GPS Spoofing Grounded the MSC Antonia - Protect Your Vessel

The MSC Antonia Incident

On a routine approach to Jeddah Port in May 2025, the MSC Antonia - a 7,000 TEU container vessel - ran aground near Eliza Shoals. The investigation identified GPS spoofing as a contributing factor to the grounding. The vessel's navigation systems were receiving false GPS signals that shifted the reported position away from the vessel's actual location, leading the crew to believe they were on a safe track when they were not.

This incident is significant because it represents the first major documented case where GPS spoofing directly contributed to a maritime casualty. While GPS interference and spoofing have been observed in the maritime industry for years, previous incidents had been limited to position reporting anomalies, AIS data corruption, and navigational confusion that crews were able to detect and correct before a casualty occurred. The MSC Antonia grounding demonstrated that spoofing can cause real, physical damage - a 7,000 TEU vessel aground is not an abstract cybersecurity risk.

The Red Sea and Persian Gulf region where the incident occurred has been a hotspot for GPS interference. The combination of geopolitical tensions, proximity to state-level electronic warfare capabilities, and dense shipping traffic creates an environment where GPS spoofing is both more likely to occur and more dangerous when it does.

The Scale of the Problem

The MSC Antonia grounding was not an isolated event but rather the most visible consequence of a problem that has been escalating rapidly. GPS disruption incidents now occur at a rate of approximately 1,000 per day, affecting more than 40,000 vessels worldwide. These incidents range from brief signal interference that causes momentary position jumps to sustained spoofing campaigns that can shift reported positions by several nautical miles.

In June 2025, a single two-week period saw more than 3,000 vessels disrupted by GPS interference in the Persian Gulf alone. Vessels reported sudden position shifts, inconsistencies between GPS and radar data, and AIS transponders broadcasting incorrect locations. Some vessels found their electronic chart displays showing them positioned on land or in entirely different waterways.

The geographic spread of GPS disruption has expanded well beyond conflict zones. Incidents have been documented in the Eastern Mediterranean, the Black Sea, the Baltic Sea, and increasingly in Southeast Asian waterways. As spoofing technology becomes more accessible and less expensive, the threat is no longer confined to areas adjacent to military operations.

For vessel operators, the statistical reality is stark: if your vessel transits the Red Sea, Persian Gulf, or Eastern Mediterranean with any regularity, the question is not whether you will encounter GPS spoofing, but when - and whether your crew will recognise it before it causes a problem.

How GPS Spoofing Works

GPS spoofing exploits a fundamental vulnerability in the Global Positioning System: civilian GPS signals are unencrypted and unauthenticated. A GPS receiver has no built-in way to verify that the signals it is receiving are genuine satellite transmissions rather than false signals generated by a nearby transmitter.

A spoofer broadcasts counterfeit GPS signals that mimic the structure and timing of real satellite signals but encode false position data. If the spoofed signal is stronger than the genuine satellite signal - which is relatively easy to achieve since GPS satellite signals are extremely weak by the time they reach the Earth's surface - the vessel's GPS receiver will lock onto the false signal and calculate an incorrect position.

Sophisticated spoofing attacks are gradual. Rather than immediately shifting the reported position by a large distance (which would be obvious to the crew), the spoofer slowly drifts the position over time, moving the reported location a few metres per minute. This gradual drift is designed to stay below the threshold of human perception - the crew sees a position that looks plausible, changing at a rate that seems normal for a vessel underway, but the position is slowly diverging from reality.

The impact on vessel navigation is cascading. A spoofed GPS position does not just affect the chart display - it corrupts every system that depends on GPS data. The AIS transponder broadcasts the wrong position. The electronic chart system shows the vessel on the wrong track. Speed and course calculations become unreliable. Autopilot systems may adjust heading based on the false position. Weather routing, ETA calculations, and traffic separation compliance all become compromised.

Detection Approaches

Detecting GPS spoofing requires comparing the GPS position against independent sources of position information. No single detection method is foolproof, but a combination of cross-checks can reveal discrepancies that indicate spoofing is occurring.

Radar Cross-Reference

Marine radar provides an independent measurement of the vessel's position relative to nearby land masses, navigational aids, and other vessels. If the radar return shows the vessel at a different distance or bearing from a known landmark than what the GPS position indicates, this is a strong indicator of GPS interference. Radar is not affected by GPS spoofing because it uses the vessel's own transmitted signal rather than satellite signals.

AIS Comparison

Comparing the vessel's AIS-reported position with visual observation of nearby vessels can reveal inconsistencies. If your AIS display shows a vessel at a particular bearing and distance but visual observation or radar shows it somewhere else, either your GPS or theirs (or both) may be compromised. When multiple vessels in the same area simultaneously show position anomalies, this is a strong indicator of area-wide spoofing.

Visual Bearings and Celestial Navigation

Traditional navigation techniques - taking visual bearings on landmarks, celestial observations, and dead reckoning - provide position references that are completely independent of any electronic system. While these methods are less precise than GPS, they are immune to electronic interference. A vessel that maintains basic visual navigation competency has a fallback that can identify when GPS data is unreliable.

Depth Soundings

Comparing the echo sounder reading with the charted depth at the GPS-reported position is a simple but effective cross-check. If the chart shows 50 metres of water at your reported position but the echo sounder reads 15 metres, something is wrong. This method is particularly useful in areas with significant depth variation.

How NCoDE Command Detects Position Anomalies

NCoDE Command's integrated navigation display brings together multiple position data sources into a single operational view, making it significantly easier for crews to detect the discrepancies that indicate GPS spoofing.

The platform overlays AIS tracking data with radar returns and GPS position on the same display. When these data sources disagree - when the GPS position shows the vessel in one location but radar returns indicate a different position relative to known landmarks - the discrepancy becomes immediately visible. Rather than relying on the crew to manually compare separate displays, NCoDE Command presents the comparison automatically.

The multi-source navigation display also tracks position history, making gradual drift attacks visible. Even if the GPS position is shifting slowly enough that each individual update looks plausible, the accumulated drift over time creates a visible divergence from radar-confirmed positions. This addresses the most dangerous type of spoofing attack - the slow drift that stays below human perception thresholds.

For fleet operators monitoring multiple vessels from shore, NCoDE Command provides fleet-wide position monitoring that can identify when multiple vessels in the same geographic area are simultaneously experiencing position anomalies. This pattern detection is a strong indicator of area-wide spoofing and can trigger warnings to other vessels approaching the affected area.

NCoDE Peplink's Territorial Waters Alarm

NCoDE Peplink adds another layer of spoofing detection through its Starlink territorial waters alarm system. Starlink terminals contain their own GPS receivers that are independent of the vessel's primary navigation GPS. NCoDE Peplink uses this independent GPS position as a cross-check against the vessel's reported position.

The territorial waters alarm was originally designed to alert operators when a vessel approaches boundaries where Starlink service availability changes. However, this same capability serves as an effective spoofing detector. If the vessel's primary GPS reports a position in one location but the Starlink terminal's independent GPS shows a significantly different location, the system flags the discrepancy. This independent cross-check operates continuously and automatically, without requiring any crew action.

The combination of NCoDE Command's multi-source navigation display and NCoDE Peplink's independent GPS cross-check creates a layered detection system. No spoofing attack can simultaneously compromise the vessel's primary GPS, the radar system, the AIS network, and the Starlink terminal's independent GPS. By monitoring all of these sources and comparing them continuously, the NCoDE platform gives crews the situational awareness needed to recognise spoofing before it leads to a casualty.