WiFi devices vulnerable to location spoofing attacks

[hari]

Researchers at Swiss Federal Institute of Technology (ETH Zurich) have demonstrated the vulnerabilities of a famous WiFi Positioning System (WPS) to location spoofing attacks.

Skyhook's WiFi Positioning System (WPS) is the same system that, Skyhook Wireless Inc. recently announced, was to be used by Apple for its popular Map applications.

Professor Srdjan Capkun of the Department of Computer Science has revealed that the study conducted by his team has revealed the vulnerabilities of Skyhook's positioning system, and similar public WLAN positioning systems to location spoofing.

When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers.

The servers then return the access point locations to the device, and on the basis of the same information, the device computes its location.

With a view to attacking this localisation process, the researchers used a dual approach.

At first, they impersonated access points from a known remote location, and then eliminated signals sent by access points in the vicinity by jamming.

Such actions created the illusion in localized devices that their locations were different from their actual physical locations.

Professor Capkun points out that Skyhook's WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects, and since MAC addresses can be forged by rogue access points, they can be easily impersonated.

The researcher also says that since access point signals can be jammed, it is possible to eliminate signals from access points in the vicinity of the device.

According to Professor Capkun, the two actions make location spoofing attacks possible.

"Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook's WPS, should be restricted in security and safety-critical applications," he said.