Device-to-identity linking attack using targeted wi-fi geolocation spoofing

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2015-06-22 DOI:10.1145/2766498.2766521

Célestin Matte, J. Achara, M. Cunche

{"title":"Device-to-identity linking attack using targeted wi-fi geolocation spoofing","authors":"Célestin Matte, J. Achara, M. Cunche","doi":"10.1145/2766498.2766521","DOIUrl":null,"url":null,"abstract":"Today, almost all mobile devices come equipped with Wi-Fi technology. Therefore, it is essential to thoroughly study the privacy risks associated with this technology. Recent works have shown that some Personally Identifiable Information (PII) can be obtained from the radio signals emitted by Wi-Fi equipped devices. However, most of the times, the identity of the subject of those pieces of information remains unknown and the Wi-Fi MAC address of the device is the only available identifier. In this paper, we show that it is possible for an attacker to get the identity of the subject. The attack presented in this paper leverages the geolocation information published on some geotagged services, such as Twitter, and exploits the fact that geolocation information obtained through Wi-Fi-based Positioning System (WPS) can be easily manipulated. We show that geolocation manipulation can be targeted to a single device, and in most cases, it is not necessary to jam real Wi-Fi access points (APs) to mount a successful attack on WPS.","PeriodicalId":261845,"journal":{"name":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2766498.2766521","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

Today, almost all mobile devices come equipped with Wi-Fi technology. Therefore, it is essential to thoroughly study the privacy risks associated with this technology. Recent works have shown that some Personally Identifiable Information (PII) can be obtained from the radio signals emitted by Wi-Fi equipped devices. However, most of the times, the identity of the subject of those pieces of information remains unknown and the Wi-Fi MAC address of the device is the only available identifier. In this paper, we show that it is possible for an attacker to get the identity of the subject. The attack presented in this paper leverages the geolocation information published on some geotagged services, such as Twitter, and exploits the fact that geolocation information obtained through Wi-Fi-based Positioning System (WPS) can be easily manipulated. We show that geolocation manipulation can be targeted to a single device, and in most cases, it is not necessary to jam real Wi-Fi access points (APs) to mount a successful attack on WPS.

查看原文本刊更多论文

使用目标wi-fi地理位置欺骗的设备到身份链接攻击

如今，几乎所有的移动设备都配备了Wi-Fi技术。因此，有必要深入研究与该技术相关的隐私风险。最近的研究表明，一些个人身份信息(PII)可以从配备Wi-Fi的设备发出的无线电信号中获得。然而，大多数时候，这些信息的主体身份仍然未知，设备的Wi-Fi MAC地址是唯一可用的标识符。在本文中，我们证明了攻击者可以获得主体的身份。本文提出的攻击利用了一些地理标记服务(如Twitter)上发布的地理位置信息，并利用了通过基于wi - fi的定位系统(WPS)获得的地理位置信息很容易被操纵的事实。我们表明，地理位置操作可以针对单个设备，并且在大多数情况下，没有必要堵塞真正的Wi-Fi接入点(ap)来成功攻击WPS。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks

自引率

0.00%

发文量