Short: Device-to-Identity Linking Attack Using Targeted Wi-Fi Geolocation Spoofing

Abstract : Today, almost all mobile devices come equipped with Wi-Fi technology. Therefore, it is essential to thoroughly study the privacy risks associated with this technology. Recent works have shown that some Personally Identifiable Information (PII) can be obtained from the radio signals emitted by Wi-Fi equipped devices. However, most of the times, the identity of the subject of those pieces of information remains unknown and the Wi-Fi MAC address of the device is the only available identifier. In this paper, we show that it is possible for an attacker to get the identity of the subject. The attack presented in this paper leverages the geolocation information published on some geotagged services, such as Twitter, and exploits the fact that geolocation information obtained through Wi-Fi-based Positioning System (WPS) can be easily manipulated. We show that geolocation manipulation can be targeted to a single device, and in most cases, it is not necessary to jam real Wi-Fi access points (APs) to mount a successful attack on WPS.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/hal-01176842
Contributor : Célestin Matte <>
Submitted on : Thursday, July 16, 2015 - 5:01:21 PM
Last modification on : Saturday, October 27, 2018 - 1:20:01 AM
Document(s) archivé(s) le : Wednesday, April 26, 2017 - 6:03:48 AM

File

wisec15 (1).pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Célestin Matte, Jagdish Prasad Achara, Mathieu Cunche. Short: Device-to-Identity Linking Attack Using Targeted Wi-Fi Geolocation Spoofing. ACM WiSec 2015, Jun 2015, New York, United States. ⟨10.1145/2766498.2766521⟩. ⟨hal-01176842⟩

Share

Metrics

Record views

544

Files downloads

733