back to article Wi-Fi spoofing sends Jesus phone disciples off the true path

Punters using Wi-Fi based positioning systems on their mobile devices would do well to look before they leap. Security vulnerabilities have discovered location spoofing flaws in the Skyhook positioning system that might be used to lead users astray. Devices using Skyhook's Wi-Fi Positioning System (WPS), including the iPod …

COMMENTS

This topic is closed for new posts.
  1. Steven Hewittt
    Coat

    Theory is nice

    But it's hardly going to have any impact on old Blighty. We can't even get propper 3G coverage, yet alone good enough public wi-fi to use a service like this.

    Mines the one with the AA 2008 road map in the pocket...

  2. Anonymous Coward
    Dead Vulture

    Disciples off the true path... in the absence of a GSM signal.

    Unlike all the Windows Mobile and Symbian disciples...

    Reading the paper, the iPhone actually overrules the spoofed WPS system if it has a GSM signal, where the Nokia, Windows Mobile and computers running the plugin just report the false location.

    Also, the Loki plugin runs on Macs as well as PCs, Windows Mobile not just Symbian and Skyhook's website is http://www.skyhookwireless.com/

    Skyhook also do a scary plugin that updates your location to your blog, website, RSS feed, etc. I wish they wouldn't do things like that, it'll give people ideas...

    Waiting for Webster, as clearly this news means iPhone users are all idiots and fanbois, right?

  3. Daniel Durrans
    Thumb Down

    All very well and good, but...

    Firstly you have to actually block the other signals. Also for the Jesus phone you would have to block out the cell phone tower signal since it uses that as well. So assuming that the user doesn't notice that they don't have any mobile coverage then yes it could be done. However in practice this sounds like scaremongering with a hint of possibility.

  4. Anonymous Coward
    Anonymous Coward

    Not a problem for most people

    Skyhook's coverage map. Sketchy, outside of London...

    http://www.skyhookwireless.com/howitworks/coverage.php

  5. Anonymous Coward
    Stop

    Maybe it's just me...

    But I can't see why anyone cares. I mean Oh Noes say the wrong location comes up on the map, if anyone has even half a clue they'd realise the map is wrong pretty quickly, especially if the street they are currently on is not currently on screen, that'd be a pretty big give away. So I can't see why anyone would even care enough to waste peoples time spoofing their location.

  6. Anonymous Coward
    Stop

    @AC "Maybe it's just me"

    I'd agree and take it further - why would anyone want to do this anyway?

  7. Anonymous Coward
    Anonymous Coward

    Coverage

    Arse backwards - the attack only works if the phone isn't within range of a Skyhook-tracked Wifi network. Which is less of a problem.

    So it's a good attack against Skyhook users that don't have any GSM coverage, and are outside urban areas, but also don't know where they are.

    But you can really only try to fool them into thinking they're in a skyhook covered area (which are all urban with good GSM signal).

    Those idiot Jesus Phone disciples will fall for anything, huh?

  8. Anonymous Coward
    Happy

    Asus EEE PC

    Is there nothing it can't do? =]

  9. Anonymous Coward
    Stop

    @Coverage

    >"the attack only works if the phone isn't within range of a Skyhook-tracked Wifi network."

    No, it doesn't. Read TFA. Look at the many examples of skyhook being spoofed in the center of Zurich. Get the facts before you ignorantly spout off.

  10. Anonymous Coward
    Paris Hilton

    Disappointed

    When I saw the phrase Skyhook I thought El Reg was going to go into tehnical details of Maseratis adaptive damping system as used on the 3200GT.

    None of this wifi location crap - why would you want that anyway, if you have wifi/GPRS/3G, just find the street name [avaliable on most good street corners] and wang it into GMaps or Streetmap, and bang, there is your location to a useful degree.

    And if you haven't got GSM coverage, it's a fair bet there won't be a wifi point nearby methinks.

    Paris, because she is also a waste of resources and only fun for about ten minutes before you realise that there is no depth to her.

  11. Paolo
    Paris Hilton

    @AC "Maybe it's just me"

    > "Oh Noes say the wrong location comes up on the map, if anyone has even half a

    clue they'd realise the map is wrong pretty quickly"

    The prosecution refers m'learned friend to every "sat nav caused me to run over my own testicles" story ever run to date...

    If my Jesus phone tells me I'm in the middle of Kansas while standing on Oxford Street who am I to argue?

  12. nobby

    Asus EEE PC

    We assume that the person using the Asus EEE PC in this nefarious way was the young lady on the beach?

  13. TeeCee Gold badge
    Happy

    @Paolo

    Thank you. I've just had a most amusing mental image of Judy Garland as Dorothy standing in Oxford Street with an iPhone and saying "I don't think we're in Kansas any more."

  14. Tim

    It's a computer.

    If I had a Wi-Fi based mapping system I'd be amazed if it worked at all...giving the wrong location would get the response "Oh atleast it's doing something". Sat-Nav phones aren't expensive anymore, if you need accurate mapping they're still an option and if you don't it's a bit of a gimmick.

    The odds of someone setting up a jamming and spoofing setup telling you to walk through the dark alley with your expensive looking mobile are still very slim, and even slimmer that people wouldn't question it's validity.

  15. Paul
    Paris Hilton

    @nobby

    Damm you beat me to it....

    "The team used an Asus eeePC configured to impersonate access points and software radios to jam legitimate networks."

    I for one am shocked and appalled at the lack of eeePC lady on beach pictures. Surely this story constitutes at least a flimsy argument to display one, its never stopped El REG before!

    Paris 'cos it looks like she's just lost her eeePC.

  16. Dave Cumming
    Thumb Down

    point being?

    One word... GEEKS.

    How sad are the people that firstly thought this project up and then spend the time and effort to do it?? Why exactly? Because they could??

    I can't think of a single reason anyone would exploit this "hack"?

    Are Securicor vans iPhone mapping to find their way around with vans full of money?

  17. Anonymous Coward
    Flame

    Ignorantly spouting off

    Er, I did read the TFA, it says:

    "If a device is not in range of any wireless networks known to Skyhook, we can easily spoof its location by access point impersonation and thus can completely control the result of the device localization process"

    And:

    "In these examples, the device located at ETH Zurich was showing locations in downtown Zurich (1 km away) and New York (6,300 km away)."

    If you check the coverage map, ETH is outside the coverage area, which is why the screen shots only show the spoofed networks. They spoofed network in Central Zurich *and* NY ones, on devices on the outskirts of Zurich without WPS coverage.

    Suggestion - read and understand TFA before being so damn rude, next time? Also, it was my post I was correcting as arse-backwards.

    Muppet.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019