Exploiting vulnerabilities in location based commerce


Published on

This ppt discusses in detail about how to Exploit Vulnerabilities in #MobileApplications which are using user Location to filter data or to provide location specific content and Commercial Offers. The session showcased live examples by exploiting vulnerabilities in some famous applications used by mobile users worldwide. The last part of session includes prospective solutions to secure application from these vulnerabilities.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Exploiting vulnerabilities in location based commerce

  1. 1. Location Based Services → Exploiting Vulnerabilities        
  2. 2. + SOFTWARE DEVELOPMENT DONE RIGHT Netherlands | USA | India | France | UK www.xebia.in; Blog :http://.xebee.xebia.in
  3. 3. What are Location Based Services ? → A service that depends on the network knowing your location   LBS allow consumers to receive services and advertising based on their geographic location.
  4. 4. Location Based Services   Location Based Services Can be basically divided into 4 Broad Categories1. Location Based Search Information 2. Location Based Commerce 3. Navigation Services 4. Tracking Applications
  5. 5. Location Based Information
  6. 6. Location Based Commerce
  7. 7.     Location Based Navigation        
  8. 8.     Location Based Tracking        
  9. 9. Loca&on  and  Constella&ons    
  10. 10. Loca&on  and  Constella&ons    
  11. 11. A  New  Man  Made  Constella&on  
  12. 12. Loca&on  Acquisi&on  Methods   1.GPS 2.Assisted GPS 3.Cell Towers 4.Cell-ID
  13. 13. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   GPS (Global Positioning System) •  24 satellites in orbit. Typically 5 to 8 are visible from any one place •  Distance calculated by time it takes for signal to travel from satellite to receiver. Calculating the time it takes from 4 satellites provides an accurate fix.
  14. 14. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   Assisted -GPS •  GPS has a slow time to fix unless it is permanently tracking satellites •  Assisted GPS is based upon providing GPS satellite information to the handset, via the cellular network •  Assisted GPS gives improvements in Time to First Fix
  15. 15. NO  Loca+on  Verifica+on   •  99 % of Applications Providing Location Based Services lack Location Verification Mechanism.          This  Leaves  all  these  Applica+ons            Vulnerable  to  Loca+on  Spoofing  A=acks  
  16. 16. Loca+on  Spoofing                        Injec+ng  Fake  Loca+ons  
  17. 17. Loca+on  Spoofers  
  18. 18. Results  of  Loca+on  Spoofing   •  Commercial   applica+ons  can   be  fooled  by   Checking  in  with   spoofed   Loca+ons.     •  Rewards,  Offers,   Deals  on  Specific   Loca+ons  Can  be   Availed  ☺  
  19. 19. Results  of  Loca+on  Spoofing   •  Tracking  Applica+ons   can  be  fooled  by  fixing  a   fake  loca+on  or   Randomly  changing     Loca+on.     •  Incase  of  Con+nuous     Fleet  tracking,  Pre-­‐ Designed  Routes  can  be   Simulated  to  spoof   con+nuous  Loca+on  
  20. 20. Solu+ons  to  Loca+on  Spoofing    Client  side  valida+ons       •  Hourly  loca+on   •  Cell  towers  triangula+on   Server  side  Valida+ons   •  •  •  •  •  •  •  Date  of  Registra+on   RapidFire  Check-­‐ins   Previous  Check-­‐ins,  History     Distance  Algorithims   Traffic  updates.   Speed  and  stops   Loca+ons  in  other  Applica+ons  
  21. 21. Spoofing  GPS  Constella+on  
  22. 22. Spoofing  GPS  Constella+on   GPS Signal Simulators / Signal Spoofer
  23. 23. Spoofing  GPS  Constella+on   Possible Solutions ????????????
  24. 24. Spoofing  GPS  Constella+on   Happy Spoofing :) Thank You ! Thank You
  25. 25. Agile Testing Current Competencies Mobile Testing: Appium, Calabash Performance Testing Tools: JMeter, LoadUI Automation Frameworks in place -  Selenium/Webdriver keyword driven -  SoapUI ATDD Tools: Cucumber, Fitnesse, JBehave, Geb Language Proficiencies: Java, Ruby, Groovy, Python Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP Knowledge Sharing: Speakers in national and international conferences
  26. 26. Contact us @ Websites www.xebia.in www.xebia.com www.xebia.fr Xebia India infoindia@xebia.com Thought Leadership Htto://xebee.xebia.in http://blog.xebia.com http://podcast.xebia.com