2

I want to prevent GPS spoofing in a mobile device and want to investigate additional ways to improve authenticity of this data.

PokemonGo is already struggling with this around the world.

Here are a few ways that may improve the situation:

  • For phones with a manufacturer signed bootstrap, sign the GPS hardware location data. This would limit the usage of emulators, and some jailbroken/rooted devices

  • Correlate GPS data with an IP ping to a trusted server. Lookup the IP coordinates of that IP in various GeoDatabases

  • For high volume games, like Pokemon, collect additional verification such as SSID, BTLe addresses. Peers in the same location should have some overlap in data.

To preserve privacy, I think that hardware manufacturers (iOS/Android) could modify existing APIs to add a confidence level to the GPS data returned.

Do any of these ideas make sense? Is there a better way?

makerofthings7
  • 50,090
  • 54
  • 250
  • 536

2 Answers2

2

Fundamentally, you are trusting the OS to not feed you bad data. If the OS is modified to feed you bad data, it can also feed you bad authentication.

If the GPS device were to produce signed data, all that tells you is that a device who knows the private key produced that data - it doesn't authenticate it as the device. What does authenticate it as the real deal is a certificate chain, starting at one of the trusted roots on the OS. Oh, wait, we don't trust the OS.

If your attacker used a physical device to emulate GPS signals, then even your GPS receiver can't tell the difference, so the signing doesn't help there either.

It really boils down to you running on an un trusted device and having to make inferences as to what is and is not trustworthy (and what the APIs allow you to see!).

Also, I don't know what you were trying to accomplish pinging a known server and then looking it up in a geo-database... All that tells you is that they know where they are...

iAdjunct
  • 1,710
  • 10
  • 15
0

While it is possible for the App Developer and Google to secure software from this as much as they can, there's problem with the device root access and custom firmware (which is customized Android without root).

So, the application could be looking for clues whatever the device isn't rooted and that should be good enough for this moment.

Another thing is that there won't be many users of custom firmware (I think so), but many with rooted one. Rooting device is much easier than replacing the whole firmware.

Regarding checking for rooted device is currently easy as doing "su" to root but this can be prevented. But I think Google Play background service could be checking for the modification of the system files as well. This would involve another mechanism which would rely on the DRM in the device, so as long as it isnt with "unlocked" bootloader then it should be able to reliably say whatever it's rooted or not since there's trusted chain of software on the device.

It might come to the point that games will be playable only on locked devices without root access with verifiable components and that would be no surprise to me at all.

Regarding iOS, if the device is Jailbroken then the games may not be allowed. As long as the phone software might be modified or unauthorized packages can be installed that's it.

Aria
  • 2,706
  • 11
  • 19