iBeacon protocol is widely deployed to provide location-based services. By receiving its BLE advertisements, nearby devices can estimate the proximity to the iBeacon or calculate indoor positions. However, the open nature of these advertisements brings vulnerability to impersonation attacks. Such attacks could lead to spam, unreliable positioning, and even security breaches. In this paper, we propose Wi-attack, revealing the feasibility of using WiFi devices to conduct impersonation attacks on iBeacon services. Different from impersonation attacks using BLE compatible hardware, Wi-attack is not restricted by broadcasting intervals and is able to impersonate multiple iBeacons at the same time. Effective attacks can be launched on iBeacon services without modifications to WiFi hardware or firmware. To enable direct communication from WiFi to BLE, we use the digital emulation technique of cross technology communication. To enhance the packet reception along with its stability, we add redundant packets to eliminate cyclic prefix error entirely. The emulation provides an iBeacon packet reception rate up to 66.2%. We conduct attacks on three iBeacon services scenarios, point deployment, multilateration, and fingerprint-based localization. The evaluation results show that Wi-attack can bring an average distance error of more than 20 meters on fingerprint-based localization using only 3 APs.
翻译:iBeacon 协议被广泛用于提供基于位置的服务。 通过接收其上传的广告, 附近的设备可以估计离iBeacon的近距离, 或者计算室内位置。 但是, 这些广告的开放性可以使人们容易被冒用攻击。 这种攻击可能导致垃圾邮件、 定位不可靠, 甚至安全漏洞。 在本文中, 我们提议使用 Wi- 攻击, 显示使用 WiFi 设备对iBecon 服务进行冒用冒用攻击的可行性。 不同于使用 iBeacon 兼容的硬件进行冒用攻击, WiBeacon 攻击不受广播间隔的限制, 并且能够同时冒充多个iBeacon 服务。 我们可以在不修改 WiFi 硬件或固态的情况下对iBeacon 服务发动有效攻击。 为了能够直接从 WiFi 到 BLB 。 我们使用跨技术通信的数字模拟技术通讯技术技术。 为了加强包接收及其稳定性, 我们添加了多余的包包, 以完全消除循环前错误。 模拟的接收率将iBeBeax包的接收率提高到66. 2. 。 我们只能进行三次攻击, 并且只进行三次对三度评价。