The government informed Parliament on Monday that flights operating near Delhi airport have faced incidents of GPS data manipulation, also known as GPS spoofing. Similar reports of spoofing and interference with the Global Navigation Satellite System (GNSS) have also emerged from other airports in India, including Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai.
What is GPS spoofing?
Signals from the Global Navigation Satellite System (GNSS) are a big part of how aircraft figure out their exact position and get the right time stamp needed for communication, navigation and surveillance. Spoofing creates fake GNSS signals that look real enough to fool the system.
These signals trick their navigation systems into calculating wrong positions, speed, or time. Spoofing is a more advanced form of interference. In a spoofing attack, a radio transmitter sends fake GPS signals to the target receiver, making it believe it is somewhere it is not.
GPS spoofing can have serious impact in both military and civilian settings. In wars, the side using GPS technology has an advantage. But if the GPS receivers of the opponent can be manipulated, it could control autonomous vehicles or drones that rely on GPS.
If spoofing works, it can cause errors in route or altitude, which could become a threat. However, India’s conventional navigation backup systems ensured that flight routes remained normal and safe.
In India, the WMO, part of the Wireless Planning & Coordination Wing under the Ministry of Communications, manages the radio spectrum and works to ensure it is free from interference. The AAI oversees civil air navigation across India.
What happened at Indian airports – Explained
Civil Aviation Minister K K Rammohan Naidu told the Rajya Sabha in a written statement that the Airports Authority of India (AAI) has sought assitance from the Wireless Monitoring Organisation (WMO) to identify the source of the interference. This comes alongside standard procedures issued by the Directorate General of Civil Aviation (DGCA) for real-time reporting of such incidents around Delhi.
According to the Civil Aviation Minister, spoofing signals were detected near Delhi airport during GPS-based landing procedures on Runway 10. “Some flights reported GPS spoofing in the vicinity of IGIA, New Delhi, while using GPS-based landing procedures, while approaching on RWY 10. Contingency procedures were used for GPS spoofed flights approaching RWY 10,” Naidu said, according to ANI. IGIA, located in the national capital, is India’s busiest airport, and RWY refers to the runway.
The civil aviation minister did not specify when these incidents occurred, GPS and GNSS spoofing have been increasing in India in recent months. In November alone, multiple incidents around the Delhi airport were reported, which is India’s largest airport with four runways.
Earlier cases: Recent Delhi Airport technical scare
The cyberattack announcement comes weeks after over 400 flights were delayed at IGIA due to a technical problem in the Air Traffic Control (ATC) system. The issue was detected in the Automatic Message Switching System (AMSS), which sends critical flight plan data to the Auto Track System (ATS). When the system failed, officials had to manually process flight plans, causing delays.
Naidu said that the aviation sector faces global cybersecurity threats in the form of ransomware and malware. “To enhance cybersecurity against global threats, AAI is implementing advanced cybersecurity solutions for IT networks and infrastructure. These measures follow guidelines from the National Critical Information Infrastructure Protection Centre (NCIIPC) and the Indian Computer Emergency Response Team (CERT-In),” he said.
Over 100 cases in two months
More than 100 cyber attacks have been reported in the Kolkata Flight Information Region (FIR) in just the last two months, according to TOI. A senior official told TOI that two to three flights a day have been affected. These attacks tamper with the Global Navigation Satellite System (GNSS), which aircraft depend on to know their exact position, route and timing. According to the report, most of the Kolkata cases happened on three busy routes: Yangon–Kolkata, Dhaka–Kolkata and Mumbai–Kolkata.
In response to the incidents, a high-level meeting was held where the WMO was asked to allocate more resources to identify the source of spoofing, using approximate location details provided by the DGCA and AAI.
The DGCA made it mandatory in 2023 for all such incidents to be reported, and regular updates are now being received from major airports, including Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai. Besides GPS spoofing, the minister said that aviation faces global cybersecurity threats such as ransomware and malware.
