Saturday, July 28, 2012

GPS spoofing

More and more apps are authenticating via your GPS location, such as "checking in" on Foursquare. This can easily be "spoofed" in many ways.

Dave Maynor gave a convincing demonstration of this at Defcon 20. Increasingly, the jukeboxes in bars are connected to the Internet, allowing you to select the music via an app for your iPhone/Android. They use GPS location to find the nearest jukebox. The app simply sends an HTTP POST to the servers with the desired song and your GPS location. It's easy to write a script that generates the same HTTP POST request with any GPS location you want. Indeed, you can script it to play a song at once at every possible location.

That's what Dave Maynor showed on stage: running a script from his iPod that played "Mmmbop" at hundreds of bars all across the country all at once. He even called a bar located in Atlanta to confirm that yes, from Las Vegas, he caused the jukebox there to play Mmbop. Since jukeboxes get rolled up in the calculating the "Top 10" most popular songs, Dave's goal is to create a Hanson renaissance by playing Mmbop repeatedly in bars over and over again. At 25-cents per song per bar, though, his mission will get expensive quick.

5 comments:

Anonymous said...

This is not GPS spoofing?!

Anonymous said...

It is actually URL hacking

Track What Matters said...

I agree this isn't GPS spoofing

Unknown said...

Oh,I'll try it before and i didn't get perfect result,i think this is not a GPS kind feature.
Skycaddie Golf

Unknown said...

Oh,I'll try it before and i didn't get perfect result,i think this is not a GPS kind feature.
Skycaddie Golf