Root Cause Analysis of the Delhi ATC / GPS Interference Incident

[Amber G.]

@admin: Starting a new thread. It can be merged with other suitable thread if of value.

Root Cause Analysis of the Delhi ATC / GPS Interference Incident

Several credible news outlets (Livemint, NDTV, and others) have now reported that the massive disruption at Delhi’s Indira Gandhi International Airport — which affected over 800 flights on 7 November 2025 — stemmed from a failure in the Automatic Message Switching System (AMSS) and suspected GPS/GNSS interference or spoofing. The Air Traffic Controllers’ Guild says it had flagged automation vulnerabilities months earlier, while the DGCA and Airports Authority of India have ordered investigations into both the system malfunction and possible navigation-signal anomalies.

From a technical standpoint, this appears to be more than an isolated glitch. Reports point to GNSS spoofing — where counterfeit GPS-like signals mislead receivers about their position or timing — coinciding with the AMSS failure that crippled ATC message routing. Such interference can arise accidentally (equipment faults, local jammers) or deliberately (testing, cyber-attack, or “spoofing experiments”). Similar regional incidents have been logged in the Black Sea, the Middle East, and parts of Russia, where multiple aircraft or ships simultaneously reported impossible positions. If confirmed, this would mark one of the first major civil-aviation disruptions linked to GNSS manipulation in India.


The security implications are significant. Modern air-traffic and airline operations rely heavily on satellite navigation for not just positioning, but also timing, ADS-B location broadcasts, and synchronization of ground systems. A successful spoofing event — even short-lived — can trigger cascading delays, false targets on radar displays, or timing errors in communication networks. Beyond operational inconvenience, this raises questions about critical infrastructure resilience and the adequacy of existing safeguards against intentional signal manipulation.

For India, this also underscores the strategic importance of developing and integrating NAVIC (Indian Regional Navigation Satellite System) more deeply into both civil aviation and critical infrastructure. A multi-constellation approach — using NAVIC alongside GPS, Galileo, and GLONASS — could provide redundancy and authentication options that help isolate or reject spoofed signals. The learning here is clear: indigenous capability and diversification of navigation sources are not just matters of pride, but of operational security.

It would be useful to gather verifiable data, observations, or logs from those in the aviation, RF, or systems-engineering domains — e.g., any recorded GNSS anomalies, RAIM alerts, ADS-B inconsistencies, or timing deviations observed around 6–8 Nov. If anyone has insights on how the AMSS fault interacted with navigation data, or knows of parallel incidents elsewhere, please share.

Let’s use this thread to piece together a technically grounded understanding of what happened — separating speculation from evidence — and discuss what measures (redundancy, monitoring, or procedural) might be necessary to prevent a repeat.

- Amber G.

[Amber G.]

References:

Delhi airport's ATC glitch: Flight operations normal; govt directs officials to conduct detailed root-cause analysis

The article reports that on 7 November 2025 the Delhi airport (IGI) experienced a technical issue in its air traffic control (ATC) system, which disrupted over 800 flights.

- Multiple incidents of GPS spoofing, where false GPS signals are broadcast to mislead receivers, affecting aircraft navigation/monitoring systems.

“GPS spoofing” is explained - adversarial manipulation of GPS-receiver data, causing receivers to believe they are elsewhere or receive false timing/location info.

- The disruption was compounded by runway/approach changes (due to eastern winds) in Delhi, increasing congestion.
mint

- August 2025 report by the Parliamentary Standing Committee on Transport calling for a time-bound overhaul of India’s ATC automation systems, warning that the technology is outdated especially at high-density airports (Delhi, Mumbai).

The regulatory authority (Directorate General of Civil Aviation – DGCA) is reported to be investigating the spoofing incident

'Flagged Issues In July': Air Traffic Controllers After Delhi Airport Glitch

-This article focuses on statements by the ATC Guild of India, which say that they had written to the Airports Authority of India (AAI) back in July, flagging issues and calling for upgrades to air navigation/automation systems.

-They pointed out that India’s automation system should be benchmarked against the European Eurocontrol and the U.S. Federal Aviation Administration (FAA), which use modern tech, real-time data sharing, AI threat detection etc.

[Amber G.]

Notable incidents (A quick list)

Delhi, Nov 2025: widespread delays (~800 flights) tied to AMSS failure and reported GNSS interference/spoofing; authorities investigating. This exposed how a messaging system fault and navigation anomalies can coincide and cascade.

Black Sea (2016–2017 and repeated events): many ships’ GPS solutions jumped inland/onto an airport — analysis concluded regional spoofing sources produced false positions across many receivers. This showed how area spoofing can simultaneously affect many users and create a plausible but false common track.

Middle East (2023–2024 reporting): multiple civilian aircraft reportedly experienced misleading GNSS guidance near Iranian airspace — raised risk of near-airspace incursions.

Wider pattern in Russia/Crimea (2016–2024): thousands of spoofing events observed in multiple regions according to NGO and academic analyses — indicates both deliberate/state-level use.

For India: (Public information)

- The Indian government told Parliament that between November 2023 and February 2025, around 465 incidents of GPS/GNSS interference or spoofing were reported in airline operations in the border regions around Amritsar and Jammu.

-The DGCA\ has been compiling data on such occurrences since 2023 instructing airlines to report interference events.

