Coordinated Position Falsification Attacks and Countermeasures for Location-Based Services

With the rise of location-based service (LBS) applications that rely on terrestrial and satellite infrastructures (e.g., GNSS and crowd-sourced Wi-Fi, Bluetooth, cellular, and IP databases) for positioning, ensuring their integrity and security is paramount. However, we demonstrate that these applications are susceptible to low-cost attacks (less than $50), including Wi-Fi spoofing combined with GNSS jamming, as well as more sophisticated coordinated location spoofing. These attacks manipulate position data to control or undermine LBS functionality, leading to user scams or service manipulation. Therefore, we propose a countermeasure to detect and thwart such attacks by utilizing readily available, redundant positioning information from off-the-shelf platforms. Our method extends the receiver autonomous integrity monitoring (RAIM) framework by incorporating opportunistic information, including data from onboard sensors and terrestrial infrastructure signals, and, naturally, GNSS. We theoretically show that the fusion of heterogeneous signals improves resilience against sophisticated adversaries on multiple fronts. Experimental evaluations show the effectiveness of the proposed scheme in improving detection accuracy by 62% at most compared to baseline schemes and restoring accurate positioning.