HOME | CONTACT US

Call 817.945.6850

2025 in Review: Deregulation, Stepped-Up Enforcement, and Safety as a Policy Tool

Scopelitis

From a regulatory standpoint, 2025 was not defined by sweeping new trucking rules but instead by how the federal government chose to act: deregulating selectively, enforcing aggressively, and increasingly using safety as justification for broader objectives.

Those three dynamics explain far more about the year than any single rulemaking — and they set the stage for what carriers should expect in 2026.

Deregulation: Real, but Narrow

The Trump Administration made deregulation an operating principle in 2025 by issuing its 10-1 deregulatory executive order just 10 days into the President’s second term. FMCSA and other regulatory agencies quickly followed suit. In the case of FMCSA, rather than pursuing controversial rollbacks, the agency focused on updating federal regulations to meet the reality of trucking in 2025, potentially reducing administrative burden without reopening core safety debates.

Proposals addressed issues such as the definition of a DOT Accidentelectronic documentationoutdated certification requirements, and limited reporting obligations. The relief is targeted and modest. Carriers should view deregulation as margin improvement, not a wholesale shift in compliance expectations.

Enforcement: Where the Pressure Shifted

While rulemaking slowed, enforcement accelerated.

FMCSA significantly increased scrutiny of electronic logging devices, removing nearly 30 ELDs from the registry and rolling out stronger vetting aimed at fraud, white-labeling, and tampered systems. State strike forces reinforced that focus, uncovering widespread manipulation of records of duty status, including the use of ghost drivers and altered logs.

Entry-level driver training enforcement followed the same trajectory. Thousands of training providers were removed from the Training Provider Registry, with many more flagged for noncompliance. CDL mills are now a clear enforcement priority.

The takeaway for carriers is simple: fewer new rules did not mean more tolerance. In many areas, enforcement expectations tightened, laying bare the monumental task of policing the trucking industry’s vendors as well as its motor carriers and the contribution of self-certification regimes to ongoing fraud.

Safety as Justification for Other Objectives

Some of the most disruptive developments of 2025 were framed as safety initiatives but were likely driven by broader policy goals. Restrictions on non-domiciled CDLs and renewed emphasis on English Language Proficiency enforcement were advanced under a safety rationale, while also aligning with a broader immigration enforcement strategy. State responses were uneven, litigation followed quickly, and some issues remain unresolved. This heightened scrutiny is already affecting roadside enforcement, investigations, and driver availability.

What to Expect in 2026

The environment in 2026 is likely to be a continuation of 2025, with potentially higher stakes.

Deregulation will continue, but primarily through narrow, low-risk changes. Carriers should not expect broad relief from core safety and compliance obligations. These deregulatory moves could also make way for some additional regulations under the 10-1 EO. After all, FMCSA has some unfinished business to tend to in the form of its Safety Fitness Determination rulemakings and actions on automated driving, ELD specifications/certification, and automatic emergency braking.

Enforcement will remain the primary policy tool highlighted by greater use of data-driven targeting, technology-enabled inspections, and intensified oversight of ELDs and driver training providers. To this end, CSA reform may come to fruition, and efforts to tie CSA data more directly to carrier safety ratings may continue. At the same time, FMCSA faces a structural reality: regulating a growing industry with limited staff and imperfect data. That reality favors automation, prioritization, and scalable enforcement models.

Finally, the debate will continue on the efficacy of broader immigration related proposals in improving motor carrier safety through reduced crashes.

Bottom Line

For carriers, the lesson from 2025 is clear. Regulatory relief and enforcement pressure are not opposites — they are complementary tools.  This year, success will depend less on tracking new rules and more on managing enforcement exposure, data quality, and operational discipline.

 

Denuclearization: EFFECTIVE Training

Doug Marcello

There is a painful irony embedded in every nuclear verdict involving negligent training.

The company trained. They held the sessions. They logged the hours. They filed the paperwork. They checked every box their compliance department put in front of them.

