Skip to main content

Attacks on public WLAN−based positioning systems

Nils Ole Tippenhauer‚ Kasper Bonne Rasmussen‚ Christina Pöpper and Srdjan Capkun

Abstract

In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that—without appropriate countermeasures—publi c WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss sever al approaches for securing WLAN-based positioning systems.

Book Title
MobiSys
Pages
29−40
Year
2009