Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services

TL;DR

This paper identifies vulnerabilities in location-based services to low-cost coordinated spoofing attacks and proposes an enhanced detection method using multi-source data fusion to improve security and accuracy.

Contribution

It introduces a novel countermeasure that extends RAIM by integrating diverse signals, significantly enhancing attack detection and position integrity in LBS applications.

Findings

Detection accuracy improved by up to 62%

Effective in identifying coordinated spoofing attacks

Restores accurate positioning under attack conditions

Abstract

With the rise of location-based service (LBS) applications that rely on terrestrial and satellite infrastructures (e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases) for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these applications are susceptible to low-cost attacks (less than $50), including Wi-Fi spoofing combined with GNSS jamming, as well as more sophisticated coordinated location spoofing. These attacks manipulate position data to control or undermine LBS functionality, leading to user scams or service manipulation. Therefore, we propose a countermeasure to detect and thwart such attacks by utilizing readily available, redundant positioning information from off-the-shelf platforms. Our method extends the receiver autonomous integrity monitoring (RAIM) framework by incorporating opportunistic information, including data from onboard sensors and terrestrial infrastructure signals, and, naturally, GNSS. We theoretically show that the fusion of heterogeneous signals improves resilience against sophisticated adversaries on multiple fronts. Experimental evaluations show the effectiveness of the proposed scheme in improving detection accuracy by 62% at most compared to baseline schemes and restoring accurate positioning.