Spoofing WiFi Positioning (and the Boss)
The boss wants it both ways. On one hand, she doesn't like me hanging around the office, disrupting a normal, pleasant working environment. On the other hand, she w...
The boss wants it both ways. On one hand, she doesn't like me hanging around the office, disrupting a normal, pleasant working environment. On the other hand, she wants to know where I am at all times -- right, like I'm going to tell.
Which is why she was delighted to learn a couple of months ago that Apple (she's a Mac kind of person) would be using a WiFi Positioning System (WPS) from Skyhook Wireless for Apple's mapping applications. The WPS database contains information on access points throughout the world, which means that I could run but not hide. But the boss apparently hasn't had the last word in all this, thanks to a team of researchers at ETH Zurich, the Swiss Federal Institute of Technology, have pointed out security vulnerabilities in the Skyhook positioning system.
According to Srdjan Capkun and his team in their paper iPhone and iPod Location Spoofing Attacks, when an Apple iPod or iPhone wants to find its position, it detects its neighboring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Capkun's team decided to use a dual approach.
First, access points from a known remote location were impersonated.
Second, signals sent by access points in the vicinity were eliminated by jamming.
These actions created the illusion in localized devices that their locations were different from their actual physical locations.
Skyhook's WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.
In demonstrating these attacks, Capkun and his the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He adds that "Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook's WPS, should be restricted in security and safety-critical applications."
As for the boss, for the time being she will just have to take my word that I really am at that press conference and not hanging out at the Java Dive.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024