- Per India today - A report that at Indira Gandhi International Airport (Delhi) there were suspected spoofing events in early November 2025 coinciding with runway/ILS changes and ATC messaging glitch
(@admin - I am just quoting / citing the Amritsar/Jammu region data and the Delhi event (easily confirmed by reputable news papers)..{not others.. for obvious reasons)

[Amber G.]

Technical Glitch, GPS spoofing disrupt 350 flights at Delhi Airport
Synopsis
Flight operations at Delhi’s Indira Gandhi International Airport were disrupted on Friday morning after a malfunction in the Air Traffic Control (ATC) messaging system coincided with GPS spoofing incidents over the capital’s airspace, forcing a shift to manual flight planning. Over 350 flights were delayed through the day before the issue was resolved, the civil aviation ministry said.


Read more at:
https://economictimes.indiatimes.com/in ... aign=cppst

[A_Gupta]

AI adds: "Range: The spoofing signals reportedly started affecting aircraft approximately 60 nautical miles from the airport." {Delhi}

[Amber G.]

Happened to talk/discuss this with an expert -
Few points -- Root causes / vulnerabilities
Civil GNSS signals are unencrypted and unauthenticated. Civil L1 C/A and many broadcast signals lack cryptographic authentication; inexpensive transmitters can mimic them. (Military signals are secured, but civil receivers typically don’t use them.)

-Dependency on GNSS for many functions. Modern ATC/aircraft operations and airline flight-management systems increasingly rely on GNSS for RNAV, ADS-B position stamping, datalinks and time-synchronization. Where GNSS is primary, spoofing can create operational confusion.

- Lack of redundant PNT safeguards. If ground systems or aircraft lack robust inertial sensing, cross-checking, or authentication, spoofed inputs can be accepted.

-Operational complexity & single points of failure. The AMSS and flight-data distribution chain are critical — an AMSS software/firmware fault or overload forces manual processing and magnifies any concurrent navigation anomalies into system-wide disruption. (Delhi reporting cites AMSS malfunction in parallel with spoofing reports.)

[Tanaji]

This is a strange one. There were two failure modes: failure of the AMSS and the GPS system. Were those related? Did GPS failing cause issues on AMSS? One of the reports mentioned “server failure” but this could be DDM reporting: these systems are highly redundant and a server failure cannot cause the system on the whole to fail.

The question now is IF the failures were unrelated (i.e. no cause and effect) then it is fairly certain that a state level actor is at play - no one else would have the resources to cause both at once.

The GPS spoofing is of course deliberate. Either a jehadi parked himself next to the airport and stuck out a big transmitter that put out watts of radio power and effectively drowned out valid GPS signals (or used multiple transmitters but unlikely). The other option is Starlink sats or any other LEO sats are doing the spoofing. That Starlink does PNT is obvious:
https://insidegnss.com/spacex-details-s ... c-inquiry/

Does it do so in the same band? What was the issue: was it specifically spoofing where the receiver finds wrong coordinates like the Black Sea incident or was it just interference? The involvement of Starlink PNT would cause interference if in the same band but not spoofing unless it was deliberate. It should be possible to correlate what Starlink sats were overhead at the time of the incident.

If the AMSS failed because of an overload situation or similar resulting from GPNS spoofing then the solution is self evident.

We need to start thinking of similar DoS attacks on airports as we grow relevant. The drone excursions we see at Western airports that result in disruptions can easily be done here.

[SriKumar]

Is there any note or report on how affected people became aware that there was a problem.

[Amber G.]

AI adds: "Range: The spoofing signals reportedly started affecting aircraft approximately 60 nautical miles from the airport." {Delhi}

Thanks. Adding - For the record: Details - Two links:

TOI: 1st ever ‘spoofing’ scare at Delhi airport: Pilots misled by fake GPS signals, forced to divert flights

Zee:Pakistan Plotting Passenger Aircraft Crash In Delhi? GPS Spoofing Sparks Security Concerns

Per these reports:
- The source of spoofing may be linked to Pakistan (implying a deliberate hostile act) targeting civil aviation in India, although it frames this notion as suspicion/possible.

- The article raises the alarm that the spoofing might be more serious than benign interference — in fact, that the purpose could be to cause a passenger aircraft crash or major disruption.

-The article interlinks this with previously reported spo­ofing incidents in border regions and the broader context of over 465 GPS interference/spoofing events between Nov 2023–Feb 2025, especially near the India-Pakistan border.

- My take: (FWIW):
What we know:
- Spoofing is the deliberate broadcast of counterfeit GNSS (e.g., GPS) signals so that receivers compute wrong positions or time.
- The article implies that aircraft or navigation systems around Delhi received such misleading signals.
- Earlier reports (Financial Express) say one key root cause of disruption at IGI was the AMSS (Automatic Message Switching System) malfunction, which forced manual processing of flight

Speculative at present:
-Whether crippling the AMSS and spoofing GNSS are co-incident or part of a single orchestrated attack ?

(I have few more thoughts.. may be later)

Given the gravity of the scenario, I invite inputs from those with relevant observations:

-GNSS receiver logs (civil or airport ground station) around Delhi or within ~100 km of IGI on the dates in question (first week of Nov 2025) — especially looking for anomalous pseudorange jumps, Doppler inconsistencies, RAIM/FF alerts.

- Aircraft approach/departure track deviations or ADS-B anomalies logged by airlines or monitoring platforms in the same period.

