Security Researchers trick iPhone Location Finder; What does it mean for iPhone users?

Posted by iPhoneHacks on Apr 21, 2008 | Comments (6)

Security Researchers have reported a security issue with the quasi-GPS feature of Apple's iPhone. So what does it mean for you as iPhone users?

In iPhone firmware 1.1.3, the Google Maps application on the iPhone had got an update to pinpoint your location using Wi-Fi base stations and cell tower triangulation. This "Location Finder" feature however was not automatic, to find out your location one had to hit the "Locate me" button each time.

The pre-release version of iPhone firmware 2.0 has also revealed that iPhone firmware 2.0 (which will be released to iPhone users in June) will include a new live location tracking feature that will automatically track the user's location in the Google Maps application to make it more like the real GPS.

The System Security Group at ETH Zurich's Department of Computer Science claim to have identified a flaw with this quasi-GPS feature of the iPhone. They have figured out a way to trick the quasi-GPS application to display an incorrect location to the user. They were able to achieve this by impersonating known locations by falsifying MAC addresses and at the same time jamming actual, local access points thus creating an illusion in localized devices that their location is different from their actual physical location.

In their test case the researchers were able to mislead an iPhone into thinking it was located in New York City while actually located in Zurich, Switzerland.

When Professor Srdjan Capkun, head of the System Security Group at ETH was asked: What does this mean for iPhone users?

Here is what he had to say:

"If you are in Zurich, or anywhere else, and know that your device is displaying incorrect information, you can ignore it and just not use this service. But if you build an application on top of this, for example if you want to use a banking application and need to verify your position, if your application automatically integrates this location information, then obviously this can have unfortunate consequences. It depends on the application that is put on top of the positioning system. Simply put, you cannot use WPS-obtained location because you cannot trust the result displayed by the application, even if you trust the device and the application. You just do not know if the information being provided is correct."

Should you be concerned? Not yet as there are no iPhone applications (I am aware of) that are based on quasi-GPS, other then the possibility of you using it for directions, in which case you very well know where you are.

The other good thing is that there are quite a few rumors suggesting that the new version of iPhone will have the Real GPS, if that becomes a reality this flaw that the researchers have identified will be a non-issue.

Check out this link where Professor Srdjan Capkun discusses his teams research findings.

What do you think?

 

Top iPhone Hacks Categories:

Hacks
iPhone Applications
Unlock iPhone
JailBreak iPhone
iPhone Tips & Tricks
iPhone Games
iPhone News 

 

What next?

Categories : iPhone News

Recent Posts

Comments:

Feed You can follow this conversation by subscribing to the comment feed for this post.


6 Responses to Security Researchers trick iPhone Location Finder; What does it mean for iPhone users?

  1. Dj RaYz says:
    April 21, 2008 at 8:17 pm

    I have a doubt that they would include real GPS on top of 3G. The battery draining will be intense between 3G, GPS, and people driving with their bluetooth headsets (on June 2008 its going to be illegal to talk on the phone without a headset).

    But who knows, I don't work for Apple and I am not aware of what technology they are researching for batteries. I hope for the best!

    Reply
  2. Kris says:
    April 22, 2008 at 4:45 am

    I have to plug my iPhone in all the time anyway. I would sacrifice even more battery life for features. Just imagine, I could be getting GPS directions while listinging to MobileScrobbler over Edge. I can imagine a 3g iPhone would be able to access itunes without wifi, too.

    I could go geocaching with my phone!

    Reply
  3. Vinny says:
    April 22, 2008 at 7:20 am

    This is a pretty dumb piece of research. It would be no different than saying if I set up a cell site that pretended to be an ATT site that the phone can be tricked in to communicating with it.

    Reply
  4. Louis says:
    April 22, 2008 at 7:55 am

    I still use roadmaps…No need for GPS.. if you don't know where you're at or where you're going and need to know which direction you should be heading, what are the odds of getting a free wifi hotspot unless you are in your hotel room..

    I can see this being useful if you don't want roaming or long distance charges when traveling abroad. (but) if you have an unlocked iphone you can just buy a local chip from the country you are in…

    Interesting but am still lost..Help me I am at the corner of Bleeker and Green

    The biggest security flaw is not being able to change the password to the hijacked phone. Pop up on any free network and someone can copy all your info and you'd never know… Remember to turn ssh off when not using it…

    I'd never do banking on my phone…

    Reply
  5. tony says:
    April 22, 2008 at 9:07 am

    this is retarded who cares that you can trick it?
    you can trick any piece of technology in believing anything you want it to… im sure even gps can be tricked with a fake gps satelite..

    Reply
  6. khodaidad says:
    April 9, 2012 at 11:09 am

    dear frindz
    i lost my iphon 4g today in pune universty. if any one know that how i can find it? please help me if you will pass you will have a great gift…regads

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>