Researchers crack iPhone's Wi-Fi positioning system
Zurich (Switzerland) – It was just a matter of time : Researchers from the ETH Zurich breached the iPhone’s/iPod’s Wi-Fi positioning system and found that the technology is vulnerable to location spoofing. If you get a kick out of upsetting iPhone users, you may be able to trick the device into displaying a false location with very little effort.
The lack of a GPS module in the first generation iPhone was a surprise to some, given the fact that the device comes with a fantastic Google Maps integration. Apple was able to almost fix this problem by rolling out support for Skyhook’s WiFi Positioning System (WPS) with a software update, but if you ever had doubts that this alternative positioning system is not as reliable as GPS, your doubts are now confirmed.
Srdjan Capkun of the Department of Computer Science and his team of researchers at ETH said they analyzed the security of Skyhook’s positioning system and were able to break through it in a fairly simple manner.
Typically, WPS determines a position by detecting neighboring Wi-Fi access points, sending this information to Skyhook servers, which returns the access point locations to the device. Capkum and his team launched its attack directly at the fact that WPS relies on detected Media Access Control (MAC) addresses : They installed rogue access points that “impersonated” real access points. In addition Wi-Fi signals sent by real access points were jammed.
The researchers said that their equipment need for the location spoofing process included an Asus EeePC, which was used to “impersonate an almost arbitrary number of access points” as well as two software radios for the jamming process. MAC addresses of access points were retrieved through a combination of databases provided by WiGLE, IGiGLE and Google Earth – which, in theory, gives access to data of more than 13 million networks worldwide. In their test, an iPod touch was tricked into displaying its position as New York City, while the device was actually located in Zurich, Switzerland.
Interestingly, the researchers found that the iPhone was vulnerable as well, despite the fact that the iPhone uses GSM signals to support the positioning systems. However, if there is a drastic difference between the GSM-calculated position and the WPS result, the device will rely on the GSM report. But the researchers found that they could spoof the location within the closer area – and display a false location within Zurich downtown. If the GSM connection is cut, the iPhone is vulnerable in the same way as the iPod touch.
Of course, now we have to figure out, what this location spoofing issue really means, besides the fact that their WPS could be useless if they are moving in an area with people who love to annoy iPhone and iPod users. But the simple fact that this vulnerability exists basically means that WPS positioning really should be a last-resort positioning method and that it should not be used in security-focused environments.
- Mobile giants join to advance mobile tech
- Updated Nintendo DS model expected at E3
- Protecting your camera in the world's largest water fight Part I
- MIT and Fraunhofer create green technology partnership
- Surf the Web on the Water: Wifi on ferries
- Coffee Republic offers free WiFi to customers
- Artist turns Google Earth into giant Where's Wally
- British play-wright bashes famous husband on YouTube
- Nvidia GPU physics engine up and running, almost
- What Apple products you should not buy today
- Dolby Mobile could become a secret weapon for smartphones
- Random House follows Google into letting customers preview books online
- Google teams up the the NCMEC to help combat child porn
- Protecting your camera in the world's largest water fight Part 2
- Seagate sues flash drive maker STEC
- Adobe seeks to unify digital video formats with CinemaDNG
- Business and marketing managers take home the big bucks in video gaming
- Playstation 3 firmware update arrives with enhanced PS Store
Think you are safe in your car with air bags? Think again!
Local researcher WE-DO-STUPID-THINGS has determined you are not as safe as you think. It was easy to disable the airbags in your auto. All they needed was 4 Nuclear bombs an aircraft carrier 16 supersonic jets access to your car the cray super computer al livermore laboratories and wala airbags dont work. And neither will your car.