And the plaintiff’s attorney stood in front of the jury and said: “Ladies and gentlemen, they knew this driver had problems. They knew. And their answer was a generic video.”

That’s the irony. The training they did became the evidence against them. Not the absence of training—its inadequacy.

This is the negligent training problem, and it is the softest leg of the plaintiff’s triad. It’s also the one most fleets can fix fastest—if they’re willing to admit that what they’ve been doing doesn’t work.

The Forgetting Curve Is Not a Theory

I recently interviewed Dr. Gina Anderson, a doctor of education and founder of Luma Brighter Learning, about what the trucking industry gets fundamentally wrong about training.

She didn’t sugarcoat it.

Within the first hour of hearing content, most people forget nearly half of it. That’s the forgetting curve—established neuroscience, backed by decades of research. And the industry’s standard training model is designed to maximize it.

Three days of passive onboarding. Generic content. Everyone in the same room getting the same information regardless of experience level. Then radio silence until the annual refresher—or until somebody has an incident and gets a corrective video.

“I told them that. They should remember it.” Dr. Anderson hears this constantly from safety directors. But that’s not how the brain works. It’s not even close to how the brain works.

The Experienced Driver Problem

Here’s something that should give every fleet executive pause: the drivers with the most experience are sometimes the ones who need the most training.

Dr. Anderson explains this through neuroscience. The brain builds neural scaffolds through association. When information is tied to an emotional experience or a long-held memory, those connections are powerful. They’re also stubborn. If a veteran driver learned a technique 20 years ago that’s now outdated, that old association doesn’t just fade—it actively resists new information.

She compares it to eyewitness misidentification. People in police lineups sometimes identify the wrong person with absolute certainty because their memory is built on association, not accuracy. The same mechanism is at work when a veteran driver insists they’re doing something correctly because “that’s how I’ve always done it.”

Onboarding a new driver and re-training a 25-year veteran require fundamentally different approaches. One-size-fits-all doesn’t account for this. It can’t.

Five Principles of Training That Actually Works

Dr. Anderson’s framework isn’t theoretical. It’s grounded in learning science and already being implemented by forward-thinking fleets. The principles:

  1. Individualization. Assess prior knowledge and behavioral data before training begins. AI can build tailored learning paths based on performance data, driving history, and behavioral indexes. The technology to do this exists today. The barrier is adoption, not capability.
  2. Continuous delivery. The brain needs seven-plus exposures to build reliable neural connections. Effective training delivers content in spaced intervals across varied formats—not in a single dump. Timing matters too: some people are most receptive early morning, others late at night. Delivering education when the learner is most engaged dramatically improves retention.
  3. Proactive intervention. The industry’s default is reactive: incident occurs, corrective video sent. But sending a speeding video to a driver who already knows not to speed doesn’t change behavior. Proactive training identifies patterns in performance data and addresses them before they become incidents—and before they become exhibits in litigation.
  4. Authenticity. This is Dr. Anderson’s doctoral research area. Authentic learning targets the individual’s specific, current context. A generic parking lot video is forgettable. A just-in-time simulation of the actual parking lot the driver is heading to—informed by their readiness to change, their motivational profile, and the specific hazards of that location—that’s an experience the brain retains.
  5. Connection over content. True micro-learning engages all five interaction modes. The most powerful—and most neglected—is learner-to-self: mindfulness and awareness. Where is the driver’s mind when they’re driving? Are they present, or are they thinking about being away from their family? This is the level of engagement that actually changes behavior. Six-minute videos don’t reach it.

The Courtroom Test

Everything above matters for one simple reason beyond safety: it’s what the courtroom demands.

Plaintiff attorneys attacking negligent training don’t need to prove you didn’t train. They need to prove you didn’t train effectively. They need to show the jury that your training was generic when it should have been individualized. That it was a one-time event when it should have been continuous. That it was reactive when the data showed you should have been proactive.

Check-the-box training gives them everything they need.

Data-driven, AI-founded training takes it away.

