Iran Hijacked GPS for 1,100 Ships. Some Were Spoofed to Airports and Nuclear Plants.
Quick summary
Since late February 2026, GPS jamming and spoofing in the Strait of Hormuz has hit over 1,100 vessels. Ships' positions appeared on land, at airports, and over nuclear sites. What it means for global shipping, timing systems, and why developers should care.
Since February 28, 2026 — in the wake of US–Israeli military strikes on Iran — the Strait of Hormuz has been in a "digital fog." Over 1,100 civilian ships have been hit by GPS jamming and spoofing. The strait carries about 20% of global oil and is only 33 kilometres wide at its narrowest. Tankers and cargo vessels did not simply lose signal; many received false positions that showed them on land, at airports, and in at least one documented case over a nuclear power plant. Collision risk spiked. Some operators shut off AIS (automatic identification system) entirely to avoid acting on spoofed data. At least three tankers have been damaged in the conflict. For developers and ops teams, the incident is a sharp reminder: anything that depends on GPS or GNSS for position or time — logistics, drones, timing servers, smart infrastructure — is now in the crosshairs of geopolitical disruption.
Jamming vs Spoofing: Why It Matters
Jamming floods receivers with noise so GPS stops working. Spoofing sends fake but plausible signals so systems believe they are somewhere they are not. Spoofing is worse for safety: a ship might think it is in open water when it is heading for the shore, or two vessels might think they are far apart when they are on a collision course. In the Gulf, AIS feeds (which rely on GPS for position) showed vessels simultaneously on land and at airports. That kind of corruption does not just break maps; it breaks trust in any downstream system that consumes position or time.
The Developer and Ops Angle
Most software does not talk to GPS hardware directly. But a lot of what we build depends on time and place. NTP time often comes from GPS-disciplined clocks in data centres. Logistics, delivery, and fleet software assume GPS-derived positions are truthful. Drone and autonomous systems use GNSS for navigation. Financial timestamps, certificate validity, and distributed consensus can all be skewed if time sources are manipulated. The UK’s National Physical Laboratory is already expanding from two to five stratum-1 NTP servers across three locations with ground-based timing so critical infrastructure is not solely dependent on satellite signals. The lesson: do not assume GPS or GNSS is always correct or available. For anything safety- or finance-critical, consider multiple time sources, integrity checks, and failover to terrestrial timing (e.g. NTP from non-GPS stratum-1 servers). If your system would behave badly with wrong time or wrong position, treat GPS as hostile input and validate or diversify.
Why This Will Keep Happening
GPS is unauthenticated. Anyone with the right hardware can broadcast fake signals. Iran is not the only actor with the capability; Russia, China, and others have demonstrated GNSS spoofing in conflict zones and near sensitive sites. As long as critical infrastructure and global trade rely on a single, spoofable system, these incidents will recur. The 1,100-ship figure is a lower bound; the real number of affected vessels and the knock-on cost to supply chains will take months to tally. For teams building or operating systems that depend on time or location, the takeaway is to design for a world where GNSS can lie — and to push for and use resilient alternatives where it matters.
More on Geopolitics
All posts →SpaceX Cut Off Russia's Starlink and Ukraine Retook 200 Square Kilometers in a Week.
In February 2026 SpaceX rolled out a Starlink whitelist; Russian military terminals went dark. Ukrainian forces retook over 200 km² in days. What it teaches developers about single-provider dependency and critical infrastructure.
Gulf Submarine Cables and AWS Middle East Are Under Threat. Here's How to Harden Your Region and Failover.
U.S.–Iran tensions closed Red Sea and Strait of Hormuz traffic in 2026. Seventeen submarine cables run through the Gulf; AWS told customers to migrate workloads out. What developers and architects need to do about region choice and failover now.
CyberStrikeAI Compromised 600+ FortiGate Devices in 55 Countries — What Dev and Ops Teams Must Do Now
An AI-powered attack tool breached 600+ Fortinet FortiGate firewalls across 55 countries in weeks. How it happened, why default credentials and exposed management ports are the real story, and four actions every team should take in March 2026.
80% of Workers Use Unapproved AI Tools and 49% Hide It From IT. The $650K Breach Bill Is Just the Start.
Teramind’s March 2026 data: over 80% of workers use unapproved AI, 33% have shared proprietary data with unsanctioned services, and AI-associated breaches average over $650K. What developers and IT need to do about shadow AI and governance now.
Free Tool
Will AI replace your job?
4 questions. Get a personalised developer risk score based on your stack, role, and what you actually build day to day.
Check Your AI Risk Score →Written by
Abhishek Gautam
Full Stack Developer & Software Engineer based in Delhi, India. Building web applications and SaaS products with React, Next.js, Node.js, and TypeScript. 8+ projects deployed across 7+ countries.
Free Weekly Briefing
The AI & Dev Briefing
One honest email a week — what actually matters in AI and software engineering. No noise, no sponsored content. Read by developers across 30+ countries.
No spam. Unsubscribe anytime.