Location Based Services → Exploiting Vulnerabilities

   

   

+

Netherlands | USA | India | France | UK

SOFTWARE DEVELOPMENT DONE RIGHT

www.xebia.in; Blog :http://.xebee.xebia.in

What are Location Based Services ? → A service that depends on the network knowing your location

 LBS allow consumers to receive services and advertising based on their geographic location.

Location Based Services  Location Based Services Can be basically divided into 4 Broad

Categories1. Location Based Search Information

2. Location Based Commerce

3. Navigation Services

4. Tracking Applications

Location Based Information

Location Based Commerce

Location Based Navigation    

       

Location Based Tracking    

       

Loca&on  and  Constella&ons    

Loca&on  and  Constella&ons    

A  New  Man  Made  Constella&on  

Loca&on  Acquisi&on  Methods  

1.GPS

2.Assisted GPS

3.Cell Towers

4.Cell-ID

5. WiFi Hotspots

6. IP Address

Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on  

GPS (Global Positioning System) •  24 satellites in orbit. Typically 5 to 8 are

visible from any one place •  Distance calculated by time it takes for signal

to travel from satellite to receiver. Calculating the time it takes from 4 satellites provides an accurate fix.

Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on  

Assisted -GPS •  GPS has a slow time to

fix unless it is permanently tracking satellites

•  Assisted GPS is based

upon providing GPS satellite information to the handset, via the cellular network

•  Assisted GPS gives

improvements in Time to First Fix

NO  Loca+on  Verifica+on  

•  99 % of Applications Providing Location Based Services lack Location Verification Mechanism.

         This  Leaves  all  these  Applica+ons            Vulnerable  to  Loca+on  Spoofing  A=acks  

Loca+on  Spoofing  

   

                     Injec+ng  Fake  Loca+ons  

Loca+on  Spoofers  

Results  of  Loca+on  Spoofing  

   

•  Commercial  applica+ons  can  be  fooled  by  Checking  in  with  spoofed  Loca+ons.  

 •  Rewards,  Offers,  

Deals  on  Specific  Loca+ons  Can  be  Availed  ☺  

Results  of  Loca+on  Spoofing  

    •  Tracking  Applica+ons  

can  be  fooled  by  fixing  a  fake  loca+on  or  Randomly  changing    Loca+on.  

 •  Incase  of  Con+nuous    

Fleet  tracking,  Pre-­‐Designed  Routes  can  be  Simulated  to  spoof  con+nuous  Loca+on  

Solu+ons  to  Loca+on  Spoofing  

   

 Client  side  valida+ons    •  Hourly  loca+on  •  Cell  towers  triangula+on    

Server  side  Valida+ons  •  Date  of  Registra+on  •  RapidFire  Check-­‐ins  •  Previous  Check-­‐ins,  History    •  Distance  Algorithims  •  Traffic  updates.  •  Speed  and  stops  •  Loca+ons  in  other  Applica+ons    

Spoofing  GPS  Constella+on  

Spoofing  GPS  Constella+on  

GPS Signal Simulators / Signal Spoofer

Spoofing  GPS  Constella+on  

Possible Solutions ????????????

Spoofing  GPS  Constella+on  

Thank You Thank You !

Happy Spoofing :)

Knowledge Sharing: Speakers in national and international conferences

Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP

Language Proficiencies: Java, Ruby, Groovy, Python

ATDD Tools: Cucumber, Fitnesse, JBehave, Geb

Performance Testing Tools: JMeter, LoadUI

Mobile Testing: Appium, Calabash

Agile Testing

Automation Frameworks in place -  Selenium/Webdriver keyword driven -  SoapUI

Current Competencies

Contact us @

Xebia India infoindia@xebia.com

Websites www.xebia.in www.xebia.com www.xebia.fr

Thought Leadership Htto://xebee.xebia.in http://blog.xebia.com http://podcast.xebia.com