When your training platform generates objective evidence—the individualized learning path, the performance data that informed it, the spaced reinforcement schedule, the proactive interventions, the measurable outcomes—you’re not defending with a binder of sign-in sheets. You’re defending with data.

That’s the shift from subjective expert opinion to objective evidence. That’s AI defense.

One of Dr. Anderson’s clients lived this. They switched from check-the-box to science-based, authentic, individualized training. When they went to court, they didn’t say “we trained them.” They said “let us show you what we did.” A multi-million-dollar exposure resolved for $250,000.

The Denuclearization Thesis

This is the first installment in the Denuclearization series. The thesis is straightforward:

Nuclear verdicts in trucking litigation are built on the plaintiff’s triad: negligent hiring, negligent training, and negligent supervision. Each leg is an attack vector. Each leg can be reinforced or dismantled with objective, AI-driven evidence.

Training is where most fleets are most vulnerable—and where the fix is most immediately available.

The learning science is established. The AI technology is operational. Platforms that can deliver individualized, continuous, proactive, authentic training—and generate defensible evidence of it—exist right now.

The question for every fleet executive, safety director, and risk manager is simple: Are you training to check a box, or are you training to produce results?

One approach feeds the nuclear verdict machine. The other dismantles it.

That’s denuclearization.

See the full interview with Dr. Anderson at TransportCenter YouTube or the podcast at TransportCenter Podcast

How to Combat Employees Who Use GPS Jammers

Malcolm Rosenfeld

Thousands of businesses across the United States have a GPS problem. Employees have learned how to mess with GPS.

GPS spoofing and GPS jamming devices have become inexpensive and easy to use. For as little as $10, delivery drivers and long-haul truckers can disguise their locations, so dispatchers won’t know they are taking long breakfast breaks or having a tryst at the motel 6.

Teenagers have learned how to use GPS jammers to block their parents’ tracking apps and for cheating at Pokémon Go. Nefarious drug runners and human traffickers spoof border patrol drones. And dodgy freight companies can use GPS spoofers and jammers to change the time stamps on arriving or departing cargo.

As we’ll explore in more detail a little later, all of these activities violate Federal law, but they are a reality of living in the 2020s. These disruptions not only affect their targets; they can also affect anyone using GPS in the vicinity.

What Is a GPS Jammer?

So, what is a GPS jammer, exactly, and how do they work?

A GPS jammer is a device that uses radio frequencies to transmit a signal that blocks, jams, or interferes with GPS systems. These devices disrupt all aspects of GPS including navigation and tracking.

The devices are usually small, and most of them are a snap to install. All a user has to do is to plug them into the car charger port and make sure the device is close to the GPS tracker. This way it can interfere with the signal.

GPS jammers and spoofers take less than 30 seconds to power up. They can be taken out and plugged again as needed, covering up evidence of wrongdoing. This makes them attractive to criminals and unreliable employees (and delinquent teenagers) who don’t want employers, parents, or the police to track them.

GPS jammers are easy to find. Do a search in Google for GPS jammers, and you can find numerous websites where you can purchase them including an e-commerce site called Jammer Store.

Are GPS Jammers Illegal?

So, are GPS jammers and spoofers legal?

If you go to the US government’s GPS website’s page on jamming, the first thing you will see is:

“Federal law prohibits the operation, marketing, or sale of any type of jamming equipment that interferes with authorized radio communications, including cellular and Personal Communication Services (PCS), police radar, and Global Positioning Systems (GPS).”

There are very good reasons it is illegal to interfere with GPS devices. Emergency medical services, fire departments, and the police depend on them. So does the military. Chinese, Russian, and Iranian hackers have interfered with GPS tracking of international shipments. The likelihood of your employee taking a break in the middle of the day getting mistaken for a foreign agent are, let’s be for real, very small, but the consequences to that employee and your business could be enormous.

What are the Consequences of GPS Jamming?

Everyone who uses a GPS jammer is breaking the law, but not everyone who uses a GPS jammer is using them to hide otherwise illegal activity. Some businesses use cell phone jammers to create a quiet zone, for example, a movie theater that wants to curtail cell phone usage. But the reason jammers, including GPS jammers, are illegal has to do with safety.

