More Web Proxy on the site http://driver.im/

research-article

Public Access

Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API

Authors:

Yao LiuAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 1383 - 1397

https://doi.org/10.1145/3548606.3560623

Published: 07 November 2022 Publication History

Abstract

Location spoofing attack deceiving a Wi-Fi positioning system has been studied for over a decade. However, it has been challenging to construct a practical spoofing attack in urban areas with dense coverage of legitimate Wi-Fi APs. This paper identifies the vulnerability of the Google Geolocation API, which returns the location of a mobile device based on the information of the Wi-Fi access points that the device can detect. We show that this vulnerability can be exploited by the attacker to reveal the black-box localization algorithms adopted by the Google Wi-Fi positioning system and easily launch the location spoofing attack in dense urban areas with a high success rate. Furthermore, we find that this vulnerability can also lead to severe consequences that hurt user privacy, including the leakage of sensitive information like precise locations, daily activities, and demographics. Ultimately, we discuss the potential countermeasures that may be used to mitigate this vulnerability and location spoofing attack.

Supplementary Material

MP4 File (CCS22-FP372.mp4)

A short description of reverse-engineering the location estimate algorithm adopted by Wi-Fi Positioning Systems using Geolocation API.

Download
103.15 MB

References

[1]

IEEE Standard for Information technology -- Local and metropolitan area networks -- Specific requirements -- Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 5: Enhancements for Higher Throughput. 2009.

[2]

Open source software-defined GPS signal simulator. https://github.com/osqzss/gps-sdr-sim, 2018.

[3]

WALB (Wireless Attack Launch Box). https://github.com/crescentvenus/WALB, 2018.

[4]

Combain Mobile AB. "Combain - Locate Everything Everywhere". https:// combain.com/, 2022.

[5]

Dennis M. Akos. Who's afraid of the spoofer? GPS/GNSS spoofing detection via automatic gain control (AGC). Annual of Navigation, 2012.

[6]

Noah Apthorpe, Dillon Reisman, and Nick Feamster. A smart home is no castle: Privacy vulnerabilities of encrypted IoT traffic. arXiv preprint arXiv:1705.06805, 2017.

[7]

Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz. On the reliability of wireless fingerprinting using clock skews. In Proceedings of the Third ACM Conference on Wireless Network Security (WiSec). Association for Computing Machinery, 2010.

Digital Library

[8]

Jean. Armstrong. Analysis of new and existing methods of reducing intercarrier interference due to carrier frequency offset in OFDM. IEEE Transactions on Communications, 1999.

[9]

Helmut. Bolcskei. Blind estimation of symbol timing and carrier frequency offset in wireless OFDM systems. IEEE Transactions on Communications, 2001.

[10]

Ali Broumandan, Ali Jafarnia-Jahromi, Vahid Dehghanian, John Nielsen, and Gérard Lachapelle. GNSS spoofing detection in handheld receivers based on signal spatial correlation. In in Proceedings of the IEEE Position Location and Navigation Symposium (PLANS), 2012.

[11]

Yingying Chen, Wade Trappe, and Richard P. Martin. Detecting and localizing wireless spoofing attacks. In 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, 2007.

[12]

D'vera Cohn. "About a fifth of U.S. adults moved due to COVID-19 or know someone who did". https://www.pewresearch.org/fact-tank/2020/07/06/about-a-fifth-of-u-s-adults-moved-due-to-covid-19-or-know-someone-who-did/, 2020.

[13]

Bogdan Copos, Karl Levitt, Matt Bishop, and Jeff Rowe. Is anybody home? inferring activity from smart home network traffic. In 2016 IEEE Security and Privacy Workshops (SPW), 2016.

[14]

Martin Ester, Hans-Peter Kriegel, Jörg Sander, and Xiaowei Xu. A density-based algorithm for discovering clusters in large spatial databases with noise. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, KDD'96. AAAI Press, 1996.

Digital Library

[15]

Dane Glasgow. "Google Maps updates to get you through the holidays". https://blog.google/products/maps/google-maps-updates-get-you-through-holidays/, 2020.

[16]

Jiaxi Gu, Jiliang Wang, Zhiwen Yu, and Kele Shen. Walls have ears: Traffic-based side-channel attack in video streaming. In IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, 2018.

Digital Library

[17]

Adam Harvey. "Data Pools: Wi-Fi Geolocation Spoofing". https://ahprojects.com/ datapools/, 2016.