- ATC/AMSS system logs (timestamp discontinuities, message delays, manual intervention flags) from IGI or nearby centers around Nov 6-8 2025.

-Any RF-spectrum or emitter detection data (fixed or mobile) indicating a ground-based spoofing source in the region.

- Correlations with regional defence/military activity or border jamming reports that could contextualize interception or diversion of GNSS signals.

Let’s build a technically grounded timeline of what happened → what was affected → how (root-cause) → what can be done operationally/technically to strengthen resilience.

If you have data or know where to access it, please share or point to the source.

[Amber G.]

Additional Data :

DGCA) is reported to be actively compiling data on GPS interference/spoofing incidents. One official said there were “at least eight such instances” at Delhi in recent days (domestic + international flights) and that the regulator is collecting anonymised logs to better understand the trend.

(The data collection effort follows a circular issued in 2023 requiring airlines to report GNSS interference.)

The report emphasised that while most prior incidents in India were along border areas, the fact that they are now being reported in the congested Delhi airspace is especially concerning.


Several outlets report that the spoofing incidents in Delhi included false navigation data and terrain warnings. Eg::

“Aircraft flying over Delhi have faced disruptions … pilots and air-traffic controllers reported receiving false navigation data, including incorrect aircraft positions and misleading terrain warnings, particularly within a 60-nautical-mile radius of the national capital.”


A pilot said “such incidents are rare in Delhi … I encountered spoofing on all six days of my operations last week.”

"The region of interference is cited as up to ~60 nautical miles from Delhi. (Many news papers)

- The disruption at Delhi included two concurrent failures:

A malfunction of the Automatic Message Switching System (AMSS) in ATC/aircraft flight-plan messaging that forced manual work-arounds.

A cluster of GNSS spoofing/interference episodes affecting aircraft navigation. The conjunction of these failures is .. “Delhi’s Automatic Message Switching System … and GPS navigation signals over northern India faltered almost simultaneously … less like coincidence and more like a coordinated vulnerability.”


The regulator apparently accelerated the implementation of a ground-based fallback navigation system because of the spoofing risk. F

Wider pattern: It’s not just Delhi. The reports cite 465 GPS interference/spoofing instances in the India-Pakistan border region (Amritsar, Jammu) between Nov 2023 and Feb 2025.


- Some Key Observations (for Technical Discussion)

The fact that spoofing/false navigation data were reported in a congested region (60 NM around Delhi) is especially alarming: navigation errors here could lead to proximity/safety issues.

The concurrence of ATC messaging system failure + GNSS spoofing suggests systemic vulnerability rather than isolated malfunction.

The quick regulatory response (accelerating ILS upgrade) is a practical indicator that ground-based fallback is being emphasised.

Though many incidents have been along border areas, moving into high-density airspace like Delhi signals an escalation in risk profile.

The data collection by DGCA suggests the authorities expect more incidents and are trying to formalise awareness and logging — which means future reports may produce richer technical logs.

[Amber G.]

Grok Uvach:

GPS spoofing at Delhi's IGI Airport is a confirmed issue, with DGCA probing multiple incidents causing flight disruptions, as reported by aviation authorities and news outlets. This tactic, often linked to adversarial nations like Pakistan per security analyses, mimics signals to mislead navigation—pilots switched to manual modes successfully. Attributing it solely to domestic governance ignores global patterns in GNSS interference near tense borders. India bolsters defenses amid rising such threats.

[Tanaji]

https://indianexpress.com/article/citie ... -10351280/

While sparse, this is what AMSS does. It helps the ATC to prioritise flight arrivals and departures. I dont think it has any role to play in actual flight separation etc

Some random AI uvacha:
Role of the Automatic Message Switching System (AMSS) in Aviation
Communication and Data Exchange
AMSS is a digital platform that facilitates the sharing of flight plans between airlines and Air Traffic Control (ATC).
It allows for real-time communication, ensuring that vital information about aircraft movements is transmitted efficiently.
Flight Safety and Coordination
The system plays a crucial role in maintaining flight safety by enabling ATC to monitor aircraft movements and issue clearances.
It helps manage airspace effectively, especially in busy airports, by coordinating the flow of information.
Technical Specifications
AMSS supports a variety of message formats, including structured data, which enhances the security and reliability of communications.
It is designed to handle a high volume of messages, which is essential for major airports that manage thousands of flights daily.
Transition from Older Systems
AMSS is gradually replacing the older Aeronautical Fixed Telecommunication Network (AFTN), which has limitations in data handling and security.
The transition to AMSS began in earnest in the early 2010s, driven by the need for improved data exchange capabilities in modern aviation.

[Tanaji]

So is it a reasonable theory that GNPS spoofing led to messages overloading the AMSS? For example GNPS gets spoofed -> aircraft thinks its location is somewhere else ie delay -> messages get sent on AMSS -> happens to large number of aircraft -> AMSS overload and crashes.

IMHO the above is only true if the aircraft sends automated messages on AMSS based on its location as reported by GNPS. Right now I have no way of verifying if this is true.

[Amber G.]

T...

The question now is IF the failures were unrelated (i.e. no cause and effect) then it is fairly certain that a state level actor is at play - no one else would have the resources to cause both at once.

