Up to 30 percent of the world's Global Positioning System infrastructure could be taken offline by a 45-second message sent from equipment that costs only $2,500, researchers, say.
The implications of such an attack are grave and would affect everything from the abilities of ships, planes and unmanned drones to navigate to vital military operations and emergency services' abilities to quickly respond to distress calls.
"The good news is that as far as we know, we are the only ones with a spoofing device currently capable of the types of attacks," Carnegie Mellon University's Tyler Nighswander, who co-authored a paper on the subject, told SC Magazine.
"The bad news is that our spoofer would not be prohibitively expensive and complicated for someone to build, if they had the proper skill set ... It's difficult to put an exact likelihood on these attacks happening."
Nighswander added that a determined attacker faces no huge obstacles at this time.
The researchers tested the concept on GPS receivers manufactured by several different companies. Each crashed after receiving the malicious signal due to "software bugs in the processing of the navigation message," the paper said.
Researchers' attacks included location spoofs that could trick certain systems into shutting down or misbehaving, such as systems that run prisoner ankle bracelets, traffic signals and other programs that run critical infrastructure.
"The overall landscape of GPS vulnerabilities is startling, and our experiments demonstrate a signiﬁcantly larger attack surface than previously thought," the paper added. "Until GPS is secured, life and safety-critical applications that depend upon it are likely vulnerable to attack."
Follow Ben on Twitter.