research-article

Attacks on public WLAN-based positioning systems

Authors:

Nils Ole Tippenhauer,

Kasper Bonne Rasmussen,

Christina Pöpper,

Srdjan ČapkunAuthors Info & Claims

MobiSys '09: Proceedings of the 7th international conference on Mobile systems, applications, and services

Pages 29 - 40

https://doi.org/10.1145/1555816.1555820

Published: 22 June 2009 Publication History

Abstract

In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that--without appropriate countermeasures--public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.

References

[1]

Apple Inc. http://www.apple.com.

[2]

Cyberangel security and recovery system. http://www.skyhookwireless.com/press/skyhookcyberangel.php.

[3]

GNU Radio: The gnu software radio. http://gnuradio.org/trac.

[4]

Google earth. http://earth.google.com.

[5]

Loki Mobile applet for Nokia phones using Symbian. http://loki.com/download/mobile.

[6]

Skyhook, Inc. http://www.skyhookwireless.com.

[7]

P. Bahl and V. N. Padmanabhan. RADAR: An In-Building RF-Based User Location and Tracking System. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), volume 2, 2000.

[8]

S. Brands and D. Chaum. Distance-bounding protocols. In Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT). Springer, 1994.

Digital Library

[9]

S. Bratus, C. Cornelius, D. Kotz, and D. Peebles. Active behavioral fingerprinting of wireless devices. In Proceedings of the ACM Conference on Wireless Network Security (WiSec), 2008.

Digital Library

[10]

V. Brik, S. Banerjee, M. Gruteser, and S. Oh. Wireless device identification with radiometric signatures. In Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom), 2008.

Digital Library

[11]

N. Bulusu, J. Heidemann, and D. Estrin. GPS-less low cost outdoor localization for very small devices. IEEE Personal Communications Magazine, 7(5), October 2000.

[12]

P. Castro, P. Chiu, T. Kremenek, and R. Muntz. A Probabilistic Room Location Service for Wireless Networked Environments. In Proceedings of the International Conference on Ubiquitous Computing (Ubicomp), volume 2201, 2001.

Digital Library

[13]

B. Danev and S. Čapkun. Transient-based identification of wireless sensor nodes. In Proceedings of the ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), 2009.

Digital Library

[14]

L. Doherty, K. Pister, and L. El Ghaoui. Convex position estimation in wireless sensor networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), April 2001.

[15]

Ettus. Universal software radio peripheral (USRP). http://www.ettus.com.

[16]

R. J. Fontana, E. Richley, and J. Barney. Commercialization of an ultra wideband precision asset location system. IEEE Conference on Ultra Wideband Systems and Technologies, 2003

[17]

Fraunhofer IIS. Autonomous WLAN positioning system. press release. http://www.fraunhofer.de/EN/press/pi/2008/01/Presseinformation14012008.jsp, 2008.

[18]

S. Ganu, A. Krishnakumar, and P. Krishnan. Infrastructure-based location estimation in WLAN networks. In Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC), March 2004.

[19]

I. Getting. The Global Positioning System. IEEE Spectrum, December 1993.

[20]

Y. Gwon, R. Jain, and T. Kawahara. Robust indoor location estimation of stationary and mobile users. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), March 2004.

[21]

G. Hancke and M. Kuhn. An RFID Distance Bounding Protocol. In Proceedings of the International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm). IEEE Computer Society, 2005.

Digital Library

[22]

G. Hancke and M. Kuhn. Attacks on 'Time-of-Flight' Distance Bounding Channels. In Proceedings of the ACM Conference on Wireless Network Security (WiSec). ACM, 2008.

Digital Library

[23]

J. Hightower, G. Boriello, and R. Want. SpotON: An indoor 3D location sensing technology based on RF signal strength. Technical Report 2000-02-02, University of Washington, 2000.

[24]

Y.-C. Hu, A. Perrig, and D. B. Johnson. Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), San Francisco, USA, April 2003.

[25]

T. Kohno, A. Broido, and K. C. Claffy. Remote physical device fingerprinting. In Proceedings of the IEEE Symposium on Security and Privacy, 2005.

Digital Library

[26]

M. Kuhn. An asymmetric security mechanism for navigation signals. In Proceedings of the Information Hiding Workshop, 2004.

Digital Library

[27]

L. Lazos and R. Poovendran. SeRLoc: secure range-independent localization for wireless sensor networks. In Proceedings of the ACM Workshop on Wireless Security (WiSe), 2004.

Digital Library

[28]

L. Lazos, R. Poovendran, and S. Čapkun. ROPE: robust position estimation in wireless sensor networks. In Proceedings of the symposium on Information processing in sensor networks (IPSN). IEEE Press, 2005.

Digital Library

[29]

Z. Li, W. Trappe, Y. Zhang, and B. Nath. Robust Statistical Methods for Securing Wireless Localization in Sensor Networks. In Proceedings of the symposium on Information processing in sensor networks (IPSN), 2005.

