How to stealthily inject GPS spoofing signals into autonomous vehicles without triggering onboard IMU-based anomaly detection? Method: We propose a novel evasion attack that leverages an external IMU to continuously observe the vehicle’s true dynamic state; integrates multi-source IMU measurements via an extended Kalman filter (EKF) for high-precision motion estimation; and generates spoofed GPS pseudoranges—via closed-loop feedback optimization—that are kinematically consistent with the estimated true motion. Contribution/Results: Our approach systematically evades mainstream defenses, including IMU residual-based detection and motion-consistency verification. Experimental evaluation demonstrates stable, long-duration injection of arbitrary pseudorange offsets without triggering any onboard GPS spoofing alarms, thereby significantly surpassing the robustness limits of existing detection mechanisms.

Autonomous Vehicles (AVs) refer to systems capable of perceiving their states and moving without human intervention. Among the factors required for autonomous decision-making in mobility, positional awareness of the vehicle itself is the most critical. Accordingly, extensive research has been conducted on defense mechanisms against GPS spoofing attacks, which threaten AVs by disrupting position recognition. Among these, detection methods based on internal IMU sensors are regarded as some of the most effective. In this paper, we propose a spoofing attack system designed to neutralize IMU sensor-based detection. First, we present an attack modeling approach for bypassing such detection. Then, based on EKF sensor fusion, we experimentally analyze both the impact of GPS spoofing values on the internal target system and how our proposed methodology reduces anomaly detection within the target system. To this end, this paper proposes an attack model that performs GPS spoofing by stealing internal dynamic state information using an external IMU sensor, and the experimental results demonstrate that attack values can be injected without being detected.