Attacks on public WLAN-based positioning systems

Nils Ole Tippenhauer, Kasper Bonne Rasmussen, Christina Poepper, Srdjan Čapkun

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that - without appropriate countermeasures - public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.

Original languageEnglish (US)
Title of host publicationMobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services
Pages29-39
Number of pages11
DOIs
StatePublished - Nov 30 2009
Event7th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys'09 - Krakow, Poland
Duration: Jun 22 2009Jun 25 2009

Other

Other7th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys'09
CountryPoland
CityKrakow
Period6/22/096/25/09

Fingerprint

Wireless local area networks (WLAN)

Keywords

  • Localization attacks
  • Public WLAN localization

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Tippenhauer, N. O., Rasmussen, K. B., Poepper, C., & Čapkun, S. (2009). Attacks on public WLAN-based positioning systems. In MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services (pp. 29-39) https://doi.org/10.1145/1555816.1555820

Attacks on public WLAN-based positioning systems. / Tippenhauer, Nils Ole; Rasmussen, Kasper Bonne; Poepper, Christina; Čapkun, Srdjan.

MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services. 2009. p. 29-39.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tippenhauer, NO, Rasmussen, KB, Poepper, C & Čapkun, S 2009, Attacks on public WLAN-based positioning systems. in MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services. pp. 29-39, 7th ACM International Conference on Mobile Systems, Applications, and Services, MobiSys'09, Krakow, Poland, 6/22/09. https://doi.org/10.1145/1555816.1555820
Tippenhauer NO, Rasmussen KB, Poepper C, Čapkun S. Attacks on public WLAN-based positioning systems. In MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services. 2009. p. 29-39 https://doi.org/10.1145/1555816.1555820
Tippenhauer, Nils Ole ; Rasmussen, Kasper Bonne ; Poepper, Christina ; Čapkun, Srdjan. / Attacks on public WLAN-based positioning systems. MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services. 2009. pp. 29-39
@inproceedings{6fa065bd114341e29da9d8569b8121b7,
title = "Attacks on public WLAN-based positioning systems",
abstract = "In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that - without appropriate countermeasures - public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.",
keywords = "Localization attacks, Public WLAN localization",
author = "Tippenhauer, {Nils Ole} and Rasmussen, {Kasper Bonne} and Christina Poepper and Srdjan Čapkun",
year = "2009",
month = "11",
day = "30",
doi = "10.1145/1555816.1555820",
language = "English (US)",
isbn = "9781605585666",
pages = "29--39",
booktitle = "MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services",

}

TY - GEN

T1 - Attacks on public WLAN-based positioning systems

AU - Tippenhauer, Nils Ole

AU - Rasmussen, Kasper Bonne

AU - Poepper, Christina

AU - Čapkun, Srdjan

PY - 2009/11/30

Y1 - 2009/11/30

N2 - In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that - without appropriate countermeasures - public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.

AB - In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to location spoofing and location database manipulation. In both, the attacker can arbitrarily change the result of the localization at the victim device, by either impersonating remote infrastructure or by tampering with the service database. Our attacks can easily be replicated and we conjecture that - without appropriate countermeasures - public WLAN-based positioning should therefore be used with caution in safety-critical contexts. We further discuss several approaches for securing WLAN-based positioning systems.

KW - Localization attacks

KW - Public WLAN localization

UR - http://www.scopus.com/inward/record.url?scp=70450252080&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70450252080&partnerID=8YFLogxK

U2 - 10.1145/1555816.1555820

DO - 10.1145/1555816.1555820

M3 - Conference contribution

AN - SCOPUS:70450252080

SN - 9781605585666

SP - 29

EP - 39

BT - MobiSys'09 - Proceedings of the 7th ACM International Conference on Mobile Systems, Applications, and Services

ER -