How spoofing works
A spoofer transmits counterfeit GPS signals at higher power than the real satellites. The receiver locks onto the stronger fake and computes a false position. A drone thinking it is over home base is actually over enemy territory. A ship believing it is in international waters is inside territorial limits. The 2011 drone capture in Iran was allegedly a spoofing success.
Civil vs. military signals
Civilian GPS (L1 C/A) is unencrypted and easy to spoof. Military GPS (M-code, Y-code on P(Y)) is encrypted and significantly harder. But most commercial aviation, maritime and automotive systems rely on civilian signals. The vulnerability is economic as much as technical.
Multi-sensor countermeasures
The best defence is not trusting GPS alone. Inertial navigation (INS) remembers where you were and integrates motion. Radar altimeters measure height independently. Automatic Dependent Surveillance-Broadcast (ADS-B) can be cross-checked against other aircraft. Multi-constellation GNSS (GPS + Galileo + GLONASS + BeiDou) makes spoofing all of them simultaneously far harder.
CRPA and advanced antennas
Controlled Reception Pattern Antennas (CRPA) use multiple elements and digital beamforming to null out signals arriving from unexpected directions — like a spoofing transmitter on the ground while real satellites are overhead. CRPA is standard on military aircraft and increasingly on commercial ships in high-risk waters.