The GPS spoofing is of course deliberate. Either a jehadi parked himself next to the airport and stuck out a big transmitter that put out watts of radio power and effectively drowned out valid GPS signals (or used multiple transmitters but unlikely). The other option is Starlink sats or any other LEO sats are doing the spoofing. That Starlink does PNT is obvious ..

Yes, satellites could theoretically spoof aircraft GPS by broadcasting fake signals mimicking authentic GNSS transmissions, ...confusing receivers if the counterfeit signals are stronger or timed precisely... However, practical spoofing is usually done, as you said, via ground-based or low-altitude transmitters for targeted areas ... as they can overpower real satellite signals locally without needing orbital access.

Satellite-based attacks would demand compromising GPS constellations or something much complicated, making them .. harder to execute undetected.

Anyway we would know soon..

[Amber G.]

Is there any note or report on how affected people became aware that there was a problem.

Yes — pilots and ATC staff noticed the issue through false position readings, terrain warnings, and navigation system errors (like “GPS PRIMARY LOST” alerts). Some aircraft showed impossible locations on flight displays or ADS-B trackers, prompting manual cross-checks with inertial and radio navigation. Controllers also observed data mismatches in radar plots and flight messages, confirming that something was wrong with GNSS inputs.

[Amber G.]

Latest updates: (Various reliable sources):


- DGCA is now formally compiling data on GPS/GNSS interference/spoofing incidents affecting flights in and around Delhi. They report “at least eight” such instances during the recent period (domestic + international flights).

- In response to the spoofing + runway navigation issues, the DGCA has expedited the rollout of an ILS for runway 10/28 at IGIA: ( Category I version to be operational this weekend, earlier than planned)

- Multiple outlets are now quantifying the disruption *seems* ( could be wrong) to linked to a combination of AMSS messaging system fault + GPS spoofing..

(I have pulled some specific flight/aircraft-level incident logs (publicly reported, some detail level needs subscription) in Delhi region where GPS/ADS-B anomalies were logged.. and flight tracker data.. for few flights .. will be fun to analyze that to see some pattern)

[Amber G.]

For your reading pleasure..
India increases efforts to collect GNSS spoofing data

Sep 2023 – mid-2024: Multiple GPS-spoofing episodes in the Iran/Iraq region

(Here positions errors at the distance around 60 miles were reported

[SriKumar]

thanks. Seems like it also happened in months prior as well.

[Amber G.]

Is there’s any new data linking the recent Red Fort car bomb explosion in Delhi to the GPS spoofing incident?

Short answer: Some overlapping timelines and investigative actions raise questions:

- The GPS spoofing event at IGIA, Delhi has now been taken up by the office of the Ajit Doval NSA. According to a news piece, the NSA’s office is investigating the alleged spoofing that disrupted over 350 flights in the region.

- Regulators are increasingly confident that the spoofing is not just incidental interference. For example, tracking data showed aircraft positions “fluctuating by as much as 335 km within seconds” in the IGIA incident.

- Parliamentary data shows that between November 2023 and February 2025 some 465 incidents of GNSS/GPS interference/spoofing were reported in the Amritsar/Jammu region of India.

- Technical discussion about a newly technique “C/N0 analysis” of spoofing detection based on antenna orientation — that is experts are finding measurable signal fingerprints of spoofing..(more of it later)
.. Cont..

[Amber G.]

Updates: (Reputable sources):


- DGCA) has issued a new directive: any pilot, air-traffic controller or technical unit detecting abnormal GNSS behaviour must report the event within 10 minutes.

-The Office of the National Security Adviser (NSA) led by Ajit Doval has formally launched a multi-agency probe into the spoofing incidents at Indira Gandhi International Airport (IGIA), involving civil aviation authorities and defence/cybersecurity agencies.

The DGCA has expedited the upgrading of the Instrument Landing System (ILS) on IGIA’s runway 10/28:

Few Editorial/viewpoints emphasise that what has occurred could amount to electronic warfare threat

The 10-minute reporting rule is very significant: it shows the regulator is treating spoofing/interference as a live safety risk, not just a theoretical issue.
The NSA’s involvement means the incident is now being viewed through a national security / cyber-threat lens, not merely a technical failure. m
Speeding up the ILS upgrade underscores the operational urgency: one fallback to satellite navigation is being strengthened so that aircraft don’t rely solely on GNSS in this high-risk window.

The framing of spoofing in a hub airport (versus near border/military zones) signals a shift.
The coincidence (or potential linkage) of the car-bomb explosion near the Red Fort and the spoofing incident is mentioned in some places as “hybrid terror” (speculation - etc)

[Amber G.]

India issues a NOTAM warning aircraft of GPS interference/loss around air traffic routes within its airspace near Mumbai, this follows reports of similar interreference observed around New Delhi

Valid: 13-17 November 2025

[Tanaji]

I wonder if GoI has the relevant triangulation equipment to identify the GPS jamming source assuming it’s terrestrial. It should not be that hard to find, even if it’s mobile. If it’s space based, then it should be easy to locate as satellites have fixed paths.

[AdityaM]

Delhi
Calcutta
Bombay

https://x.com/detresfa_/status/1989250001709703282?s=46

In case of Mumbai, it was on the route, so it's not a localised jammer source.

[fanne]

My 2 cents counter intuitive argument -
We are doing it!! testing our capability to spoof GPS and other signals so that any projectile coming this way and depending on these tech (GPS etc) can be fooled!!