Digital Library

[30]

D. Liu, P. Ning, and W. Du. Attack-Resistant Location Estimation in Sensor Networks. In Proceedings of the symposium on Information processing in sensor networks (IPSN), 2005.

Digital Library

[31]

Mexens LLC. Navizon virtual GPS service. http://www.navizon.com.

[32]

U. Meyer and S. Wetzel. A man-in-the-middle attack on UMTS. In Proceedings of the ACM Workshop on Wireless Security (WiSe), 2004.

Digital Library

[33]

C. Mitchell. The security of the GSM air interface protocol. Technical report, RHUL-MA-2001-3, Royal Holloway University of London, 2001.

[34]

D. Moore, J. Leonard, D. Rus, and S. Teller. Robust distributed network localization with noisy range measurements. In Proceedings of the ACM Conference on Networked Sensor Systems (SenSys), 2004.

Digital Library

[35]

D. Niculescu and B. Nath. Ad hoc positioning system (APS) using AoA. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), San Francisco, USA, April 2003.

[36]

S. Pandey and P. Agrawal. A survey on localization techniques for wireless networks. Journal of the Chinese Institute of Engineers, 29(7), 2006.

[37]

S. Pandey, F. Anjum, and P. Agrawal. TRaVarSeL--Transmission Range Variation based Secure Localization, pages 215--236. 2007.

[38]

S. Pandey, F. Anjum, B. Kim, and P. Agrawal. A low-cost robust localization scheme for WLAN. In Proceedings of the International Workshop on Wireless Internet, New York, NY, USA, 2006. ACM.

Digital Library

[39]

S. Pandey, B. Kim, F. Anjum, and P. Agrawal. Client assisted location data acquisition scheme for secure enterprise wireless networks. IEEE Wireless Communications and Networking Conference (WCNC), 2, March 2005.

[40]

N. B. Priyantha, A. Chakraborty, and H. Balakrishnan. The Cricket location-support system. In Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom), 2000.

Digital Library

[41]

K. B. Rasmussen and S. Čapkun. Implications of radio fingerprinting on the security of sensor networks. In Proceedings of the International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), 2007.

[42]

K. B. Rasmussen, S. Čapkun, and M. Čagalj. SecNav: secure broadcast localization and time synchronization in wireless networks. In Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom), 2007.

Digital Library

[43]

N. Sastry, U. Shankar, and D. Wagner. Secure verification of location claims. In Proceedings of the ACM Workshop on Wireless Security (WiSe), 2003.

Digital Library

[44]

A. Savvides, C.-C. Han, and M. B. Strivastava. Dynamic fine-grained localization in Ad-Hoc networks of sensors. In Proceedings of the ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom), 2001.

Digital Library

[45]

S. Sedihpour, S. Čapkun, S. Ganeriwal, and M. Srivastava. Implementation of Attacks on Ultrasonic Ranging Systems.Demo at the ACM Conference on Networked Sensor Systems (SenSys), 2005.

Digital Library

[46]

P. Tao, A. Rudys, A. M. Ladd, and D. S. Wallach. Wireless LAN location-sensing for security applications. In Proceedings of the ACM Workshop on Wireless Security (WiSe), 2003.

Digital Library

[47]

N. O. Tippenhauer and S. Čapkun. UWB-based Secure Ranging and Localization. Technical Report 586, ETH Zurich, January 2008.

[48]

O. Ureten and N. Serinken. Wireless security through RF fingerprinting. Canadian Journal of Electrical and Computer Engineering, 32, 2007.

[49]

S. Čapkun, L. Buttyan, and J.-P. Hubaux. Sector: Secure tracking of node encounters in multi-hop wireless networks. In Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), October 2003.

Digital Library

[50]

S. Čapkun, M. Hamdi, and J.-P. Hubaux. GPS-free Positioning in Mobile Ad-Hoc Networks. Cluster Computing, 5(2), April 2002.

Digital Library

[51]

S. Čapkun and J.-P. Hubaux. Secure positioning of wireless devices with application to sensor networks. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), volume 3, 2005.

[52]

S. Čapkun and J.-P. Hubaux. Secure positioning in wireless networks. IEEE Journal on Selected Areas in Communications, 24(2), February 2006.

Digital Library

[53]

S. Čapkun, M. Čagalj, and M. Srivastava. Secure localization with hidden and mobile base stations. In Proceedings of the IEEE Conference on Computer Communications (InfoCom), April 2006.

[54]

R. Want, A. Hopper, V. Falcao, and J. Gibbons. The Active Badge Location system. ACM Transactions on Information Systems, 10(1), 1992.

Digital Library

[55]

A. Ward, A. Jones, and A. Hopper. A New Location Technique for the Active Office. IEEE Personal Communications, 4(5), October 1997.

