What if some submitters submit some fake headers?

[spartucus]

// Anyone can submit block headers to BtcMirror. The contract verifies
// proof-of-work, keeping only the longest chain it has seen. As long as 50% of
// Bitcoin hash power is honest and at least one person is running the submitter
// script, the BtcMirror contract always reports the current canonical Bitcoin
// chain.

From the BtcMirroe.sol code, submit function does not check the authority of sender, what if some attackers submit fake headers? How can we make sure that the header stored in the contract is the real bitcoin header?