[18]

Adam Harvey. Skylift: Wi-Fi Geolocation Spoofing with the ESP8266. https: //github.com/adamhrv/skylift, 2016.

[19]

Jingyu Hua, Hongyi Sun, Zhenyu Shen, Zhiyun Qian, and Sheng Zhong. Accurate and efficient wireless device fingerprinting using channel state information. In IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, 2018.

Digital Library

[20]

Todd E Humphreys. Detection strategy for cryptographic GNSS anti-spoofing. IEEE Transactions on Aerospace and Electronic Systems, 2013.

[21]

Suman Jana and Sneha K. Kasera. On fast and accurate detection of unauthorized wireless access points using clock skews. IEEE Transactions on Mobile Computing, 2010.

Digital Library

[22]

Kai Jansen, Matthias Schäfer, Daniel Moser, Vincent Lenders, Christina Pöpper, and Jens Schmitt. Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks. In IEEE Symposium on Security and Privacy (SP '18), 2018.

[23]

Kai Jansen, Nils Ole Tippenhauer, and Christina Pöpper. Multi-receiver gps spoofing detection: Error models and realization. In Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC '16, 2016.

Digital Library

[24]

Taebeom Kim, Haemin Park, Hyunchul Jung, and Heejo Lee. Online detection of fake access points using received signal strengths. In 2012 IEEE 75th Vehicular Technology Conference (VTC Spring), 2012.

[25]

Tadayoshi. Kohno, Andre. Broido, and Kimberly. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2005.

[26]

Manikanta Kotaru, Kiran Joshi, Dinesh Bharadia, and Sachin Katti. SpotFi: Decimeter level localization using WiFi. In Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (SIGCOMM), 2015.

Digital Library

[27]

Markus G Kuhn. An asymmetric security mechanism for navigation signals. In International workshop on information hiding, 2004.

Digital Library

[28]

Fabian Lanze, Andriy Panchenko, Benjamin Braatz, and Thomas Engel. Letting the puss in boots sweat: Detecting fake access points using dependency of clock skews on temperature. In Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security (ASIA CCS). Association for Computing Machinery, 2014.

Digital Library

[29]

Fabian Lanze, Andriy Panchenko, Benjamin Braatz, and Andreas Zinnen. Clock skew based remote device fingerprinting demystified. In 2012 IEEE Global Communications Conference (GLOBECOM), 2012.

[30]

Huaxin Li, Zheyu Xu, Haojin Zhu, Di Ma, Shuai Li, and Kai Xing. Demographics inference through Wi-Fi network traffic analysis. In IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016.

Digital Library

[31]

Shinan Liu, Xiang Cheng, Hanchao Yang, Yuanchao Shu, Xiaoran Weng, Ping Guo, Kexiong (Curtis) Zeng, Gang Wang, and Yaling Yang. Stars can tell: A robust method to defend against GPS spoofing attacks using off-the-shelf chipset. In 30th USENIX Security Symposium (USENIX Security). USENIX Association, 2021.

[32]

Google LLC. Geolocation API: Usage and Billing. https://developers.google.com/ maps/documentation/geolocation/usage-and-billing, 2022.

[33]

Google LLC. Privacy changes in Android 10. https://developer.android.com/ about/versions/10/privacy/changes#proc-net-filesystem, 2022.

[34]

Unwired Labs (India) Pvt. Ltd. "Unwired Labs Location API". https://unwiredlabs. com/, 2022.

[35]

Mahabub Hasan Mahalat, Shreya Saha, Anindan Mondal, and Bibhash Sen. A PUF based light weight protocol for secure WiFi authentication of IoT devices. In 2018 8th International Symposium on Embedded Computing and System Design (ISED), 2018.

[36]

Steve Markgraf. osmo-fl2k: Using cheap USB 3.0 VGA adapters as SDR transmitter. https://osmocom.org/projects/osmo-fl2k/wiki/Osmo-fl2k, 2015.

[37]

Krista Merry and Pete Bettinger. Smartphone GPS accuracy study in an urban environment. PloS one, 2019.

[38]

Mozilla. "Mozilla Location Service". https://location.services.mozilla.com/, 2022.

[39]

Sashank Narain, Aanjhan Ranganathan, and Guevara Noubir. Security of GPS/INS based on-road location tracking systems. In 2019 IEEE Symposium on Security and Privacy (S&P), 2019.

[40]

North American Van Lines, Inc. "Where Are Americans Moving in 2021?". https://www.northamerican.com/migration-map, 2022.

[41]

Parmy Olson. Hacking A Phone's GPS May Have Just Got Easier. https://www.forbes.com/sites/parmyolson/2015/08/07/gps-spoofing-hackers-defcon/'sh=e73fe954efbf, 2015.

[42]

Christina Pöpper, Nils Ole Tippenhauer, Boris Danev, and Srdjan Capkun. In- vestigation of signal and message manipulations on the wireless channel. In Computer Security -- ESORICS 2011, 2011.

[43]

Mark L. Psiaki, Steven P. Powell, and Brady W. O'Hanlon. GNSS spoofing detection using high-frequency antenna motion and carrier-phase data. In proceedings of the 26th international technical meeting of the satellite division of the Institute of Navigation (ION GNSS), 2013.

[44]

Inc Qualcomm Technologies. Skyhook | Location Technology Provider. https: //www.skyhook.com/, 2022.

[45]

Aanjhan Ranganathan, Hildur Ólafsdóttir, and Srdjan Capkun. SPREE: A spoofing resistant GPS receiver. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking, 2016.

Digital Library

[46]

Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina- Rodriguez, and Serge Egelman. 50 ways to leak your data: An exploration of apps' circumvention of the android permissions system. In 28th USENIX Security Symposium (USENIX Security), Santa Clara, CA, 2019.

[47]

Ignacio Sanchez, Riccardo Satta, Igor Nai Fovino, Gianmarco Baldini, Gary Steri, David Shaw, and Andrea Ciardulli. Privacy leakages in smart home wireless technologies. In 2014 International Carnahan Conference on Security Technology (ICCST), 2014.

[48]

Roei Schuster, Vitaly Shmatikov, and Eran Tromer. Beauty and the burst: Remote identification of encrypted video streams. In 26th USENIX Security Symposium (USENIX Security), 2017.

[49]

Bengt Sjölen and Gordan Savicic. "Packetbridge: Wireless geographical network intervention". https://criticalengineering.org/projects/packetbridge/, 2012.

[50]

Navid Tadayon, Muhammed Tahsin Rahman, Shuo Han, Shahrokh Valaee, and Wei Yu. Decimeter ranging with channel state information. IEEE Transactions on Wireless Communications, 2019.

[51]

Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. On the requirements for successful gps spoofing attacks. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, 2011.

Digital Library

[52]

Nils Ole Tippenhauer, Kasper Bonne Rasmussen, Christina Pöpper, and Srdjan Čapkun. Attacks on public WLAN-Based Positioning Systems. In Proceedings of the 7th International Conference on Mobile Systems, Applications, and Services (MobiSys), 2009.

Digital Library

[53]

Mathy Vanhoef and Frank Piessens. Advanced Wi-Fi attacks using commodity hardware. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC). Association for Computing Machinery, 2014.

Digital Library

[54]

Triet Dang Vo-Huu, Tien Dang Vo-Huu, and Guevara Noubir. Interleaving jamming in Wi-Fi networks. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec), 2016.

Digital Library

[55]

John A. Volpe. Vulnerability assessment of the transportation infrastructure relying on Global Positioning System. https://rosap.ntl.bts.gov/view/dot/8435, 2001.

[56]

Chen Wang, Chuyu Wang, Yingying Chen, Lei Xie, and Sanglu Lu. Smartphone privacy leakage of social relationships and demographics from surrounding access points. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), 2017.

[57]

Kyle Wesson, Mark Rothlisberger, and Todd Humphreys. Practical cryptographic civil GPS signal authentication. NAVIGATION, Journal of the Institute of Navigation, 2012.

[58]

Kyle D Wesson, Daniel P Shepard, Jahshan A Bhatti, and Todd E Humphreys. An evaluation of the vestigial signal defense for civil GPS anti-spoofing. In Proceedings of the 24th International Technical Meeting of the Satellite Division of The institute of navigation (ION GNSS), 2011.

[59]

WiGLE.NET. "WiGLE: Wireless Network Mapping". https://wigle.net/index, 2022.

[60]

Wikipedia contributors. Haversine formula - Wikipedia, the free encyclopedia. https://en.wikipedia.org/w/index.php?title=Haversine_formula&oldid= 1075414115, 2022.

[61]

Wikipedia contributors. Received signal strength indication - Wikipedia, the free encyclopedia. https://en.wikipedia.org/w/index.php?title=Received_signal_ strength_indication&oldid=1080897329, 2022.

