In January, Skyhook Wireless Inc. announced that Apple would use Skyhook’s WiFi Positioning System (WPS) for its popular Map applications. The WPS database contains information on access points throughout the world. Skyhook itself provides most of the data in the database, with users contributing via direct entries to the database, and requests for localization.
ETH Zurich Professor Srdjan Capkun of the Department of Computer Science and his team of researchers analysed the security of Skyhook’s positioning system. The team’s results demonstrate the vulnerability of Skyhook’s and similar public WLAN positioning systems to location spoofing attacks.
When an Apple iPod or iPhone wants to find its position, it detects its neighbouring access points, and sends this information to Skyhook servers. The servers then return the access point locations to the device. Based on this data, the device computes its location. To attack this localization process, Professor Capkun’s team decided to use a dual approach. First, access points from a known remote location were impersonated. Second, signals sent by access points in the vicinity were eliminated by jamming. These actions created the illusion in localized devices that their locations were different from their actual physical locations.
Skyhook’s WPS works by requiring a device to report the Media Access Control (MAC) addresses that it detects. However, since MAC addresses can be forged by rogue access points, they can be easily impersonated. Furthermore, access point signals can be jammed and signals from access points in the vicinity of the device can thus be eliminated. These two actions make location spoofing attacks possible.
Professor Capkun explained that by demonstrating these attacks, the team hoped to point out the limitations, despite guarantees, of public WLAN-based localization services as well as of applications for such services. He said: "Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook’s WPS, should be restricted in security and safety-critical applications."
See more details at:
http://www.syssec.ch/press/location-spoofing-attacks-on-the-iphone-and-ipod
Source: ETH Zurich
Related stories:
California Scientists Demonstrate How to Use Advanced Fiber-Optic Backbone for Research
(PhysOrg.com) -- How can super-fast networking among research institutions in California help scientists make new discoveries? Researchers, campus administrators and networking infrastructure officials converged on the University of California, San Diego in September to find out.
Combined minimally invasive procedures offer new option for lumbar degenerative scoliosis
Surgeons at Cedars-Sinai Medical Center's Institute for Spinal Disorders have combined three innovative minimally invasive spine surgery procedures to treat spinal curvature in adults, a common consequence of aging. An article in the October issue of the
Journal of Spinal Disorders and Techniques is believed to be the first to document the use of these procedures in combination to correct this condition, known as adult lumbar degenerative scoliosis.
Scientists identify a molecule that coordinates the movement of cells
Even cells commute. To get from their birthplace to their work site, they sequentially attach to and detach from an elaborate track of exceptionally strong proteins known as the extracellular matrix. Now, in research to appear in the October 3 issue of
Cell, scientists at the Howard Hughes Medical Institute and Rockefeller University show that a molecule, called ACF7, helps regulate and power this movement from the inside - findings that could have implications for understanding how cancer cells metastasize.
E-mail accounts easy to break into
The hacker who infiltrated Sarah Palin's e-mail account last month may have intended to embarrass the Republican vice presidential candidate, but the prank also exposed one of the Internet industry's most uncomfortable secrets: It is remarkably easy for someone to break into your online e-mail account.
Netgear Launches A New Family Of Wireless-N Routers
Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the simultaneous use of bandwidth running intensive applications such as video streaming, voice-over-IP, online gaming and QoS (quality of service) to ensure the correct prioritization of traffic.
Free Adeona service tracks stolen laptops
(PhysOrg.com) -- As college students head back to school with gleaming new laptops, some will, unfortunately, see the last of their machine in a library, cafeteria or dorm room. And it's not just college campuses that are hot spots for computer theft, or just students who are the targets. Newspapers recently reported that airports in the United States record hundreds of thousands of laptop thefts annually. Such thefts are not only expensive, they also often mean losing sensitive data.
Using G OS 3.0 to access Google programs
Before recent fuss over the new Google Chrome browser, I was looking at another new freebie that may give the average user a better idea of where the search giant is headed. And it isn't even a Google product.
Google offeres up a new vision of computing's future
Tuesday, and it has little to do with desktops or laptops. It's a future that focuses on mobility, with access to the Internet - and the ability to search its vastness, of course - no matter where you are from a device that clips to your belt or sits in your purse. The Google phone has arrived.
