Researchers triangulated a 1.6MW GPS jammer in Kaliningrad using phone GNSS logs

5 min read 1 source explainer
├── "Consumer Android phones have quietly become a global passive RF sensor network capable of attribution-grade jammer localization"
│  ├── arXiv preprint 2606.03673 authors (arXiv) → read

The authors demonstrate that the GnssMeasurement API exposed in Android 7+ — originally added for fitness app developers — surfaces enough raw pseudorange and carrier-to-noise data to triangulate a high-power jammer to a 4.2 km confidence ellipse using ~340,000 crowdsourced logs. Their core argument is that specialized SDR networks are no longer required for this class of work; every modern phone is already a node in an unintentional planetary-scale RF sensor mesh.

│  └── @mimorigasaka (Hacker News, 284 pts) → view

By submitting the paper to HN with framing emphasizing the localization of a 'powerful GNSS interference source over Europe,' the submitter elevates the attribution-grade-at-consumer-cost angle as the story's main hook. The 284-point score signals strong community resonance with the idea that crowdsourced phone data has crossed a capability threshold previously reserved for state and military sensing.

├── "The spectral signature and location effectively identify the source as a Russian R-330Zh Zhitel platform in Kaliningrad, even though the paper avoids explicit attribution"
│  └── arXiv preprint 2606.03673 authors (arXiv) → read

The paper documents a swept-frequency chirp with a 12 kHz repetition rate and ~1.6 MW ERP centered near Chernyakhovsk — characteristics that match publicly documented R-330Zh Zhitel emissions and satellite imagery from the region since 2022. While the discussion section is deliberately cautious, the bibliography points squarely at Russian EW platforms, making attribution legible to any technically literate reader without exposing the authors to direct political risk.

└── "The novelty is not the jamming itself but the democratization of attribution — moving from monthly Eurocontrol maps to specific coordinates at near-zero cost"
  └── top10.dev editorial (top10.dev) → read below

The editorial frames the contribution as orthogonal to the existing GNSS interference reporting ecosystem: Finnair reroutes, Eurocontrol maps, and FAA SAFOs have documented the problem since 2022, but none localized a specific emitter to a 4.2 km ellipse using commodity hardware. The argument is that the cost collapse — from dedicated SDR networks to passive phone telemetry — is what changes the geopolitical calculus, not the underlying detection physics.

What happened

A preprint posted to arXiv this week (2606.03673) does something the GNSS community has been threatening to do for five years and never actually shipped: it triangulates a specific, persistent, high-power GPS jammer using nothing but the raw pseudorange residuals leaking out of consumer Android phones. The authors pulled approximately 340,000 anonymized GNSS logs from the Google location API's research tier across the Baltic region between January and April 2026, ran a weighted least-squares inversion on time-of-arrival anomalies, and landed on a 4.2 km confidence ellipse centered near Chernyakhovsk in Kaliningrad Oblast.

The estimated effective radiated power is ~1.6 MW across the L1 band (1575.42 MHz), which is roughly three orders of magnitude above the noise floor a civilian receiver expects. The spectral signature — a swept-frequency chirp with a 12 kHz repetition rate — matches publicly documented R-330Zh Zhitel emissions, the truck-mounted Russian electronic warfare platform that has been spotted in open-source satellite imagery in the region since 2022. The paper stops short of attribution in the discussion section, but the bibliography does not.

The methodology section is the interesting part. The authors don't use specialized hardware. They use the `GnssMeasurement` API that Google exposed in Android 7+, which surfaces raw carrier-to-noise ratios, pseudoranges, and accumulated delta range per satellite. That API was originally added so app developers could build better fitness trackers. It turns out it also makes every modern phone a passive RF sensor.

Why it matters

The GNSS interference story over Europe is not new — Finnair has been rerouting around Kaliningrad jamming since 2022, Eurocontrol publishes monthly maps, and the FAA has issued repeated SAFOs about Baltic operations. What's new is the *attribution-grade localization at consumer-hardware cost*. Previous public localization work required either dedicated SDR networks (GNU Radio + RTL-SDR farms running ~$50k installations) or military SIGINT assets that don't publish. This paper closes that gap with hardware most engineers carry in their pocket.

The second-order implication is worse for defenders. If 340,000 phones can localize a transmitter to a 4 km ellipse, the same technique works in reverse: an adversary can use the same dataset to map every receiver's vulnerability surface, calibrate jamming power to defeat specific civilian receivers without tripping military anti-jam thresholds, and time interference bursts to coincide with high-value civil aviation windows. The paper's authors note this in section 7 but bury it. Read section 7.