As we mentioned earlier but it bears repeating, GPS and cell phone jammers can interfere with emergency services like 9-1-1, ambulances, firefighters, and police. Furthermore, GPS jamming devices have interfered with airplane navigation.

For example, in 2015, planes landing at Northeast Philadelphia Airport were losing their GPS signal from 1 mile away from the airport. The FCC discovered that a truck driver in a parking lot was using a jammer to disable a tracking device on his truck that he didn’t know was illegal. The FCC agent immediately confiscated the device and destroyed it with a sledgehammer. Luckily for the trucker, the FCC didn’t fine him for using the device, because others haven’t gotten off so easily.

Do Drivers Want to Know How to Jam GPS?

In another aviation incident in Newark, the Federal Aviation Administration filed a complaint with the FCC that something was interfering with the signals from the GPS tracking system at the Newark Liberty International Airport. An FCC investigation discovered that a man named Gary Bojczak was using a GPS jamming device to hide from his employer. The FCC fined the man $31,875.

From the above incidents, it’s evident that some drivers are using GPS jammers to block fleet tracking and other GPS tracking devices, but is it a significant problem? In 2016 NBC News reported that according to a 2012 UK study known as the Sentinel Project, 20 roadside monitors found between 50 and 450 daily instances of jamming across the UK. 9 out of 10 of those jammers were employed by fleet drivers or truckers. A smaller 2014 study by Rohde & Schwarz discovered that every 3rd or 4th truck on a major highway near Portland International Airport in Oregon was broadcasting at the same frequency as GPS, meaning these trucks were potentially blocking GPS tracking.

However, the US trucking association says they have found no evidence to show that large numbers of truck drivers are using GPS jammers, and the Sentinel project found that it was drivers of smaller vehicles like delivery and service vehicles, as well as taxis that were the primary type of employee to use GPS jammers, not truckers. That’s because most truck drivers are well aware of the regulations and penalties they can incur for using a jamming device to manipulate their driving logs or to hide from employers.

How Do I Know an Employee Is Using a GPS Jammer?

The good news is if you have one or more employees who try to use a GPS jammer to disrupt your fleet tracking system, you’ll know. While your drivers might think the illegal jammers make them invisible, what they do instead is to attract more attention to their behavior.

If an employee is using a GPS jammer to disrupt the GPS signal, it will appear on the live tracking map or trip history map as an interrupted or missing trip. If they plug their jammer in during just part of the trip, you’ll see a line from when the jamming started to when the device was turned off. Some later model GPS tracking devices even have GPS jamming detection. Plus you can also create an exception rule that looks for GPS signal faults and triggers an alert or email when GPS interference occurs.

Once you detect an employee has disrupted GPS tracking, you can take appropriate disciplinary measures. You also have a record of the GPS jamming for disciplinary action such as firing the offending employees for cause.

Final Thoughts on GPS Jammers and Employees

Many people don’t realize that they are breaking federal law when they use a GPS jammer. But they do know they are breaking work rules when they use them to hide their locations from your dispatch office during working hours. Employees need to know that the use of these devices can result in more than just the termination of their employment.

 

(For the tech readers, this youtube video gives the “behind the scenes” of spoofing. It goes beyond the plug-in devices.)

Master the Art of GPS Spoofing: Tricks to Fake Your Phone’s Location

Uncover apps and techniques to change locations on iPhone and Android for fun and practical uses

Tim Fisher

What to Know

  • You can change your Android phone’s GPS location using a free app from the Google Play Store.
  • To spoof your iPhone location, use a desktop program like 3uTools on a Windows or Mac computer.
  • Be careful, as fake GPS can change your location for all apps, like maps and weather apps.

This article explains how to spoof a GPS location on your phone. In most cases, faking the location on your iPhone or Android affects every location-based app on your device.

Spoof Android Location

Search for “fake GPS” on Google Play, and you’ll find many options, some free and others not, and some requiring root access.

One app that doesn’t need you to root your phone—so long as you’re using Android 6.0 or newer—is called Fake GPS Location Spoofer, and it’s my favorite choice for changing my phone’s location. It’s straightforward to use, as you’ll see:

The information below should apply no matter who made your Android phone: Samsung, Google, Huawei, Xiaomi, etc.

  1. Install Fake GPS Location Spoofer. It works on Android 4.4 and up.
  2. Open the app and accept any prompts you see. You’ll need to tap Allow to let the app send notifications, and While using the app to give it location access.
  3. Tap Accept if you see a terms prompt, then choose Enable from the message about mock locations at the bottom.
  4. Choose Developer Settings to open that screen, tap Select mock location app toward the very end of the page that opened, and then select FakeGPS Free.

If you don’t see this screen, turn on developer mode and then return to this step. In some Android versions, you have to put a check in the box next to the Allow mock locations option on the Developer options screen.

  1. Use the back button to return to the app. Search for the location you want to fake on your phone (you can also drag the map to position the pointer). If you’re creating a route, tap and hold on the map to place markers.
  2. Tap the play button at the bottom of the screen to enable the fake GPS setting.

You can close the app and open Google Maps or another location app to see if your GPS location has been spoofed. To get your real location back, press the stop button.

If you’re interested in trying a different Android location spoofer, we’ve confirmed that the following free location-changing apps work much like FakeGPS Free: Fake GPS, Fly GPS, and Fake GPS Location. Another method is to use Xposed Framework to install a location-spoofing app.

Spoof iPhone Location

Faking your iPhone location isn’t as easy as on an Android device—you can’t just download an app. However, software makers have built desktop programs that make this easy.

Fake iPhone or iPad Location With 3uTools

3uTools is the best way to spoof the location of your iPhone or iPad because the software is free, and I’ve confirmed that it works with iOS 17 and iPadOS 17, so it’s likely also compatible with other versions of these operating systems.

  1. Download and install 3uTools. This was tested on Windows 11, but it works in other versions of Windows as well, plus macOS.
  2. With your iPhone or iPad plugged in, select Toolbox at the top of the program, and then VirtualLocation from that screen.
  1. Select somewhere on the map, or use the search bar, to choose where you want to fake your location.
  2. Select Modify virtual location, and then OK when you see the “succeeded” message.

If you see a prompt about Developer Mode, follow the steps on the screen to turn that on.

Restart your device to pull real GPS data again.

Fake iPhone or iPad Location With iTools

Another way to change your iPhone’s location without jailbreaking is by using iTools from ThinkSky. It runs on Windows and macOS and can simulate movement, but it isn’t free indefinitely. It works with iOS 16 and older versions.

  1. Download and install iTools. You might have to select Free Trial at some point before it fully opens.
  2. Plug your device into your computer and navigate to Toolbox > Virtual Location.
  1. If you see this screen, select the image in the Developer Mode section to agree to download the iOS Developer Disk Image file.
  2. Search for a location from the top of the screen, and then select Go to find it on the map.
  3. Select Move here to instantly fake your location.

The iTools website has more information on how to use the map. It can also simulate a route.

You can now exit the Virtual Location window in iTools as well as the program itself. If you’re asked whether to stop the simulation, you can choose No to make sure that your fake GPS location stays even when you unplug your phone.

To get your real location back, return to the map and select Stop Simulation. You can also reboot your device to immediately start using its real location again.

Remember that you can fake your phone’s location with iTools only within the 24-hour trial period; you’ll need to use an entirely different computer if you want to run the trial again. The fake location will remain as long as you don’t restart your device.

Why Would You Fake Your Location?

There are lots of situations where you might set up a fake GPS location, both for fun and for other reasons.

Maybe you want to change your location so that something like a dating app thinks you’re a hundred miles away, perfect if you’re planning to move somewhere and want to get ahead of the dating game.

