1,100 Ships Were Sent Fake GPS Signals. Their Navigation Said They Were at Airports and Nuclear Plants.

Since February 28, 2026 — in the wake of US–Israeli military strikes on Iran — the Strait of Hormuz has been in a "digital fog." Over 1,100 civilian ships have been hit by GPS jamming and spoofing. The strait carries about 20% of global oil and is only 33 kilometres wide at its narrowest. Tankers and cargo vessels did not simply lose signal; many received false positions that showed them on land, at airports, and in at least one documented case over a nuclear power plant. Collision risk spiked. Some operators shut off AIS (automatic identification system) entirely to avoid acting on spoofed data. At least three tankers have been damaged in the conflict. For developers and ops teams, the incident is a sharp reminder: anything that depends on GPS or GNSS for position or time — logistics, drones, timing servers, smart infrastructure — is now in the crosshairs of geopolitical disruption.

Jamming vs Spoofing: Why It Matters

Jamming floods receivers with noise so GPS stops working. Spoofing sends fake but plausible signals so systems believe they are somewhere they are not. Spoofing is worse for safety: a ship might think it is in open water when it is heading for the shore, or two vessels might think they are far apart when they are on a collision course. In the Gulf, AIS feeds (which rely on GPS for position) showed vessels simultaneously on land and at airports. That kind of corruption does not just break maps; it breaks trust in any downstream system that consumes position or time.

The Developer and Ops Angle

Most software does not talk to GPS hardware directly. But a lot of what we build depends on time and place. NTP time often comes from GPS-disciplined clocks in data centres. Logistics, delivery, and fleet software assume GPS-derived positions are truthful. Drone and autonomous systems use GNSS for navigation. Financial timestamps, certificate validity, and distributed consensus can all be skewed if time sources are manipulated. The UK’s National Physical Laboratory is already expanding from two to five stratum-1 NTP servers across three locations with ground-based timing so critical infrastructure is not solely dependent on satellite signals. The lesson: do not assume GPS or GNSS is always correct or available. For anything safety- or finance-critical, consider multiple time sources, integrity checks, and failover to terrestrial timing (e.g. NTP from non-GPS stratum-1 servers). If your system would behave badly with wrong time or wrong position, treat GPS as hostile input and validate or diversify.

Why This Will Keep Happening

GPS is unauthenticated. Anyone with the right hardware can broadcast fake signals. Iran is not the only actor with the capability; Russia, China, and others have demonstrated GNSS spoofing in conflict zones and near sensitive sites. As long as critical infrastructure and global trade rely on a single, spoofable system, these incidents will recur. The 1,100-ship figure is a lower bound; the real number of affected vessels and the knock-on cost to supply chains will take months to tally. For teams building or operating systems that depend on time or location, the takeaway is to design for a world where GNSS can lie — and to push for and use resilient alternatives where it matters.