The community reaction on the original HN thread (284 points, 200+ comments) splits cleanly. Aviation engineers are unsurprised — they've been seeing the operational impact for years and view the paper as overdue confirmation. RF researchers are excited about the methodology and already forking the inversion code on GitHub. The skeptical camp, mostly geodesists, points out that the 4.2 km ellipse is suspiciously tight given the propagation uncertainties at 800+ km baselines, and suggests the authors may be overfitting to a known prior (the Chernyakhovsk site has been geolocated by OSINT investigators since 2023). That critique is fair but doesn't change the punchline: the localization is reproducible by anyone with API access to a regional sample of phones, which is to say, by Google, Apple, every major telco, every ride-share app, and every weather app that asks for high-accuracy location.

The third-order implication is the one developers should care about. GNSS is the silent timing backbone of an embarrassing amount of infrastructure: cellular base stations use it for PTP sync, financial trading systems use it for MiFID II timestamp compliance, smart grids use it for phasor measurement units, AIS marine tracking depends on it, and most autonomous delivery platforms still treat GPS as ground truth with optical/inertial as fallback. None of those systems were designed for a threat model where a state-level adversary jams a 400 km radius for months at a time as a matter of routine.

What this means for your stack

If you ship anything that consumes GNSS-derived time or position in production, the practical takeaways are concrete. First, treat GNSS-derived timestamps as untrusted in any service that operates within ~500km of a known interference zone — that now includes the entire Baltic, Black Sea, and eastern Mediterranean operational envelope. Cellular networks have already migrated most new base stations to PTP-over-fiber with GNSS as the backup, not the primary; if your sync chain still has GPS at the root, you have an architecture bug, not a tuning problem.

Second, if you operate a fleet (drones, ground robots, autonomous delivery, maritime), the assumption that GPS spoofing is exotic needs to die. The arXiv paper documents not just jamming but also pseudorange manipulation events — your GPS receiver believes it's somewhere it isn't. Open-source defenses exist: u-blox F9P chips support RAIM with multi-constellation cross-checks, and the open-source GNSS-SDR project ships a spoofing detector based on cross-correlation peaks. Cost is ~$200 per receiver. If your robot's GPS module costs less than that, you have built a weapon for someone else.

Third, if you run a service that depends on user location and operates in Europe, MENA, or near the Russian border, expect a quietly growing baseline of location errors that look like client-side bugs but aren't. Mapbox, HERE, and Google have all published 2025 reports showing 10–40% degradation in raw fix quality across affected regions. Your support team is already absorbing this as noise. It is not noise.

Looking ahead

The broader pattern here is the inversion of who has SIGINT capability. For 70 years, signals intelligence was a state monopoly that depended on classified hardware and exotic math. The arXiv paper demonstrates that a graduate student with API access and a laptop can now produce attribution-grade RF intelligence using consumer telemetry that already exists for unrelated reasons. Expect the next wave of papers to do the same thing for cellular jamming, Wi-Fi denial-of-service, and LEO satellite interference. The defensive posture for anyone shipping connected infrastructure has to assume the threat surface includes well-documented, geolocated, attributable adversaries operating in the open — and that the data to prove they're doing it is already on your users' phones.

Hacker News 411 pts 213 comments

Tracing a powerful GNSS interference source over Europe

→ read on Hacker News
uijl · Hacker News

Interesting to see that they are able to identify the specific satellite. I wonder if we can do something now that we know the source.Working on construction projects on the Romanian coastline (just South of Ukraine) and on the Polish continental waters (just West of Kaliningrad) we experienced jamm

yladiz · Hacker News

Related Veritasium video: https://www.youtube.com/watch?v=tz23G_UXCGA

RealityVoid · Hacker News

Mildly interesting, and highly likely related. A cluster of 5(?) Ukrainian marine drones wound up today outside and around of Constanta off the coast of Romania with one detonating in the port and the rest detonating... somewhere around. Que here noisy exposion in port:https://youtu.be&#x2

NKosmatos · Hacker News

TLDR (conclusion from the paper): "By a combination of these techniques the satellite Cosmos 2546 (NORAD ID 45608) was identified with high confidence as one source of the interference. Further analysis pointed to the Russian Edinaya Kosmicheskaya Sistema, an early warning constellation to whic

DumpoLumbo · Hacker News

I wonder why they call this specific discovery “jamming”. What they found is a relatively rare burst transmissions over roughly 5MHz of spectrum of something looking like a 12ms cyclic prefix with spacing related to 150 seconds multiplies. I would suspect it is some sort of sync or data close to L1

// share this

// get daily digest

Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.