Spoofing your location might also come into play when using a location-based game like Pokémon GO. Instead of having to travel several miles away to pick up a different Pokémon type, you could trick your phone into telling the game that you’re already there, and it will assume your fake location is accurate.

Other reasons to set up a mock GPS location might be if you want to “travel” to Tokyo and check in to a restaurant you’ve never actually been to, or visit a famous landmark to trick your Facebook friends into thinking you’re on an extravagant vacation.

You can also use your fake location to fool your family or friends in your location-sharing app, to hide your real location from apps that request it, and even to set your real location if GPS satellites aren’t doing a great job at finding it for you.

Changing your GPS location doesn’t hide your phone number, mask your IP address, or alter other things you do from your device.

GPS Spoofing Problems

Before getting started, please know that although it can be a lot of fun to fake your location, it’s not always helpful. Plus, because GPS spoofing isn’t a built-in option, it isn’t just a click away to get it going, and location fakers don’t always work for every app that reads your location.

If you install one of these apps on your phone to use it for, say, a video game, you’ll find that other apps that you want to use your real location with will also use the fake location. The game might very well use your spoofed address to your advantage, but if you open your navigation app to get directions somewhere, you’ll have to either turn off the location spoofer or manually adjust your starting location.

The same is true for other things like checking in to restaurants, staying current on your family-based GPS locator, checking the surrounding weather, etc. If you’re tricking your location system-wide for everything on your phone, it will affect the location in all your location-based apps.

Some websites falsely claim that using a VPN will change your GPS location. This is not true for most VPN apps, as their primary purpose is to hide your public IP address. Only a few VPNs include a GPS override function.

FAQ

  • How do you share your location on iPhone?

Open the Find My app and select People > + > Share My Location. Enter the name or number of the contact you want to share your location with and select Send. Choose the amount of time you want to share your location (one hour, until the end of the day, or indefinitely) and select OK.

  • How do you turn off your location on iPhone?

If you’re concerned with privacy on your iPhone, you can tell it to stop tracking your location. Go to Settings > Privacy & Security > Location Services and flip the toggle to Off.

  • How do you find the location of an iPhone?

Open the Find My app, select Devices, and then choose the device you want to locate. If the phone can be located, it appears on the map. If it can’t, you will see “Offline” under its name. Its last known location is displayed for up to 24 hours.

  • How can you see the location history on an iPhone?

Your iPhone keeps track of significant places you’ve visited, and you can review these. Go to Settings > Privacy & Security > Location Services > System Services > Significant Locations.

  • How do you change the weather location on an iPhone?

Tap and hold your finger on the Weather widget, and then select Edit “Weather”. Tap My Location and then choose a new one from the list that pops up, or use the search bar. The new location is now the default.

  • How do you share a location from iPhone to Android?

Open Contacts, select the contact, and then choose Share My Location. You can also share your location using Google Maps: Menu > Location sharing > Share location.

Telematics hacking: Three things you need to know

Jamming and spoofing may be your greatest threats

 

Sean Kilcarr

If you haven’t heard the terms “jamming” and “spoofing” in relation to trucking telematics before, you are not alone, for both are highly rare forms of telematics hacking in the U.S.

Yet Guy Buesnel, product manager for the positioning & navigation business unit at Spirent Communications, warns that such activity has occurred in overseas freight markets and could eventually make their way here to the U.S.

“GPS jamming is very prevalent right now, and the jamming equipment is easily procured and very inexpensive,” he told Fleet Owner. “We know that criminals are starting to use jammers to carry out crimes. For example, in Italy gangs have been targeting shipments of scrap metal. They hijack a truck, force the driver to pull over, hold the driver captive and then use a GPS jammer so the cargo can’t be tracked as they drive off with it.”

One of the more “insidious effects” of GPS jamming in Buesnel’s estimation is that as a jammer gets closer to a receiver, the receiver might start outputting hazardously misleading information such as incorrect information on position and time.

“Without understating how your receiver behaves with jamming and spoofing attacks, you’re taking a really big risk in trusting the data it outputs,” he explained.

