GPS Spoofing Attacks on Automated Frequency Coordination System in Wi-Fi 6E and Beyond
Yilu Dong, Tianchang Yang, Arupjyoti Bhuyan, Syed Rafiul Hussain
TL;DR
The paper tackles the security of Automated Frequency Coordination (AFC) in the 6 GHz Wi‑Fi band by showing that GPS-based AP location reporting can be spoofed, enabling attackers to alter frequency and power allocations or disable APs. It presents a security analysis of AFC, designs GPS spoofing attacks, and validates them in a lab against a commercial AP while evaluating AFC responses to spoofed inputs. The key contributions include the first security assessment of AFC’s GPS-dependence, demonstration of practical spoofing attacks, and discussion of edge-case robustness and defense strategies. The findings highlight significant risks to incumbent protection mechanisms and underscore the need for robust, multi-source, verifiable location integrity in spectrum-sharing ecosystems with real-world critical infrastructure implications.
Abstract
The 6 GHz spectrum, recently opened for unlicensed use under Wi-Fi 6E and Wi-Fi 7, overlaps with frequencies used by mission-critical incumbent systems such as public safety communications and utility infrastructure. To prevent interference, the FCC mandates the use of Automated Frequency Coordination (AFC) systems, which assign safe frequency and power levels based on Wi-Fi Access Point (AP)-reported locations. In this work, we demonstrate that GPS-based location reporting, which Wi-Fi APs use, can be spoofed using inexpensive, off-the-shelf radio equipment. This enables attackers to manipulate AP behavior, gain unauthorized spectrum access, cause harmful interference, or disable APs entirely by spoofing them into foreign locations. We validate these attacks in a controlled lab setting against a commercial AP and evaluate a commercial AFC system under spoofed scenarios. Our findings highlight critical gaps in the security assumptions of AFC and motivate the need for stronger location integrity protections.