Theory is nice
But it's hardly going to have any impact on old Blighty. We can't even get propper 3G coverage, yet alone good enough public wi-fi to use a service like this.
Mines the one with the AA 2008 road map in the pocket...
Wi-Fi spoofing sends Jesus phone disciples off the true path
Punters using Wi-Fi based positioning systems on their mobile devices would do well to look before they leap. Security vulnerabilities have discovered location spoofing flaws in the Skyhook positioning system that might be used to lead users astray. Devices using Skyhook's Wi-Fi Positioning System (WPS), including the iPod …
-
Wednesday 16th April 2008 11:01 GMT Anonymous Coward
Disciples off the true path... in the absence of a GSM signal.
Unlike all the Windows Mobile and Symbian disciples...
Reading the paper, the iPhone actually overrules the spoofed WPS system if it has a GSM signal, where the Nokia, Windows Mobile and computers running the plugin just report the false location.
Also, the Loki plugin runs on Macs as well as PCs, Windows Mobile not just Symbian and Skyhook's website is http://www.skyhookwireless.com/
Skyhook also do a scary plugin that updates your location to your blog, website, RSS feed, etc. I wish they wouldn't do things like that, it'll give people ideas...
Waiting for Webster, as clearly this news means iPhone users are all idiots and fanbois, right?
-
Wednesday 16th April 2008 11:01 GMT Daniel Durrans
All very well and good, but...
Firstly you have to actually block the other signals. Also for the Jesus phone you would have to block out the cell phone tower signal since it uses that as well. So assuming that the user doesn't notice that they don't have any mobile coverage then yes it could be done. However in practice this sounds like scaremongering with a hint of possibility.
-
-
Wednesday 16th April 2008 11:01 GMT Anonymous Coward
Maybe it's just me...
But I can't see why anyone cares. I mean Oh Noes say the wrong location comes up on the map, if anyone has even half a clue they'd realise the map is wrong pretty quickly, especially if the street they are currently on is not currently on screen, that'd be a pretty big give away. So I can't see why anyone would even care enough to waste peoples time spoofing their location.
-
Wednesday 16th April 2008 11:36 GMT Anonymous Coward
Coverage
Arse backwards - the attack only works if the phone isn't within range of a Skyhook-tracked Wifi network. Which is less of a problem.
So it's a good attack against Skyhook users that don't have any GSM coverage, and are outside urban areas, but also don't know where they are.
But you can really only try to fool them into thinking they're in a skyhook covered area (which are all urban with good GSM signal).
Those idiot Jesus Phone disciples will fall for anything, huh?
-
-
Wednesday 16th April 2008 12:18 GMT Anonymous Coward
Disappointed
When I saw the phrase Skyhook I thought El Reg was going to go into tehnical details of Maseratis adaptive damping system as used on the 3200GT.
None of this wifi location crap - why would you want that anyway, if you have wifi/GPRS/3G, just find the street name [avaliable on most good street corners] and wang it into GMaps or Streetmap, and bang, there is your location to a useful degree.
And if you haven't got GSM coverage, it's a fair bet there won't be a wifi point nearby methinks.
Paris, because she is also a waste of resources and only fun for about ten minutes before you realise that there is no depth to her.
-
Wednesday 16th April 2008 12:18 GMT Paolo
@AC "Maybe it's just me"
> "Oh Noes say the wrong location comes up on the map, if anyone has even half a
clue they'd realise the map is wrong pretty quickly"
The prosecution refers m'learned friend to every "sat nav caused me to run over my own testicles" story ever run to date...
If my Jesus phone tells me I'm in the middle of Kansas while standing on Oxford Street who am I to argue?
-
-
Wednesday 16th April 2008 17:50 GMT Tim
It's a computer.
If I had a Wi-Fi based mapping system I'd be amazed if it worked at all...giving the wrong location would get the response "Oh atleast it's doing something". Sat-Nav phones aren't expensive anymore, if you need accurate mapping they're still an option and if you don't it's a bit of a gimmick.
The odds of someone setting up a jamming and spoofing setup telling you to walk through the dark alley with your expensive looking mobile are still very slim, and even slimmer that people wouldn't question it's validity.
-
Wednesday 16th April 2008 17:50 GMT Paul
@nobby
Damm you beat me to it....
"The team used an Asus eeePC configured to impersonate access points and software radios to jam legitimate networks."
I for one am shocked and appalled at the lack of eeePC lady on beach pictures. Surely this story constitutes at least a flimsy argument to display one, its never stopped El REG before!
Paris 'cos it looks like she's just lost her eeePC.
-
Thursday 17th April 2008 10:33 GMT Dave Cumming
point being?
One word... GEEKS.
How sad are the people that firstly thought this project up and then spend the time and effort to do it?? Why exactly? Because they could??
I can't think of a single reason anyone would exploit this "hack"?
Are Securicor vans iPhone mapping to find their way around with vans full of money?
-
Thursday 17th April 2008 14:46 GMT Anonymous Coward
Ignorantly spouting off
Er, I did read the TFA, it says:
"If a device is not in range of any wireless networks known to Skyhook, we can easily spoof its location by access point impersonation and thus can completely control the result of the device localization process"
And:
"In these examples, the device located at ETH Zurich was showing locations in downtown Zurich (1 km away) and New York (6,300 km away)."
If you check the coverage map, ETH is outside the coverage area, which is why the screen shots only show the spoofed networks. They spoofed network in Central Zurich *and* NY ones, on devices on the outskirts of Zurich without WPS coverage.
Suggestion - read and understand TFA before being so damn rude, next time? Also, it was my post I was correcting as arse-backwards.
Muppet.
This topic is closed for new posts.
Biting the hand that feeds IT
