SlideShare uma empresa Scribd logo

Exploiting vulnerabilities in location based commerce

Xebia IT Architects
Xebia IT Architects

Location based services can be divided into four categories: location based search, location based commerce, navigation services, and tracking applications. Most location based applications lack location verification, leaving them vulnerable to location spoofing attacks where fake locations can be injected. While this allows rewards and deals to be obtained fraudulently, it can also spoof tracking systems. Solutions include client and server side validations of location data to detect spoofing, but GPS signals can also be directly spoofed through simulator tools.

TecnologiaNegócios
1 de 26
Baixar para ler offline
Location Based Services → Exploiting Vulnerabilities        
+ SOFTWARE DEVELOPMENT DONE RIGHT Netherlands | USA | India | France | UK www.xebia.in; Blog :http://.xebee.xebia.in
What are Location Based Services ? → A service that depends on the network knowing your location   LBS allow consumers to receive services and advertising based on their geographic location.
Location Based Services   Location Based Services Can be basically divided into 4 Broad Categories1. Location Based Search Information 2. Location Based Commerce 3. Navigation Services 4. Tracking Applications
Location Based Information
Location Based Commerce
    Location Based Navigation        
    Location Based Tracking        
Loca&on  and  Constella&ons    
Loca&on  and  Constella&ons    
A  New  Man  Made  Constella&on  
Loca&on  Acquisi&on  Methods   1.GPS 2.Assisted GPS 3.Cell Towers 4.Cell-ID
Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   GPS (Global Positioning System) •  24 satellites in orbit. Typically 5 to 8 are visible from any one place •  Distance calculated by time it takes for signal to travel from satellite to receiver. Calculating the time it takes from 4 satellites provides an accurate fix.
Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   Assisted -GPS •  GPS has a slow time to fix unless it is permanently tracking satellites •  Assisted GPS is based upon providing GPS satellite information to the handset, via the cellular network •  Assisted GPS gives improvements in Time to First Fix
NO  Loca+on  Verifica+on   •  99 % of Applications Providing Location Based Services lack Location Verification Mechanism.          This  Leaves  all  these  Applica+ons            Vulnerable  to  Loca+on  Spoofing  A=acks  
Loca+on  Spoofing                        Injec+ng  Fake  Loca+ons  
Loca+on  Spoofers  
Results  of  Loca+on  Spoofing   •  Commercial   applica+ons  can   be  fooled  by   Checking  in  with   spoofed   Loca+ons.     •  Rewards,  Offers,   Deals  on  Specific   Loca+ons  Can  be   Availed  ☺  
Results  of  Loca+on  Spoofing   •  Tracking  Applica+ons   can  be  fooled  by  fixing  a   fake  loca+on  or   Randomly  changing     Loca+on.     •  Incase  of  Con+nuous     Fleet  tracking,  Pre-­‐ Designed  Routes  can  be   Simulated  to  spoof   con+nuous  Loca+on  
Solu+ons  to  Loca+on  Spoofing    Client  side  valida+ons       •  Hourly  loca+on   •  Cell  towers  triangula+on   Server  side  Valida+ons   •  •  •  •  •  •  •  Date  of  Registra+on   RapidFire  Check-­‐ins   Previous  Check-­‐ins,  History     Distance  Algorithims   Traffic  updates.   Speed  and  stops   Loca+ons  in  other  Applica+ons  
Spoofing  GPS  Constella+on  
Spoofing  GPS  Constella+on   GPS Signal Simulators / Signal Spoofer
Spoofing  GPS  Constella+on   Possible Solutions ????????????
Spoofing  GPS  Constella+on   Happy Spoofing :) Thank You ! Thank You
Agile Testing Current Competencies Mobile Testing: Appium, Calabash Performance Testing Tools: JMeter, LoadUI Automation Frameworks in place -  Selenium/Webdriver keyword driven -  SoapUI ATDD Tools: Cucumber, Fitnesse, JBehave, Geb Language Proficiencies: Java, Ruby, Groovy, Python Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP Knowledge Sharing: Speakers in national and international conferences
Contact us @ Websites www.xebia.in www.xebia.com www.xebia.fr Xebia India infoindia@xebia.com Thought Leadership Htto://xebee.xebia.in http://blog.xebia.com http://podcast.xebia.com

