In January, Skyhook Wireless Inc. announced that Apple would use Skyhook’s WiFi Positioning System (WPS) for its popular Map applications. The WPS database contains information on access points throughout the world. Skyhook itself provides most of the data in the database, with users contributing via direct entries to the database, and requests for localization. ETH Zurich Professor Srdjan Capkun of the Department of Computer Science and his team of researchers analysed the security of Skyhook’s positioning system. The team’s results demonstrate the vulnerability of Skyhook’s and similar public WLAN positioning systems to location spoofing attacks.
Impersonation and elimination
When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Professor Capkun’s team decided to use a dual approach. First, access points from a known remote location were impersonated. Second, signals sent by access points in the vicinity were eliminated by jamming. These actions created the illusion in localized devices that their locations were different from their actual physical locations.
Skyhook’s WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.
Professor Capkun explained that by demonstrating these attacks, the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He said «Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook’s WPS, should be restricted in security and safety-critical applications.»
Srdjan Capkun | EurekAlert!
Single-photon detector can count to 4
18.12.2017 | Duke University
New epidemic management system combats monkeypox outbreak in Nigeria
15.12.2017 | Helmholtz-Zentrum für Infektionsforschung
A study carried out by an international team of researchers and published in the journal Physical Review X shows that ion-trap technologies available today are suitable for building large-scale quantum computers. The scientists introduce trapped-ion quantum error correction protocols that detect and correct processing errors.
In order to reach their full potential, today’s quantum computer prototypes have to meet specific criteria: First, they have to be made bigger, which means...
Since 2016, German and Spanish researchers, among them scientists from the University of Göttingen, have been hunting for exoplanets with the “Carmenes”...
DNA molecules that follow specific instructions could offer more precise molecular control of synthetic chemical systems, a discovery that opens the door for engineers to create molecular machines with new and complex behaviors.
Researchers have created chemical amplifiers and a chemical oscillator using a systematic method that has the potential to embed sophisticated circuit...
MPQ scientists achieve long storage times for photonic quantum bits which break the lower bound for direct teleportation in a global quantum network.
Concerning the development of quantum memories for the realization of global quantum networks, scientists of the Quantum Dynamics Division led by Professor...
Researchers have developed a water cloaking concept based on electromagnetic forces that could eliminate an object's wake, greatly reducing its drag while...
11.12.2017 | Event News
08.12.2017 | Event News
07.12.2017 | Event News
18.12.2017 | Information Technology
18.12.2017 | Physics and Astronomy
18.12.2017 | Agricultural and Forestry Science