This paper uncovers two fundamental vulnerabilities in the Galileo Open Service Navigation Message Authentication (OSNMA) protocol: Artificially Controllable Time Synchronization (ATS) and Interruptible Message Authentication (IMA), rendering it susceptible to replay, forgery, and splice-replay spoofing attacks. To demonstrate practical exploitability, we propose— for the first time—three time-synchronization-compliant attack classes: Time-Synchronized Replay (TSR), Time-Synchronized Forgery (TSF), and Splice Replay (CR). Notably, TSF is the first OSNMA-compliant navigation message forgery attack satisfying all protocol-imposed temporal constraints, enabling arbitrary positioning deception. All attacks are rigorously validated using OSNMAlib and successfully implemented on both a software-defined radio platform and a commercial Septentrio receiver. Experimental results confirm a substantive security failure of OSNMA in open-service deployments, undermining its claimed authentication guarantees against real-world adversarial threats.

This paper examines the Galileo Open Service Navigation Message Authentication (OSNMA) and, for the first time, discovers two critical vulnerabilities, namely artificially-manipulated time synchronization (ATS) and interruptible message authentication (IMA). ATS allows attackers falsify a receiver's signals and/or local reference time (LRT) while still fulfilling the time synchronization (TS) requirement. IMA allows temporary interruption of the navigation data authentication process due to the reception of a broken message (probably caused by spoofing attacks) and restores the authentication later. By exploiting the ATS vulnerability, we propose a TS-comply replay (TSR) attack with two variants (real-time and non-real-time), where attackers replay signals to a victim receiver while strictly complying with the TS rule. We further propose a TS-comply forgery (TSF) attack, where attackers first use a previously-disclosed key to forge a message based on the OSNMA protocol, then tamper with the vitcim receiver's LRT correspondingly to comply with the TS rule and finally transmit the forged message to the receiver. Finally, we propose a concatenating replay (CR) attack based on the IMA vulnerability, where attackers concatenate replayed signals to the victim receiver's signals in a way that still enables correct verification of the navigation data in the replayed signals. To validate the effectiveness of the proposed attacks, we conduct real-world experiments with a commercial Galileo receiver manufactured by Septentrio, two software-defined radio (SDR) devices, open-source Galileo-SDR-SIM and OSNMAlib software. The results showed that all the attacks can successfully pass the OSNMA scheme and the TSF attack can spoof receivers to arbitrary locations.