Location spoofing possible with WiFi devices

Location spoofing possible with WiFi devices
Image credit: ETH Zurich

Apple iPhone and iPod (touch) support a new self-localization feature that uses known locations of wireless access points as well as the device's own ability to detect access points. Now ETH Zurich researchers have demonstrated that positions displayed by the devices using this system can be falsified, making the use of this self-localization system unsuitable in a number of security- and safety-critical applications.

In January, Skyhook Wireless Inc. announced that Apple would use Skyhook’s WiFi Positioning System (WPS) for its popular Map applications. The WPS database contains information on access points throughout the world. Skyhook itself provides most of the data in the database, with users contributing via direct entries to the database, and requests for localization.

ETH Zurich Professor Srdjan Capkun of the Department of Computer Science and his team of researchers analysed the security of Skyhook’s positioning system. The team’s results demonstrate the vulnerability of Skyhook’s and similar public WLAN positioning systems to location spoofing attacks.

When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Professor Capkun’s team decided to use a dual approach. First, access points from a known remote location were impersonated. Second, signals sent by access points in the vicinity were eliminated by jamming. These actions created the illusion in localized devices that their locations were different from their actual physical locations.

Skyhook’s WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.

Professor Capkun explained that by demonstrating these attacks, the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He said: "Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook’s WPS, should be restricted in security and safety-critical applications."

See more details at: www.syssec.ch/press/location-s … -the-iphone-and-ipod

Source: ETH Zurich

Explore further

Smarter use of mobile data

Citation: Location spoofing possible with WiFi devices (2008, April 14) retrieved 22 September 2019 from https://phys.org/news/2008-04-spoofing-wifi-devices.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Apr 15, 2008
Why use WPS when each iPhone MUST include GPS support by virtue of emmergency services laws? Possibly because WiFi service may be available inside buildings where cell phone service (and presumably GPS reception) is limited. I suggest the phone software should remember the last GPS coordinates received and compare that with any coordinates offered by WPS or any other WiFi based scheme. When spoofing leads to an unreasonable jump in location, the GPS position should be reported.

Aside: early versions of Microsoft's virtual earth software (maps.live.com) included a "locate me" button. It was based upon IP address and attempted something similar to WPS, using router location information as the basis. It failed miserably for me. I'm located on the Mississippi Gulf Coast, but my cable company has a gateway router in Southern California.... You can guess where I was reported to be!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more