[56]

J. S. Warner and R. G. Johnston. Think GPS Cargo Tracking = High Security? Think Again. Technical report, Los Alamos National Laboratory, 2003.

[57]

WiGLE. Wireless Geographic Logging Engine. http://wigle.net/.

[58]

W. Xu, W. Trappe, Y. Zhang, and T. Wood. The feasibility of launching and detecting jamming attacks in wireless networks. In Proceedings of the ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2005.

Digital Library

Cited By

Machaj JSafon CMatúška SBrída P(2024)Detection of Access Point Spoofing in the Wi-Fi Fingerprinting Based PositioningSensors10.3390/s2423762424:23(7624)Online publication date: 28-Nov-2024
https://doi.org/10.3390/s24237624
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Rye ELevin D(2024)Surveilling the Masses with Wi-Fi-Based Positioning Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00239(2831-2846)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00239
Show More Cited By

Index Terms

Attacks on public WLAN-based positioning systems

Recommendations

Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Location spoofing attack deceiving a Wi-Fi positioning system has been studied for over a decade. However, it has been challenging to construct a practical spoofing attack in urban areas with dense coverage of legitimate Wi-Fi APs. This paper identifies ...
Counteracting DDoS attacks in WLAN
SIN '11: Proceedings of the 4th international conference on Security of information and networks

The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate attacks. In this paper, we propose a security architecture for counteracting ...
Adversarial attacks on machine learning-based cyber security systems: a survey of techniques and defences

Machine learning (ML) has been increasingly adopted in the field of cyber security to enhance the detection and prevention of cyber threats. However, recent studies have demonstrated that ML-based cyber security systems are vulnerable to adversarial ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '09: Proceedings of the 7th international conference on Mobile systems, applications, and services

June 2009

370 pages

ISBN:9781605585666

DOI:10.1145/1555816

Co-chair:
Krzysztof Zielinski
AGH University of Science and Technology, Poland
,
General Chair:
Adam Wolisz
Technische Universität Berlin, Germany
,
Program Chairs:
Jason Flinn
University of Michigan, USA
,
Anthony LaMarca
Intel Research Seattle, USA

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

Mobisys '09

Sponsor:

Mobisys '09: The 7th International Conference on Mobile Systems, Applications, and Services

June 22 - 25, 2009

Kraków, Poland

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

90
Total Citations
View Citations
1,353
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)3

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Machaj JSafon CMatúška SBrída P(2024)Detection of Access Point Spoofing in the Wi-Fi Fingerprinting Based PositioningSensors10.3390/s2423762424:23(7624)Online publication date: 28-Nov-2024
https://doi.org/10.3390/s24237624
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Rye ELevin D(2024)Surveilling the Masses with Wi-Fi-Based Positioning Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00239(2831-2846)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00239
Machaj JBrida PAdamec B(2024)Effect of Wi-Fi Access Points Spoofing on Fingerprinting Localization2024 34th International Conference Radioelektronika (RADIOELEKTRONIKA)10.1109/RADIOELEKTRONIKA61599.2024.10524072(1-5)Online publication date: 17-Apr-2024
https://doi.org/10.1109/RADIOELEKTRONIKA61599.2024.10524072
Jing WPeng LFu HHu A(2024)An Authentication Mechanism Based on Zero Trust With Radio Frequency Fingerprint for Internet of Things NetworksIEEE Internet of Things Journal10.1109/JIOT.2024.338598911:13(23683-23698)Online publication date: 1-Jul-2024
https://doi.org/10.1109/JIOT.2024.3385989
Schepers DRanganathan A(2022)Privacy-Preserving Positioning in Wi-Fi Fine Timing MeasurementProceedings on Privacy Enhancing Technologies10.2478/popets-2022-00482022:2(325-343)Online publication date: 3-Mar-2022
https://doi.org/10.2478/popets-2022-0048
Han XXiong JShen WLu ZLiu YYin HStavrou ACremers CShi E(2022)Location HeartbleedingProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560623(1383-1397)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560623
Riaz ANash DNgo JJuvekar CNadeau PYu TYazicigil R(2022)Security Assessment of Phase-Based Ranging Systems in a Multipath EnvironmentACM Journal on Emerging Technologies in Computing Systems10.1145/351780918:4(1-19)Online publication date: 13-Oct-2022
https://dl.acm.org/doi/10.1145/3517809
Chen XXiang QKong LXu HLiu X(2022)Learning From FM Communications: Toward Accurate, Efficient, All-Terrain Vehicle LocalizationIEEE/ACM Transactions on Networking10.1109/TNET.2022.3187885(1-16)Online publication date: 2022
https://doi.org/10.1109/TNET.2022.3187885
Schepers DSingh MRanganathan APöpper CVanhoef MBatina LMayrhofer R(2021)Here, there, and everywhereProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3448300.3467828(78-89)Online publication date: 28-Jun-2021
https://dl.acm.org/doi/10.1145/3448300.3467828
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten