Friday, April 18, 2008

Flaw discovered in iPhone positioning system

A team of researchers from ETH Zurich/Swiss Federal Institute of Technology have discovered a flaw in the iPhone positioning system.

WPS, the system developed by Skyhook Wireless, is designed to show your location on a map. The WPS database contains information on access points throughout the world. Skyhook itself provides most of the data in the database, with users contributing via direct entries to the database, and requests for localization.

The team of researchers have found a way to falsify positions displayed by the Map app.


The way it works is, when you request to show your position, iPhone finds neighbouring access points, and send this information to skyhook servers. There the information is interpreted and it sends you the location.

To falsify the information researchers tried accessing those points from remote locations, as well as jam received information from them. This created illusion that you are at a different place that it is shown.

Professor Capkun explained that the goal of such research was to show the limitations of such system.

He said “Given the relative simplicity of the performed attacks, it is clear that the use of WLAN-based public localization systems, such as Skyhook’s WPS, should be restricted in security and safety-critical applications.”

No comments: