Security Researchers have reported a security issue with the quasi-GPS feature of Apple’s iPhone. So what does it mean for you as iPhone users?
In iPhone firmware 1.1.3, the Google Maps application on the iPhone had got an update to pinpoint your location using Wi-Fi base stations and cell tower triangulation. This "Location Finder" feature however was not automatic, to find out your location one had to hit the "Locate me" button each time.
The pre-release version of iPhone firmware 2.0 has also revealed that iPhone firmware 2.0 (which will be released to iPhone users in June) will include a new live location tracking feature that will automatically track the user’s location in the Google Maps application to make it more like the real GPS.
The System Security Group at ETH Zurich’s Department of Computer Science claim to have identified a flaw with this quasi-GPS feature of the iPhone. They have figured out a way to trick the quasi-GPS application to display an incorrect location to the user. They were able to achieve this by impersonating known locations by falsifying MAC addresses and at the same time jamming actual, local access points thus creating an illusion in localized devices that their location is different from their actual physical location.
In their test case the researchers were able to mislead an iPhone into thinking it was located in New York City while actually located in Zurich, Switzerland.
When Professor Srdjan Capkun, head of the System Security Group at ETH was asked: What does this mean for iPhone users?
Here is what he had to say:
"If you are in Zurich, or anywhere else, and know that your device is displaying incorrect information, you can ignore it and just not use this service. But if you build an application on top of this, for example if you want to use a banking application and need to verify your position, if your application automatically integrates this location information, then obviously this can have unfortunate consequences. It depends on the application that is put on top of the positioning system. Simply put, you cannot use WPS-obtained location because you cannot trust the result displayed by the application, even if you trust the device and the application. You just do not know if the information being provided is correct."
Should you be concerned? Not yet as there are no iPhone applications (I am aware of) that are based on quasi-GPS, other then the possibility of you using it for directions, in which case you very well know where you are.
The other good thing is that there are quite a few rumors suggesting that the new version of iPhone will have the Real GPS, if that becomes a reality this flaw that the researchers have identified will be a non-issue.
Check out this link where Professor Srdjan Capkun discusses his teams research findings.
What do you think?
Top iPhone Hacks Categories: