Feeds

Wi-Fi spoofing sends Jesus phone disciples off the true path

Skyhook, line and sinker

Website security in corporate America

Punters using Wi-Fi based positioning systems on their mobile devices would do well to look before they leap. Security vulnerabilities have discovered location spoofing flaws in the Skyhook positioning system that might be used to lead users astray.

Devices using Skyhook's Wi-Fi Positioning System (WPS), including the iPod touch, iPhone, Nokia mobile phones (running the WPS applet), and PCs (using Skyhook's Loki plugin) are potentially vulnerable to spoofing.

The technology cross references Wi-Fi access points visible at a particular location with entries in a database to work out its position. This position is then used to pinpoint a device's location on a map, from which users can navigate their way around to nearby restaurants or hotels (for example).

Skyhook runs the database that contains data on access points around the world, collected by the firm and supplemented by its users. When a client device wants to find its position it sends data on nearby access points to Skyhook servers, which respond with the location of a client.

However, security researchers at the Department of Computer Science at ETH Zurich University have established that the Skyhook system can be foiled by jamming signals from nearby access points before impersonating an access point at a remote location.

"These two actions create the illusion for localised devices that they are located at positions different from their actual physical positions. Skyhook's WPS system does not rely on fresh and/or authenticated access point signals - it simply requires a device to report Media Access Control (MAC) addresses of the access points that it detects which are compared to signal characteristics recorded before," the researchers explain.

"Since rogue access points can forge their MAC addresses, access point impersonation can be easily done in WPS. Equally, since WLAN signals are easy to jam, signals from legitimate access points can be easily eliminated, thus enabling location spoofing attacks".

The team used an Asus eeePC configured to impersonate access points and software radios to jam legitimate networks.

The researchers hope the work will help to demonstrate the limitations of existing Wi-Fi-based location systems, from other providers as well as Skyhook. Their research is technically interesting, though it's difficult to imagine to what purpose, other than straightforward mischief, attacks based on the approach might be carried out.

The Swiss team's paper on the attacks can be found here. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.