[Tanaji]

Crossposting :

https://x.com/aravind/status/1989165068429451748

IMO, in simple terms, Pak has been supplied with advanced tech by the US, or is being directly helped by the US to mess with navigational guidance systems that use GPS.

It is using these devices to mess with GPS to warn India that it can't give a military response, while also carrying out the terror attacks.

"It is now telling India we will do terror attacks and we know you want to respond militarily. But, if you try, we can mess with your planes, ships, and missiles. Do what you can."

If my assumptions are true, this is serious for India because US is now again using Pak to arm twist India. No wonder Trump made some statements like 'i don't want to cause trouble for Modi', 'India will do a good trade deal soon', and his commerce secretary said 'India will apologize to the US and do the trade deal.'

This also means India may not do OpSindoor 2.0 now. Or delay any kinetic action on Pakistan until it can sort out these GPS issues. And Pak may be emboldened to carry out another big terror attack soon.

If the US is helping Pak in messing with India's navigation while Pak tries terror attacks, then I think India needs to send all US military personnel, planes, and equipment out ASAP. Enough of having them in India for "training."

India issues a NOTAM warning aircraft of GPS interference/loss around air traffic routes within its airspace near Mumbai, this follows reports of similar interreference observed around New Delhi

Valid: 13-17 November 2025

[Tanaji]

I am not sure I understand the above. GPS jamming and spoofing by Pak means they have to have set up a transmitter. Which means it can be triangulated and detected and correlated. A simple spectrum capture over time will provide irrefutable proof of Pak complicity.

I really doubt its Pak doing it from its soil. Plus it happened in Mumbai and Kolkotta. Can you imagine the power of the jammer required?

No, its either local jehadis that have managed to get hold of multiple sets or its sat based. If the latter it should be possible to track satellite flybys and correlate with jamming instances. Geosats cant be used for this as again, too much power required.
Only a fraction of the Starlink sats have this capability if it is indeed Starlink so easy enough to find out.

[Amber G.]

From @PiyushShukla__ (X)

Over the past few days I’ve noticed a surge of GPS spoofing incidents at multiple airports in India. it’s got me curious about what’s happening right now. These events take me back to my early hacking days when I was learning the basics; GNSS security really hooked me back then. Here’s a quick thread to give you a bit of insight into what’s actually happening behind GPS spoofing

1/ How GPS works? 24+ satellites orbit Earth ~20,000 km above. Each continuously broadcasts a precise timestamp + satellite position. Your receiver calculates how long signals take to arrive and trilaterates your position from at least 4 satellites.
2/ Every GPS satellite sends its data using L-band frequencies:

L1 = 1575.42 MHz (civilian)
L2 = 1227.6 MHz (military/dual-use)

The signal contains a “PRN code” (Pseudo Random Noise sequence) a unique digital signature that identifies which satellite it came from.
3/ Those signals are extremely weak when they reach Earth around -130 dBm. That’s weaker than cosmic background noise! Receivers can still read them using correlation they know the PRN code pattern, so they lock on by matching timing offsets.
4/ In aircraft navigation:
The GPS receiver onboard continuously computes position + velocity + clock offset.

These data feed the Flight Management System (FMS).
For RNAV/RNP approaches, GPS becomes the primary navigation source.
5/ The entire aviation network (FMS, ATC systems, ADS-B transponders) depends on that continuous timing and positional feed being authentic and stable.

If timing drifts → the navigation solution jumps → ATC sees wrong position or aircraft loses “nav accuracy”.
6/ So what is spoofing?
It’s when someone transmits a fake GPS signal that looks real but carries manipulated timing/position data. The aircraft receiver locks onto the stronger fake signal believing it’s genuine and calculates a false location or time.
7/ From a signal-engineering view. A spoofing setup can use a Software-Defined Radio (SDR) (like HackRF, USRP, BladeRF) + GNSS signal generator scripts (gps-sdr-sim, GNSS-SDR).

It generates counterfeit PRN sequences with slightly higher power and small timing offsets.
8/ The attacker can do either

Replay spoofing: capture real satellite signals, delay them, then replay → shifts receiver’s perceived position/time.

Synthetic spoofing: fully simulate satellites with controlled coordinates and Doppler → total control over victim’s computed fix.
9/ The reason it works: GPS receivers usually trust whoever is louder. They don’t authenticate the satellite; they just correlate the PRN code.

So if a nearby transmitter sends the same PRN code but 1–2 dB stronger, the receiver automatically locks onto it.
10/ When this happens mid-flight
• Navigation drifts or shows “GPS LOST”
• ADS-B sends wrong coordinates
• ATC tracking breaks
• Auto-land or RNAV approaches fail
→ Leading to flight delays or diversions like we saw in Delhi
11/ There have been reports of GNSS anomalies in some regions; investigations are ongoing and root causes are not always confirmed. Treat public reports cautiously while ops teams analyze telemetry.
12/ Plausible single-vulnerability scenario (how one problem can affect many) A single local high-power spoof emitter that broadcasts multiple PRNs with coherent Doppler/profile can overwhelm nearby receivers simultaneously. they all re-lock to the counterfeit constellation.

Alternatively, a compromised Stratum-0 time source (NTP/PTP) feeding many clients can propagate wrong time across networks

RF-overpower → receiver lock switch OR trusted time feed compromised → network-wide desync.
13/ Core reasons GNSS is exploitable

• Extremely weak received power → easy to overpower.
• Known PRN/code structures → trivial to imitate.
• Many legacy receivers lack cryptographic/auth validation.
• Anti-spoofing capability is uneven across equipment
14/ Timing drift impact. GNSS also syncs clocks for telecom, ATC, and power grids. Even a 1 µs error can create big positional or packet-sync problems. That’s why spoofing can ripple across sectors.
15/ Defenses against GPS Spoofing
• Multi-GNSS fusion (Galileo/BeiDou/GLONASS) + cross-validation
• Directional antenna arrays or multi-antenna AoA checks
• RAIM/RAIM-FDE and doppler/pseudorange residual monitoring
• Tight GNSS+INS integration (sensor fusion)
• Holdover oscillators (OCXO/Rubidium) at critical nodes
16/ In aircraft, hybrid GPS+INS navigation can sustain accuracy for ~30–60 min after GPS issues, but inertial drift grows so short outages can be tolerated, long ones cause operational problems.
17/ The biggest risk isn’t a single plane it’s systemic desynchronization. If multiple networks (air traffic, telecom, power) lose time sync, entire infrastructures can misalign. That’s the cascading failure GNSS spoofing can trigger

____
My remarks-

Looking at Shukla’s thread alongside our earlier notes, the picture is getting clearer — and a bit worrying. What happened in Delhi doesn’t look like a random glitch anymore. The same markers keep repeating: GNSS weirdness right when the ATC message system hiccupped, navigation errors showing up not just near borders but right in India’s busiest airspace, and then DGCA rushing out that “report within 10 minutes” rule. Shukla’s observations match what we’d already pieced together — spoof-like signals, odd ADS-B jumps, terrain warnings — all pointing to a broader pattern of interference over several days. Nothing conclusive yet, but it feels less like an isolated tech fault and more like a deliberate stress-test of our aviation/navigation infrastructure. More data (actual logs, RF captures) would help (and I am sure they are being investigated), but what we do know already is enough to take this very seriously.

[gakakkad]

https://www.politico.eu/article/russia- ... 0in%202024.


it appears russkies have been doing it on a daily basis in europe.


do we know if it is jamming or spoofing?

[Amber G.]

..IMO, in simple terms, Pak has been supplied with advanced tech by the US, or is being directly helped by the US to mess with navigational guidance systems that use GPS.

It is using these devices to mess with GPS to warn India that it can't give a military response, while also carrying out the terror attacks.

"It is now telling India we will do terror attacks and we know you want to respond militarily. But, if you try, we can mess with your planes, ships, and missiles. Do what you can."..

FWIW: My take:

Some are suggesting that the recent GPS spoofing around Delhi — and now the NOTAM for GPS interference near Mumbai (13–17 Nov) — is part of a US-enabled Pakistani attempt to signal India: “We’ll hit you with terror attacks, and if you respond militarily, we can mess with your planes, ships, and missiles.” It’s, IMO, a dramatic narrative, but here’s a my - more grounded - take.

First, there’s no public technical evidence so far tying the Delhi/Mumbai GNSS anomalies to the US or to any specific state actor. What is known is that Pakistan already has access to decent jamming/spoofing tech (Chinese, Turkish, commercial EW systems), and it has used RF interference in border sectors before. So, yes, Pakistan-origin interference is not impossible — but the US angle doesn’t track with how the US typically signals or exerts leverage. Using crude RF spoofers in dense Indian civil airspace would be the least plausible mechanism for Washington to “arm-twist” New Delhi.

At the same time, we shouldn’t dismiss the broader strategic signalling interpretation. Delhi’s GNSS issues occurred immediately after a major terror incident, during a period of high political tension, and at the same time India was rumoured to be weighing an OpSindoor-type response. Now we have similar interference reported near Mumbai. Whether intentional or not, the effect is the same: India will naturally be more cautious about any large kinetic move while its navigation/communication environment is unstable.

The more important takeaway is this: something is interfering with India’s GNSS environment across multiple airports, and it isn’t a one-off glitch. Instead of jumping to the US angle, it makes more sense to focus on what India can act on immediately — GNSS hardening (NaVIC integration, multi-band receivers), ATC redundancy, spectrum monitoring, and attribution capability. Until those are strengthened, any major military option will be planned far more carefully.

So yes, the situation is serious — but the explanation is likely simpler and closer to home than a US-Pakistan covert partnership. The GNSS disruptions themselves are the real story, and India needs to treat them as an urgent national-security infrastructure issue.

Finally, as someone pointed out - The new NOTAM around Mumbai actually feels less like a fresh wave of spoofing and more like someone testing equipment — either calibration of jammers/spoofers, or periodic activation of EW gear that wasn’t meant to spill into civilian lanes. The wording in the NOTAM (“possible GPS interference/loss”) is generic, and there haven’t yet been detailed pilot reports like we saw in Delhi (false positions, terrain warnings, RAIM hits).

This looks more like background electronic activity being picked up, not an active attempt to mislead aircraft. Still, the timing is interesting:

Even if this is just testing or routine EW noise, it underlines the same problem — India’s airspace is picking up RF anomalies that shouldn’t be there, and we need proper attribution, monitoring, and mitigation before assuming benign intent.

[Amber G.]

do we know if it is jamming or spoofing?

This round of NOATM alerts around Mumbai doesn’t look like classic jamming at all. (With jamming you’d see widespread GNSS signal loss, big chunks of receivers going “no fix,” and pilots reporting total satellite dropout. ityadi...)

Spoofing is far easier—low-power, localized, and it doesn’t necessarily wipe out real signals; it just overlays better-looking fake ones. (The kind of brief, patchy anomalies popping up fit that pattern )

So yeah, not jamming. Spoofing—almost certainly.

[Amber G.]

Updates - From News Sources:

New NOTAM for Mumbai Airspace

India has issued a NOTAM valid from 13–17 Nov 2025 warning of possible GPS signal interference/loss along certain air traffic routes near Mumbai.

According to reports, this covers ATS routes L639 and P574, and pilots are being told to exercise “utmost caution.”


DGCA Tightens Reporting Protocol

The DGCA now requires real-time reporting (within 10 minutes) by pilots, ATC, or technical units if they detect GNSS anomalies: abnormal GPS behavior, spoofed location data, signal integrity loss, etc.
Reports must include the date/time, aircraft registration, flight route, coordinates, the type of interference (jamming, spoofing, etc.), and system log data (FMS, screenshots, etc.).

AAI ATC System Overhaul Ordered

The government has directed the Airports Authority of India (AAI) to upgrade its ATC message-handling system: move from the faulty AMSS to a new AMHS within 90 days.

The move is framed as serious - lack of redundancy in the old system is being blamed for the major disruption.

- The Air Traffic Safety Electronic Personnel Association (ATSEPA) is publicly calling for urgent modernization of CNS (Communications, Navigation, Surveillance) infrastructure at major airports.

(The current systems are outdated and unable to handle “systemic imbalances” that contributed to the recent ATC glitch + spoofing risk. )

National-Level Investigation Underway

Agencies (civil aviation + national security) are now formally monitoring GPS spoofing across the country.
The NSA’s office is coordinating with the IT Ministry, CERT-IN, and other agencies to investigate.

MY TAKE (FWIW):

- The NOTAM in Mumbai suggests this might not be limited to Delhi — the interference risk could be broader or more persistent than originally thought.

- With real-time reporting, DGCA is clearly treating spoofing as an ongoing safety threat, not just a one-off event. That helps attribution & rapid reaction.

- The AAI’s 90-day system upgrade order is huge —

- ATSEPA’s call for CNS modernization aligns with a long-term fix, not just a bandaid;

- A multi-agency probe means this isn’t being treated purely as a technical aviation issue — national security is deeply involved.

Amber G.

[vera_k]

GPS is insecure and vulnerable to spoofing. This much is known. What changed starting about 10 years ago is that cheap software defined radios became available for anyone to spoof GPS.

GPS Signal Reception and Spoofing Based on Software-Defined Radio Devices

This paper is recent, but the tech and cheap devices to do this have been available off the shelf since at least 2014. Maybe a batch of these was imported into India as part of routine business and hobbyists are taking a turn at them now. That would not surprise me in the least given how many engineering students India trains each year.

The device itself would look something like this -
SDR

[Tanaji]

I still don’t buy that Pak is spoofing GPS from its territory or satellites are being used. Both approaches are brute force or indiscriminate if you will and easily detected. It should also cause issues with other civilian users such as people using cellphones. This hasn’t been reported as far as I know. Therefore the most likely culprit is some jihadis have gotten hold of a jammer or spoofer and are using it in airport vicinity.

Do airline GPS receivers like those from Garmin automatically switchover to other systems like Galileo/Navic/Beidou? If not we should slowly mandate these sort of fallbacks. The other point is man in middle type of attacks like spoofing are a solved problem cryptographically. Navic and others should start using keys to solve this.

[vera_k]

They do not. The FAA used to refer to the FBI to investigate GPS disruption.
Don't know if that's still done given how easy it has gotten to spoof GPS.

FAA tells pilots to go analogue

“Until a few years ago, a GNSS spoofing attack required expensive, high-end equipment in the $50,000- $500,000 range. Today, low tech equipment and open source software can enable anyone to spoof for as little as $100.”

[Amber G.]

I still don’t buy that Pak is spoofing GPS from its territory or satellites are being used. Both approaches are brute force or indiscriminate if you will and easily detected. It should also cause issues with other civilian users such as people using cellphones. This hasn’t been reported as far as I know. Therefore the most likely culprit is some jihadis have gotten hold of a jammer or spoofer and are using it in airport vicinity.

Do airline GPS receivers like those from Garmin automatically switchover to other systems like Galileo/Navic/Beidou? If not we should slowly mandate these sort of fallbacks. The other point is man in middle type of attacks like spoofing are a solved problem cryptographically. Navic and others should start using keys to solve this.

My Take : (Inviting others EE Engineers / Pilots to add/ comments)

You’re right that territory-wide or satellite-scale spoofing is unlikely — that would be noisy, indiscriminate, and instantly detectable. But localized, low-power spoofing from within a few km of the airport is absolutely feasible, hard to attribute, and would not noticeably affect cellphone users or most civilian devices.

