Abstract
Location spoofing attack deceiving a Wi-Fi positioning system has been studied for over a decade. However, it has been challenging to construct a practical spoofing attack in urban areas with dense coverage of legitimate Wi-Fi APs. This paper identifies the vulnerability of the Google Geolocation API, which returns the location of a mobile device based on the information of the Wi-Fi access points that the device can detect. We show that this vulnerability can be exploited by the attacker to reveal the black-box localization algorithms adopted by the Google Wi-Fi positioning system and easily launch the location spoofing attack in dense urban areas with a high success rate. Furthermore, we find that this vulnerability can also lead to severe consequences that hurt user privacy, including the leakage of sensitive information like precise locations, daily activities, and demographics. Ultimately, we discuss the potential countermeasures that may be used to mitigate this vulnerability and location spoofing attack.
Recommended Citation
X. Han et al., "The Perils Of Wi-Fi Spoofing Attack Via Geolocation API And Its Defense," IEEE Transactions on Dependable and Secure Computing, vol. 21, no. 5, pp. 4343 - 4359, Institute of Electrical and Electronics Engineers, Jan 2024.
The definitive version is available at https://doi.org/10.1109/TDSC.2024.3352981
Department(s)
Computer Science
Keywords and Phrases
Geolocation APIs; localization attacks; mobile and wireless security; Wi-Fi localization
International Standard Serial Number (ISSN)
1941-0018; 1545-5971
Document Type
Article - Journal
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2025 Institute of Electrical and Electronics Engineers, All rights reserved.
Publication Date
01 Jan 2024
