WiFi devices vulnerable to location spoofing attacks: Study

April 15th, 2008 - 2:30 pm ICT by admin  

Washington, April 15 (ANI): Researchers at Swiss Federal Institute of Technology (ETH Zurich) have demonstrated the vulnerabilities of a famous WiFi Positioning System (WPS) to location spoofing attacks.

Skyhooks WiFi Positioning System (WPS) is the same system that, Skyhook Wireless Inc. recently announced, was to be used by Apple for its popular Map applications.

Professor Srdjan Capkun of the Department of Computer Science has revealed that the study conducted by his team has revealed the vulnerabilities of Skyhooks positioning system, and similar public WLAN positioning systems to location spoofing.

When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers.

The servers then return the access point locations to the device, and on the basis of the same information, the device computes its location.

With a view to attacking this localisation process, the researchers used a dual approach.

At first, they impersonated access points from a known remote location, and then eliminated signals sent by access points in the vicinity by jamming.

Such actions created the illusion in localized devices that their locations were different from their actual physical locations.

Professor Capkun points out that Skyhooks WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects, and since MAC addresses can be forged by rogue access points, they can be easily impersonated.

The researcher also says that since access point signals can be jammed, it is possible to eliminate signals from access points in the vicinity of the device.

According to Professor Capkun, the two actions make location spoofing attacks possible.

Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhooks WPS, should be restricted in security and safety-critical applications, he said. (ANI)

Tags: , , , , , , , , , , , , , , , , , , ,

Posted in World |