WiFi Geolocation Spoofing with the ESP8266
403 views
Skip to first unread message
Adam Harvey
May 6, 2017, 6:03:09 AM5/6/17
to art...@googlegroups.com
Last month I worked on releasing the code for an ongoing project about exploiting smartphone's geolocation services for a web residency at Schloss Solitude:
https://schloss-post.com/the-future-of-living-with-surveillance/
The code is now on GitHub:
https://github.com/adamhrv/skylift
With this you should be able to build your own WiFi geolocation spoofing device for about $5 and you can add custom locations with your own WiFi scan data.
The project originated last year with Surya Mattu and was originally made for !Mediengruppe Bitnik's "Welcome To Ecuador!" show in Nantes, sending visitors to Julian Assange's residence/prison at the Ecuadorian Embassy in London. Before the Packetbridge (an inspiration for the project) documentation was posted (https://criticalengineering.org/projects/packetbridge/) Surya discovered (using MiTM Proxy) that the only data being sent to the geolocation API was three MAC addresses:
https://ahprojects.com/notebook/2016/skylift-geolocation/
https://ahprojects.com/projects/skylift
The original version of SkyLift was built with a Rapsberry Pi using mdk3 to send beacon frames, but it was still quite complicated to setup. Towards the end of last year, I discovered https://github.com/kripthor/WiFiBeaconJam and realized that WiFi geolocation spoofing might also be possible using only the ESP8266. There are some limitations, such as poor performance in congested WiFi areas. In areas with only a few WiFi networks with signal strengths less than about -75dBm, the performance is good. In areas with no other WiFi networks or where all other signals are less than -90dBm, it has worked 100% of the time, overriding cellular triangulation and (indoor) GPS signals. If you're already familiar with Arduino, you could build your SkyLift device in about 15 minutes. There are instructions for converting scans from OSX and iOS to Arduino format in the /utils folder in the repo.
Using this method, as opposed to an app or VPN, means that all services on your smartphone that rely on geolocation are tricked. You can even make your phone appear nearly anywhere in the (connected) world on Find My Phone (example on GitHub). There have been many warnings about this vulnerability since it was first discovered in 2008, yet as of writing, it still works well. Data from the Wigle API doesn't seem to work very well, but is now easy to obtain with their official API. For the best results, I recommend doing an on site scan if possible.
If you have any issues or ideas for optimizing the results, lmk.
Many thanks to Surya and Julian for technical advisement, Leon Eckert for helping build out SkyLift V0.1., and !Mediengruppe Bitnik for a fun collab!
-Adam
https://schloss-post.com/the-future-of-living-with-surveillance/
The code is now on GitHub:
https://github.com/adamhrv/skylift
With this you should be able to build your own WiFi geolocation spoofing device for about $5 and you can add custom locations with your own WiFi scan data.
The project originated last year with Surya Mattu and was originally made for !Mediengruppe Bitnik's "Welcome To Ecuador!" show in Nantes, sending visitors to Julian Assange's residence/prison at the Ecuadorian Embassy in London. Before the Packetbridge (an inspiration for the project) documentation was posted (https://criticalengineering.org/projects/packetbridge/) Surya discovered (using MiTM Proxy) that the only data being sent to the geolocation API was three MAC addresses:
https://ahprojects.com/notebook/2016/skylift-geolocation/
https://ahprojects.com/projects/skylift
The original version of SkyLift was built with a Rapsberry Pi using mdk3 to send beacon frames, but it was still quite complicated to setup. Towards the end of last year, I discovered https://github.com/kripthor/WiFiBeaconJam and realized that WiFi geolocation spoofing might also be possible using only the ESP8266. There are some limitations, such as poor performance in congested WiFi areas. In areas with only a few WiFi networks with signal strengths less than about -75dBm, the performance is good. In areas with no other WiFi networks or where all other signals are less than -90dBm, it has worked 100% of the time, overriding cellular triangulation and (indoor) GPS signals. If you're already familiar with Arduino, you could build your SkyLift device in about 15 minutes. There are instructions for converting scans from OSX and iOS to Arduino format in the /utils folder in the repo.
Using this method, as opposed to an app or VPN, means that all services on your smartphone that rely on geolocation are tricked. You can even make your phone appear nearly anywhere in the (connected) world on Find My Phone (example on GitHub). There have been many warnings about this vulnerability since it was first discovered in 2008, yet as of writing, it still works well. Data from the Wigle API doesn't seem to work very well, but is now easy to obtain with their official API. For the best results, I recommend doing an on site scan if possible.
If you have any issues or ideas for optimizing the results, lmk.
Many thanks to Surya and Julian for technical advisement, Leon Eckert for helping build out SkyLift V0.1., and !Mediengruppe Bitnik for a fun collab!
-Adam
Ellen Pearlman
May 6, 2017, 11:30:02 AM5/6/17
to art...@googlegroups.com
Adam:
Simply brilliant.
Ellen
-Adam
--
You received this message because you are subscribed to the Google Groups "artsec" group.
To unsubscribe from this group and stop receiving emails from it, send an email to artsec+unsubscribe@googlegroups.com.
To post to this group, send email to art...@googlegroups.com.
Visit this group at https://groups.google.com/group/artsec.
To view this discussion on the web visit https://groups.google.com/d/msgid/artsec/BE4CA9B6-D3B7-4058-A984-9E671D9897CA%40ahprojects.com.
For more options, visit https://groups.google.com/d/optout.
Faculty, Parsons/New School
Co-Director, ThoughtWorks Arts Residency
PhD Candidate School of Creative Media Hong Kong City University
Two-time Recipient, Outstanding Academic Performance Awards for Research Degree Students
Director and Curator Volumetric Society of New York
President Art-A-Hack(TM)
Reply all
Reply to author
Forward
0 new messages