Researchers crack iPhone’s Wi-Fi positioning system
Zurich (Switzerland) – It was just a matter of time: Researchers from the ETH Zurich breached the iPhone’s/iPod’s Wi-Fi positioning system and found that the technology is vulnerable to location spoofing. If you get a kick out of upsetting iPhone users, you may be able to trick the device into displaying a false location with very little effort.
The lack of a GPS module in the first generation iPhone was a surprise to some, given the fact that the device comes with a fantastic Google Maps integration. Apple was able to almost fix this problem by rolling out support for Skyhook’s WiFi Positioning System (WPS) with a software update, but if you ever had doubts that this alternative positioning system is not as reliable as GPS, your doubts are now confirmed.
Srdjan Capkun of the Department of Computer Science and his team of researchers at ETH said they analyzed the security of Skyhook’s positioning system and were able to break through it in a fairly simple manner.
Typically, WPS determines a position by detecting neighboring Wi-Fi access points, sending this information to Skyhook servers, which returns the access point locations to the device. Capkum and his team launched its attack directly at the fact that WPS relies on detected Media Access Control (MAC) addresses: They installed rogue access points that “impersonated” real access points. In addition Wi-Fi signals sent by real access points were jammed.
The researchers said that their equipment need for the location spoofing process included an Asus EeePC, which was used to “impersonate an almost arbitrary number of access points” as well as two software radios for the jamming process. MAC addresses of access points were retrieved through a combination of databases provided by WiGLE, IGiGLE and Google Earth – which, in theory, gives access to data of more than 13 million networks worldwide. In their test, an iPod touch was tricked into displaying its position as New York City, while the device was actually located in Zurich, Switzerland.
Interestingly, the researchers found that the iPhone was vulnerable as well, despite the fact that the iPhone uses GSM signals to support the positioning systems. However, if there is a drastic difference between the GSM-calculated position and the WPS result, the device will rely on the GSM report. But the researchers found that they could spoof the location within the closer area – and display a false location within Zurich downtown. If the GSM connection is cut, the iPhone is vulnerable in the same way as the iPod touch.
Of course, now we have to figure out, what this location spoofing issue really means, besides the fact that their WPS could be useless if they are moving in an area with people who love to annoy iPhone and iPod users. But the simple fact that this vulnerability exists basically means that WPS positioning really should be a last-resort positioning method and that it should not be used in security-focused environments.