Spoofing, however, is “a little trickier” to conduct, Buesnel said, because spoofing is actually about “faking” a GPS signal.

“So far there hasn’t an instance where someone has spoofed by faking a satellite signal,” he explained. “However, we know spoofing is going to be a real threat because criminals are already getting into application software and faking GPS coordinates.”

For fleets, Buesnel thinks spoofing is going to become a real threat to navigation, positioning, and timing systems.

“In order to cope with this, you need to know how robust your equipment is today and to be prepared,” he emphasized. “And you can only do that if you assess your risks and then test your equipment against current and future trends.”

That includes closely monitoring how a trucking company’s information technology (IT) network is constructed as well.

“With fleet networks, often the focus is on the trucking and delivery aspects, and all too often the IT components—servers, routers, firewalls, etc.—aren’t necessarily taken as seriously,” Buesnel noted.

“But people can get into the networks and start messing with data, which can impact delivery schedules, for example,” he explained. “This can easily be addressed by looking at what you’re building and figuring out how to properly secure it.”

Cyber security is also becoming a larger concern throughout the U.S. business community, according to the 2015 Business Risk Survey conducted by insurance broker The Graham Company.

The firm polled 300 senior U.S. business professionals and found that cyber security retained the highest proportion of “business risk” with 21% of respondents naming it as the number one threat they were most concerned about.

The survey also found nearly half of respondents felt a “significant level” of cyber risk from the following scenarios:

  • A hacking incident leading to theft of customer information
  • Inability to use the organization’s network
  • Theft of employees’ private information
  • Theft of intellectual property
  • Inability to access the organization’s website

“In the modern-day business environment where everything is interconnected, the potential threats facing a business are immense,” noted Ken Ewell, president and COO of The Graham Company. “This complexity of risks has caused many business leaders to become overwhelmed and unknowingly expose their businesses to risks that threaten their bottom line.”

That’s one reason why Spirent’s Buesnel believes IT security on the “back-end” of a motor carrier’s network “is vital, as all it takes is someone doing the wrong thing once” and malware gets installed within the carrier’s computer system.

“At that point a hacker now has complete access to your network, including delivery schedules, credit card payments, customer lists, etc.,” Buesnel warned. “All of this data can be taken very easily if the back-end IT network supporting the fleet is not secure.”

It’s also wise policy not to put too much trust in off-the-shelf “firewalls” designed to protect IT networks from hacking, he emphasized.

“Companies will often buy a firewall but they don’t always take time to think, ‘What does it actually mean that I bought a firewall?’” Buesnel pointed out.

“Is it configured properly? Did I buy the right licensing for it? Is it actually going to provide the protection I’m looking for? That goes for anti-virus too,” he added. “In Spirent’s testing, we’ve seen well-known products that are only 44% effective at blocking attacks. Just because you buy a firewall doesn’t mean you’re automatically secure.”

 

(There are many Apps which make GPS spoofing easy.)

How to Deal with GPS Jamming and Spoofing

CRFS

From ship navigation to financial transactions, we’re increasingly reliant on GPS (or other GNSS systems, such as Galileo, GLONASS or BDS BeiDou). Jamming and spoofing can therefore cause significant disruption and represent a public safety threat. Fortunately, spectrum monitoring allows detection and location of jammers and the possibility to pre-empt attacks with anti-jamming and anti-spoofing technologies.

GPS Jamming

Can GPS be jammed? Yes, and without much difficulty. GPS jamming is a relatively uncomplicated technique that simply involves producing an RF signal strong enough to drown out the transmissions from GPS satellites. The subject of a GPS jamming attack will be instantly aware that something is wrong, as the system will be unable to produce a geolocation result. GPS jamming can be carried out either unintentionally or deliberately, and its prevalence is increasing – during an L1 and L2 GPS band monitoring campaign over just a few weeks in London, we detected significant jamming activity. This ranged from crude unmodulated sources of interference poorly centered on the L1 or L2 band to synthesized sources suggesting deliberate targeting.

