported location of the receiver is shown by the green trace and the spectrum from the spectrum analyzer is shown in the lower right-hand corner (center at GPS L1).


Within the flight space of the program were 6 red spheres as seen in the video. Each red sphere represents a different jammer. Each jammer has a different frequency, power level, and modulation. The jammer (red sphere) shown in the video is a group of CW tones offset by 1MHz with different power levels.


Notice how the receiver responds when the user approaches and flies directly through the jammer. The receiver is jammed to the point in which it cannot track the GNSS signals and begins to drift in a straight line away from the jamming source.


By leveraging the Skydel 1000Hz navigation engine and USRP radios, simultaneous simulation of GNSS signals across multiple constellations can be achieved, including advanced jamming and spoofing:

GPS Open: L1-C/A, L1C, L1-P, L2-P, L2C, L5     GPS Encrypted: L1-Y, L2-Y, L1-M-AES, L2-M-AES, L1-MNSA, L2-MNSA
GLONASS: G1, G2     BeiDou: B1, B2     Galileo: E1, E5a, E5b     QZSS: L1-C/A     SBAS: WAAS, EGNOS, MSAS