Some Q/A - Thinking scientifically ( my calculations .. but they are reliable)

Q . “How far can spoofing be effective?”
GNSS spoofing does not need brute force or high power.
- A handheld or car-mounted spoofer (1–2 W) can dominate GPS signals within 500 m – 3 km (depending on antenna placement )
- A rooftop or high-mast transmitter (~10–20 W) can reliably spoof a 5–10 km radius.
(Directional antennas can extend this up to 30 km, especially near our airports )

Vicinity-based spoofing is the easiest, cheapest, quietest shape of attack, and the one that best fits the Delhi/Mumbai pattern.
(This scale also explains why only aircraft on specific arrival/departure corridors saw anomalies, while the rest of the city did not)

2. “Why didn’t cell phones or Uber maps break?”

Phones use A-GPS (assisted GPS) + cell tower trilateration + Wi-Fi positioning.
Spoofers often target aviation L1 C/A or L5 — not multiple bands used by smartphones.
Aircraft avionics accept GNSS inputs with much stricter timing & integrity thresholds, making them more sensitive to spoofing than consumer devices.
Spoofing can be narrowband and directional, aimed upward along approach paths — not at street level.

So lack of public smartphone failures is not evidence against airport-vicinity spoofing.

3. “Jihadis with a spoofer” vs. “state-enabled capability”

A lone local group can operate a jammer (easy) but operating a coherent spoofer—which needs ephemeris alignment, Doppler modeling, and time-sync—is much harder.

(Modern low-cost coherent spoofers still require, egc GNSS SDR modules, Timing reference or disciplined oscillator, software that models satellite geometry in real time ityadi..)

I think it is a State-enabled, State-sourced, or Commercial-military hardware diverted / acquired quietly... The pattern at IGI—brief, corridor-specific anomalies affecting ADS-B, RAIM, and FMS inputs—looks coherent, not random sweep jamming.

. Nobody needs to spoof from Pakistani territory or satellites.

(Localized spoofing near: approach paths, final descent funnels, high-density nav corridors…is sufficient to cause exactly the type of ANSP alerts we saw)

- Don’t look 300 km across the border; look 10 (or may be 30) km around the runway.



So, agreeing partly with your point:

It’s not Pakistan spoofing from its territory or from satellites ..It is likely localized, low-power, technically competent spoofing near airport approaches — which could easily be a proxy group, intelligence-linked cell or someone operating with external technical support... by this time, India I think knows.

Amber G. (My views)

[Amber G.]

<Draft>
Strengthening GNSS Monitoring in India – Engaging Academic & Research Labs

In response to recent GPS/GNSS anomalies reported at Delhi and Mumbai airports, there is a strong case for creating a national GNSS anomaly monitoring network. Such a network would complement existing DGCA reporting protocols, enhance aviation safety, and provide independent verification of navigation signals.

Several Indian institutions already have the expertise and infrastructure to contribute:

IIT Tirupati / Navavishkar I-Hub – Multi-constellation GNSS/NAVIC receivers, RF testing.

JNTU Hyderabad / GNSS Lab – GNSS signal research, navigation systems testing.

Osmania University / NERTU – GNSS spoofing detection, signal authentication.

Space Applications Centre (ISRO, Ahmedabad) – Satellite navigation systems, ground station coordination.

Indian Institute of Remote Sensing (IIRS, Dehradun) – GNSS/GIS research, anomaly detection.

Proposed approach:

Establish distributed monitoring nodes using these labs.

Collect real-time GNSS logs, RAIM alerts, pseudorange/C/N₀ anomalies.

Integrate findings with DGCA ATC and pilot reports for faster detection, attribution, and mitigation.

By leveraging existing research capacity, India can enhance its aviation resilience and improve readiness against GPS interference or spoofing threats across national airspace.

[Tanaji]

This is relevant but may not be the full explanation

https://arstechnica.com/tech-policy/202 ... direction/

Relevant portion from the article:

While Tilley doesn’t know exactly what the emissions are for, his paper said the “signal characteristics—strong, coherent, and highly predictable carriers from a large constellation—create the technical conditions under which opportunistic or deliberate PNT exploitation could occur.”

PNT refers to Positioning, Navigation, and Timing (PNT) applications. “While it is not suggested that the system was designed for that role, the combination of wideband data channels and persistent carrier tones in a globally distributed or even regionally operated network represents a practical foundation for such use, either by friendly forces in contested environments or by third parties seeking situational awareness,” the paper said.

[Aldonkar]

I have been following the above discussion (with very little knowledge) and the conclusion that it is some sort of spoofing of GPS signals that is causing problems. I presume that the receiver has some sort of protection that rejects signals from certain sources, for example, the source should be several hundred miles above earth (ie LEO altitude) and moving at the sort of speed that a satellite should. This would eliminate ground level spoofing.

Satellite based (especially LEO based) would be a bit more difficult. Of course if this is not already done, it would take time to achieve.

Please tell me that I have totally misunderstood the problem.

[A_Gupta]

Kolkata:
https://www.gpsworld.com/kolkata-is-lat ... erference/
India has issued a Notice to Air Missions (NOTAM) warning of possible GPS interference or signal loss along air traffic routes near Kolkata, reports Business Today.

The NOTAM, valid Nov. 13-17, alerts airlines and pilots to remain vigilant to GNSS disruptions. It follows previous communications sharing issues with GNSS interference in New Delhi and Mumbai. Pilots and air traffic controllers also were asked to report any interference incidents within 10 minutes to the Directorate General of Civil Aviation (DGCA).

[A_Gupta]

https://www.icao.int/sites/default/file ... hereof.pdf

GNSS RFI