[62]

Bin Xu, Min Peng, Qing F. Zhou, and Xusheng Cheng. Fake access point localiza- tion based on optimal reference points. In 2018 IEEE 4th International Conference on Computer and Communications (ICCC), 2018.

[63]

Wenyuan Xu, Wade Trappe, Yanyong Zhang, and Timothy Wood. The feasibility of launching and detecting jamming attacks in wireless networks. In Proceedings of the 6th ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc). Association for Computing Machinery, 2005.

Digital Library

[64]

Nian Xue, Liang Niu, Xianbin Hong, Zhen Li, Larissa Hoffaeller, and Christina Pöpper. Deepsim: Gps spoofing detection on uavs using satellite imagery matching. In Annual Computer Security Applications Conference, ACSAC '20, 2020.

Digital Library

[65]

Kexiong (Curtis) Zeng, Shinan Liu, Yuanchao Shu, Dong Wang, Haoyu Li, Yanzhi Dou, Gang Wang, and Yaling Yang. All your GPS are belong to us: Towards stealthy manipulation of road navigation systems. In 27th USENIX Security Symposium (USENIX Security), 2018.

[66]

Xiaoyong Zhou, Soteris Demetriou, Dongjing He, Muhammad Naveed, Xiaorui Pan, XiaoFeng Wang, Carl A. Gunter, and Klara Nahrstedt. Identity, location, disease and more: Inferring your secrets from android public resources. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013

Digital Library

Cited By

Zhang CLuo XLiang JLiu XZhu LGuo S(2024)POTA: Privacy-Preserving Online Multi-Task Assignment With Path PlanningIEEE Transactions on Mobile Computing10.1109/TMC.2023.331532423:5(5999-6011)Online publication date: May-2024
https://doi.org/10.1109/TMC.2023.3315324
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Rye ELevin D(2024)Surveilling the Masses with Wi-Fi-Based Positioning Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00239(2831-2846)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00239
Show More Cited By

Index Terms

Location Heartbleeding: The Rise of Wi-Fi Spoofing Attack Via Geolocation API
1. Networks
  1. Network components
    1. Wireless access points, base stations and infrastructure
2. Security and privacy
  1. Network security
    1. Mobile and wireless security
  2. Software and application security
    1. Web application security

Recommendations

Attacks on public WLAN-based positioning systems
MobiSys '09: Proceedings of the 7th international conference on Mobile systems, applications, and services

In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Skyhook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By ...
A Study on Noise-Tolerant PN Code-Based Localization Attacks to Internet Threat Monitors by Exploiting Multiple Ports
AINA '13: Proceedings of the 2013 IEEE 27th International Conference on Advanced Information Networking and Applications

Internet threat monitoring systems are studied and developed to comprehend the malicious activities on the Internet. On the other hand, it is known that attackers devise a technique that locates the deployment of sensors that constitute the monitoring ...
Theoretical entropy assessment of fingerprint-based Wi-Fi localization accuracy

The fingerprint-based Wi-Fi localization technology has been recognized as one of the remarkable solutions to the future ubiquitous location based services (LBSs) in indoor and underground environment. Thus, how to evaluate the performance of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
1,131
Total Downloads

Downloads (Last 12 months)504
Downloads (Last 6 weeks)92

Reflects downloads up to 11 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhang CLuo XLiang JLiu XZhu LGuo S(2024)POTA: Privacy-Preserving Online Multi-Task Assignment With Path PlanningIEEE Transactions on Mobile Computing10.1109/TMC.2023.331532423:5(5999-6011)Online publication date: May-2024
https://doi.org/10.1109/TMC.2023.3315324
Han XXiong JShen WWei MZhao SLu ZLiu Y(2024)The Perils of Wi-Fi Spoofing Attack Via Geolocation API and its DefenseIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2024.3352981(1-17)Online publication date: 2024
https://doi.org/10.1109/TDSC.2024.3352981
Rye ELevin D(2024)Surveilling the Masses with Wi-Fi-Based Positioning Systems2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00239(2831-2846)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00239
Oz HAris AAcar ATuncay GBabun LUluagac SCalandrino JTroncoso C(2023)RøBProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620633(7073-7090)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620633
Xue JQu ZZhao SLiu YLu Z(2023)Data-Driven Next-Generation Wireless Networking: Embracing AI for Performance and Security2023 32nd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN58024.2023.10230189(1-10)Online publication date: Jul-2023
https://doi.org/10.1109/ICCCN58024.2023.10230189

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents