Wifi Positioning Hijacking

by do son · Published September 15, 2017 · Updated November 4, 2024

Wifi Positioning Hijacking

Recently seen around a small partner in the study of GPS positioning, intends to forge GPS signal to change the location of mobile phones. But the phone positioning is not just through the GPS, as well as Wi-Fi and base station positioning. It is based on this background that we began to study hijacking Wi-Fi positioning.

Wi-Fi positioning principle

1. Unique address

Each wireless AP (Access Point, the cable network into a wireless network) has its unique MAC address

2. Broadcast address

The wireless AP will broadcast its own MAC address when the device turns on the wireless LAN regardless of whether the connection will scan to the access point and get its MAC address

3. Server retrieval

The device will be hot information near the upload to the server, the server based on the existing data and location information to determine the location of the device and return to the positioning results

4. Crowdsourcing

The device also uploads the MAC address and location information of the surrounding wireless AP to the server while acquiring the location information. When other devices are nearby, they can use this information to locate.

Testing

Knowing the principle we can easily think of a simple way to hijack the positioning is to fake enough hot to deceive the server. Because forged hotspot information needs to be already in the database, it is necessary to obtain real hot spot information near the forged location.

Of course, the existing hot signal will interfere with the results, so the number of hot spots in the surrounding relatively easy to succeed.

Before we start the test, we need a USB wireless card.

On the software side, you need to install aircrack-ng, mdk3 and Wireshark. Connect the wireless card, enter the command in the terminal:

sudo airmon-ng check kill

sudo airmon-ng start wlan0

If you want to fake the site, the most important thing is to get this place Wi-Fi information, If you want to fake the site, the most important thing is to get this place Wi-Fi information, so … … personally, bring your beloved computer and network card using Wireshark to collect a Wave …

The information you collect to a result.txt file, and then in the terminal implementation:

sudo mdk3 wlan0mon b -v result.txt.

Open the map, you find the location.