Changjia Zhu, Xiao Han, Parush Gera, Zhuo Lu, Tempestt Neal, and Yao Liu, University of South Florida
Traditional Wi-Fi Positioning System (WPS) spoofing attacks, while seemingly effective, have failed to raise major WPS security concerns due to their lack of stealth and persistence. This paper introduces a novel WILD Attack that undermines WPS security by subverting its core infrastructure–the Location Lookup Table (LLT). In this attack, an adversary remotely submits falsified crowd-sourced reports for target Wi-Fi access points, inducing WPS providers to update LLT based on falsified rather than legitimate data. We examine four widely deployed WPS providers–Google, Apple, A-Map, and WiGLE–and observe that they all accept falsified reports and apply distinct policies to resolve conflicts between legitimate and falsified data. Exploiting these policies, the attacker can induce two forms of LLT subversion: LLT Entry Tampering and LLT Entry Removal, both persisting for weeks even after the attacker ceases activity. We further present three case studies that show the real-world impact of the WILD Attack and propose countermeasures to mitigate such threats.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
