Channels ▼

Jonathan Erickson

Dr. Dobb's Bloggers

Spoofing WiFi Positioning (and the Boss)

April 14, 2008

The boss wants it both ways. On one hand, she doesn't like me hanging around the office, disrupting a normal, pleasant working environment. On the other hand, she wants to know where I am at all times -- right, like I'm going to tell.


Which is why she was delighted to learn a couple of months ago that Apple (she's a Mac kind of person) would be using a WiFi Positioning System (WPS) from Skyhook Wireless for Apple's mapping applications. The WPS database contains information on access points throughout the world, which means that I could run but not hide. But the boss apparently hasn't had the last word in all this, thanks to a team of researchers at ETH Zurich, the Swiss Federal Institute of Technology, have pointed out security vulnerabilities in the Skyhook positioning system.

According to Srdjan Capkun and his team in their paper iPhone and iPod Location Spoofing Attacks, when an Apple iPod or iPhone wants to find its position, it detects its neighboring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Capkun's team decided to use a dual approach.

  • First, access points from a known remote location were impersonated.
  • Second, signals sent by access points in the vicinity were eliminated by jamming.

These actions created the illusion in localized devices that their locations were different from their actual physical locations.

Skyhook's WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.

In demonstrating these attacks, Capkun and his the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He adds that "Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook's WPS, should be restricted in security and safety-critical applications."

As for the boss, for the time being she will just have to take my word that I really am at that press conference and not hanging out at the Java Dive.


Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.