Location spoofing possible with WiFi devices
April 14, 2008
Image credit: ETH Zurich
Apple iPhone and iPod (touch) support a new self-localization feature that uses known locations of wireless access points as well as the device's own ability to detect access points. Now ETH Zurich researchers have demonstrated that positions displayed by the devices using this system can be falsified, making the use of this self-localization system unsuitable in a number of security- and safety-critical applications.
In January, Skyhook Wireless Inc. announced that Apple would use Skyhook’s WiFi Positioning System (WPS) for its popular Map applications. The WPS database contains information on access points throughout the world. Skyhook itself provides most of the data in the database, with users contributing via direct entries to the database, and requests for localization.
ETH Zurich Professor Srdjan Capkun of the Department of Computer Science and his team of researchers analysed the security of Skyhook’s positioning system. The team’s results demonstrate the vulnerability of Skyhook’s and similar public WLAN positioning systems to location spoofing attacks.
When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Professor Capkun’s team decided to use a dual approach. First, access points from a known remote location were impersonated. Second, signals sent by access points in the vicinity were eliminated by jamming. These actions created the illusion in localized devices that their locations were different from their actual physical locations.
Skyhook’s WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.
Professor Capkun explained that by demonstrating these attacks, the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He said: "Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook’s WPS, should be restricted in security and safety-critical applications."
See more details at: http://www.syssec. … one-and-ipod
Source: ETH Zurich
-
A therapist in your pocket
Feb 07, 2012 |
4.5 / 5 (2) |
0
-
Photovoltaic panels made from plant material could become a cheap alternative to traditional solar cells
Feb 03, 2012 |
4.8 / 5 (9) |
0
-
New technique successfully dissolves blood clots in the brain and lowers risk of brain damage after stroke
Feb 03, 2012 |
5 / 5 (1) |
0
-
User privacy key as Facebook goes public
Feb 02, 2012 |
not rated yet |
0
-
What Google knows about you
Feb 02, 2012 |
4.3 / 5 (3) |
4
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (33) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (5) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (2) |
0
-
Flushing RAM in Mathematica
4 hours ago
-
Synergistic relations between computer science and technology.
Feb 06, 2012
-
how do iphone gloves work?
Feb 05, 2012
-
iPhone battery over time
Jan 30, 2012
-
Best alternate Tablet to an iPad for writing math or physics equations?
Jan 26, 2012
-
Sending SMS to a website
Jan 20, 2012
- More from Physics Forums - Computing & Technology
More news stories
Chinese city seizes Apple iPads in name dispute
(AP) -- Authorities have seized Apple iPads from retailers in a city in northern China due to a dispute with a domestic company that says it owns the iPad name, an official said Monday. The Chinese company said it is asking ...
23 minutes ago |
not rated yet |
0
Microsoft India retail site down after 'cyber attack'
Microsoft India's retail website was down on Monday after reportedly being hacked by a Chinese group calling itself Evil Shadow Team.
21 minutes ago |
not rated yet |
0
Hacker claims porn site users compromised
A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers.
1 hour ago |
5 / 5 (1) |
0
Google might launch Drive for cloud storage soon
(PhysOrg.com) -- Google's next big move, according to the Wall Street Journal, is a cloud storage service called Drive. Hardly first to the plate, Google is simply catching up to introducing its cloud reposi ...
23 hours ago |
4.2 / 5 (6) |
5
|
AT&T customers surprised by 'unlimited data' limit
(AP) -- Mike Trang likes to use his iPhone 4 as a GPS device, helping him get around in his job. Now and then, his younger cousins get ahold of it, and play some YouTube videos and games.
2 hours ago |
5 / 5 (2) |
0
Ordered planar polymers created for the first time
(PhysOrg.com) -- Scientists under the direction of ETH Zurich have created a minor sensation in synthetic chemistry. They succeeded for the first time in producing regularly ordered planar polymers that form ...
New European rocket lifts off on maiden flight
A new lightweight rocket, Vega, lifted off from Europe's space base Monday carrying nine satellites on its inaugural flight, mission control said.
Rapunzel, Leonardo and the physics of the ponytail
(PhysOrg.com) -- New research provides the first mathematical understanding of the shape of a ponytail and could have implications for the textile industry, computer animation and personal care products.
Scientists discover molecular secrets of 2,000-year-old Chinese herbal remedy
For roughly two thousand years, Chinese herbalists have treated Malaria using a root extract, commonly known as Chang Shan, from a type of hydrangea that grows in Tibet and Nepal. More recent studies suggest that halofuginone, ...
Climate change causes harmful algal blooms in North Atlantic: study
Warming oceans and increases in windiness could be causing of an abundance of harmful algal blooms in the North Atlantic Ocean and North Sea, according to new research.
Cognitive impairment in older adults often unrecognized in the primary care setting
A new study published in the Journal of the American Geriatrics Society reveals that brief cognitive screenings combined with offering further evaluation increased new diagnoses of cognitive impairment in older veterans two to ...
Apr 15, 2008
Rank: not rated yet
Aside: early versions of Microsoft's virtual earth software (maps.live.com) included a "locate me" button. It was based upon IP address and attempted something similar to WPS, using router location information as the basis. It failed miserably for me. I'm located on the Mississippi Gulf Coast, but my cable company has a gateway router in Southern California.... You can guess where I was reported to be!