 

A common use of jammers in London is taxi and HGV drivers evading rules on maximum driving hours or trying to stop employers from tracking them. In other parts of the world, GPS jamming has been used for more sinister purposes. South Korea was subject to a major campaign of GPS jamming from North Korea in 2016, affecting ship and aircraft navigation. And with the advent of 5G systems moving into the frequencies used by GPS, interference is likely to become more and more widespread.

Whatever the target of a GPS jammer, the devices do not discriminate, so there is usually additional collateral damage. Air Traffic Control (ATC), search and rescue operations, the electric grid and mobile phone services are all vulnerable to GPS jamming fallout. The London Stock Exchange has been subject to repeated GPS outages, affecting timestamping of financial transactions. In 2007, a navy exercise on loss of GPS communications in San Diego harbor meant that residents of the city were unable to withdraw cash from ATMs and doctors’ emergency pagers stopped working – it took 3 days to identify the ships as the cause. As jamming activity from civilian users becomes more prevalent, we risk similar disruptions as well as more fatal incidents such as aircraft colliding over populated areas.

Spectrum monitoring, as implemented in our London campaign, enables GPS jammers to be detected and located by mobile direction finding systems. Analysis of frequency spectra to determine duration of interference and signal type can also be used as an indication of whether the interference is accidental or deliberate. Those involved in unintentional jamming can then be warned and malicious attackers can be prosecuted. This results in quick resolution of disruption and danger caused by GPS jamming and acts as a preventative deterrent.

CRFS’s RFeye receivers have exceptional noise performance allowing detection and location over larger areas. Automation features minimize human intervention and allow triggering of alarms on detection of jamming activity. Our GPS holdover module also ensures accurate timing synchronization between receivers even if jamming activity (or poor reception) means GPS signal is lost. High-performance receiver boards can also be integrated into 3rd party anti-jamming and anti-spoofing systems for critical applications requiring a proactive approach. Anti-jamming and anti-spoofing systems can distinguish true GPS signals from jammers and spoofers, enabling GPS location and timing services to continue even while under attack.

CRFS recommends that law enforcement implement a wider strategy of spectrum monitoring to combat the rise in GPS jamming activity. Any organization highly dependent on GPS services, whether a stock exchange or Air Traffic Control, is also advised to operate a dedicated counter-jamming system to ensure continuous protection of critical infrastructure.

GPS Spoofing

GPS spoofing is a more insidious form of attack, which involves deliberately mimicking the form of transmissions from GPS satellites, tricking the receiver into believing that it has been sent information as expected. GPS spoofing in its simplest form (sometimes called denial-of-service spoofing) involves location information being sent to the GPS receiver which is clearly false (it might, for instance, tell a ship out at sea that it is currently located on land). It is immediately clear to the user that they are being spoofed, but it nonetheless stops them using their GPS system for its intended purpose. In these circumstances, spoofing basically functions as a more targeted form of jamming, that only affects GPS systems, rather than flooding the entire RF environment with noise.

An even more subtle and complex form of GPS spoofing, deception spoofing, involves hijacking GPS systems by initially sending them correct location information (so the spoofing is not immediately obvious), and then very slowly changing the information being sent so as to, for instance, drag vessels off course into hostile waters, or disable a vessel on a sand bank.

So how does it work? GPS satellites send out a pseudo-random code, and receivers on the ground can tell from this code what time the signal was sent from each satellite. This allows them to determine how long the signal takes to reach them, and therefore how far from each satellite they are. The obvious way to determine if spoofing is taking place is to work out where the received signals are coming from. If it turns out to be sent from near to the receiver, rather than high in the atmosphere, we can be fairly certain the receiver is being spoofed. This is where CRFS’s systems come in. Using a network of at least four RFeye Nodes, a time difference of arrival (TDOA) calculation can be performed to find out where it originated. Not only does this allow the spoofing to be detected, but knowing the location of the spoofers can allow measures to be taken to shut it down at source.