Sybil-Based Attacks on Google Maps or How to Forge the Image of City Life

4Citations
Citations of this article
10Readers
Mendeley users who have this article in their library.

Abstract

Location-based services (LBS) increasingly rely on participatory or crowd-sensed data: users voluntarily contribute data about their whereabouts and points of interest (POIs) and allow the LBS to capture the dynamically changing environment, e.g., how crowded specific places, streets, or public transportation are. Popular LBS applications do not offer strong security, less so for their participatory sensing (PS) and data contribution part. Openness favors participation and increases data, but it also makes attacks easier. Sporadic misbehavior incidents and the presumed user honesty should not be reassuring: an attacker could exploit the PS components and submit a large volume of forged data to dominate the PS-collected LBS data, locally or at a large scale. Individuals, organizations, or entire areas could be targeted, e.g., having customers diverted or causing public transportation routes or roads to appear congested. The lingering open question is whether such attacks can be perpetrated against well-established popular LBS with PS components. This paper affirms this: we investigate Google Maps, the single most popular application in this domain, and show a range of effective and scalable attacks based on very modest adversarial assumptions. We reverse-engineer the data submission process and automate attacks that craft and submit false data in volume and a targeted fashion. We collect evidence that our attacks work on POI crowdedness, traffic congestion levels, and public transportation crowdedness with extreme caution. We responsibly disclosed the attacks to Google, acknowledged them and awarded recognition. The attack methodology carries over to other LBS applications but, most importantly, raises awareness and motivates countermeasures, which we also outline here, for stronger LBS and PS security overall.

Cite

CITATION STYLE

APA

Eryonucu, C., & Papadimitratos, P. (2022). Sybil-Based Attacks on Google Maps or How to Forge the Image of City Life. In WiSec 2022 - Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (pp. 73–84). Association for Computing Machinery, Inc. https://doi.org/10.1145/3507657.3528538

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free