Recomendados

What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?
Petr Dvorak
 
PLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PLNOG15: Find the location of your superhero with 802.11 - Sebastian PasternackiPLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PROIDEA
 
IPaaS
IPaaSIPaaS
IPaaS
Jonathan Boyer
 
tomohawk missile
tomohawk missiletomohawk missile
tomohawk missile
muhammad shoaib
 
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
jdomen44
 
Mobile Laser Scanning Workshop
Mobile Laser Scanning WorkshopMobile Laser Scanning Workshop
Mobile Laser Scanning Workshop
Nasr Khashoggi
 
Foursquare 101
Foursquare 101Foursquare 101
Foursquare 101
Nipun Kapur
 
Velodyne VLP-16 and HDL-32 Interface Box
Velodyne VLP-16 and HDL-32 Interface BoxVelodyne VLP-16 and HDL-32 Interface Box
Velodyne VLP-16 and HDL-32 Interface Box
Brett Johnson
 

Recomendados

What are "virtual beacons"?
What are "virtual beacons"?What are "virtual beacons"?
What are "virtual beacons"?
Petr Dvorak
 
PLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PLNOG15: Find the location of your superhero with 802.11 - Sebastian PasternackiPLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PLNOG15: Find the location of your superhero with 802.11 - Sebastian Pasternacki
PROIDEA
 
IPaaS
IPaaSIPaaS
IPaaS
Jonathan Boyer
 
tomohawk missile
tomohawk missiletomohawk missile
tomohawk missile
muhammad shoaib
 
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
Treball per projectes integrats de Ciència, Tecnologia i Matemàtiques (CTM)
jdomen44
 
Mobile Laser Scanning Workshop
Mobile Laser Scanning WorkshopMobile Laser Scanning Workshop
Mobile Laser Scanning Workshop
Nasr Khashoggi
 
Foursquare 101
Foursquare 101Foursquare 101
Foursquare 101
Nipun Kapur
 
Velodyne VLP-16 and HDL-32 Interface Box
Velodyne VLP-16 and HDL-32 Interface BoxVelodyne VLP-16 and HDL-32 Interface Box
Velodyne VLP-16 and HDL-32 Interface Box
Brett Johnson
 
FOURSQUARE
FOURSQUAREFOURSQUARE
FOURSQUARE
juanfranciscogarcia66
 
Xornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruñaXornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruña
Daniel Cerqueiro García
 
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripuladosNavegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
Rama Estudiantil IEEE Tucuman
 
Social Media 2010 - SolucionesWeb.la
Social Media 2010 - SolucionesWeb.laSocial Media 2010 - SolucionesWeb.la
Social Media 2010 - SolucionesWeb.la
sallegro
 
AuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.AAuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.A
mateox
 
Guía básica foursquare
Guía básica foursquareGuía básica foursquare
Guía básica foursquare
Símbolo Ingenio Creativo
 
Redes Sociales y Geolocalizacion
Redes Sociales y GeolocalizacionRedes Sociales y Geolocalizacion
Redes Sociales y Geolocalizacion
101 - Cientouno
 
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALESPERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
Elife Brasil
 
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Neal Lathia
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
Tom Eston
 
Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101
Murat Can Demir
 
13 sadia riaz _13
13 sadia riaz _1313 sadia riaz _13
13 sadia riaz _13
Alexander Decker
 
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
irjes
 
Location-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based MarketingLocation-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based Marketing
Adam Steinberg
 
Nasa space app challenge
Nasa space app challengeNasa space app challenge
Nasa space app challenge
Barbaros Özdemir
 
Location Based Network Presentation
Location Based Network PresentationLocation Based Network Presentation
Location Based Network Presentation
srndur
 
Foursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoFoursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamiento
MindProject
 
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
alta4 Geoinformatik AG
 
Batimetria.
Batimetria.Batimetria.
Batimetria.
Mike Gomez
 
Inertial Navigation System
Inertial Navigation SystemInertial Navigation System
Inertial Navigation System
aerobuddy
 
Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
moduledesign
 
Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
moduledesign
 

Mais conteúdo relacionado

Destaque

AuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.AAuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.A
mateox
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
Tom Eston
 
Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101
Murat Can Demir
 
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
irjes
 
Foursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoFoursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamiento
MindProject
 

Destaque (20)

FOURSQUARE
FOURSQUAREFOURSQUARE
FOURSQUARE
 
Xornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruñaXornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruña
 
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripuladosNavegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
 
Social Media 2010 - SolucionesWeb.la
Social Media 2010 - SolucionesWeb.laSocial Media 2010 - SolucionesWeb.la
Social Media 2010 - SolucionesWeb.la
 
AuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.AAuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.A
 
Guía básica foursquare
Guía básica foursquareGuía básica foursquare
Guía básica foursquare
 
Redes Sociales y Geolocalizacion
Redes Sociales y GeolocalizacionRedes Sociales y Geolocalizacion
Redes Sociales y Geolocalizacion
 
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALESPERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
 
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
 
Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101
 
13 sadia riaz _13
13 sadia riaz _1313 sadia riaz _13
13 sadia riaz _13
 
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
 
Location-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based MarketingLocation-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based Marketing
 
Nasa space app challenge
Nasa space app challengeNasa space app challenge
Nasa space app challenge
 
Location Based Network Presentation
Location Based Network PresentationLocation Based Network Presentation
Location Based Network Presentation
 
Foursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoFoursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamiento
 
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
 
Batimetria.
Batimetria.Batimetria.
Batimetria.
 
Inertial Navigation System
Inertial Navigation SystemInertial Navigation System
Inertial Navigation System
 

Semelhante a Exploiting vulnerabilities in location based commerce

Farah's presentation
Farah's presentationFarah's presentation
Farah's presentation
SheSays US
 
A Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando MendiorozA Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando Mendioroz
Alan Quayle
 
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
Locaid Technologies
 
Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3
Charles Li
 
Insite deck
Insite deckInsite deck
Insite deck
Michael Kowbel Harvey
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
BlrDroid
 

Semelhante a Exploiting vulnerabilities in location based commerce (20)

Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
 
Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
 
Farah's presentation
Farah's presentationFarah's presentation
Farah's presentation
 
Geolocation an integral part of mobile apps -
Geolocation an integral part of mobile apps - Geolocation an integral part of mobile apps -
Geolocation an integral part of mobile apps -
 
BBK LBS 2009 ET
BBK LBS 2009 ETBBK LBS 2009 ET
BBK LBS 2009 ET
 
Mobile applications chapter 6
Mobile applications chapter 6Mobile applications chapter 6
Mobile applications chapter 6
 
A Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando MendiorozA Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando Mendioroz
 
Location guru product and solution
Location guru product and solutionLocation guru product and solution
Location guru product and solution
 
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
 
LogiCloud Presentation
LogiCloud PresentationLogiCloud Presentation
LogiCloud Presentation
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobs
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobs
 
Asset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of ThingsAsset Tracking and Location Technologies for Internet of Things
Asset Tracking and Location Technologies for Internet of Things
 
Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3
 
Insite deck
Insite deckInsite deck
Insite deck
 
How can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector ServicesHow can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector Services
 
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
 
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
 
10 Location Tracking Apps for Pinpoint Accuracy
10 Location Tracking Apps for Pinpoint Accuracy10 Location Tracking Apps for Pinpoint Accuracy
10 Location Tracking Apps for Pinpoint Accuracy
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
 

Mais de Xebia IT Architects

Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.
Xebia IT Architects
 
When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !
Xebia IT Architects
 
Xebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce SolutionsXebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce Solutions
Xebia IT Architects
 
A warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clientsA warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clients
Xebia IT Architects
 

Mais de Xebia IT Architects (20)

Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.
 
Use Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplicationsUse Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplications
 
When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !
 
DevOps demystified
DevOps demystifiedDevOps demystified
DevOps demystified
 
Modelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST urlModelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST url
 
Scrumban - benefits of both the worlds
Scrumban - benefits of both the worldsScrumban - benefits of both the worlds
Scrumban - benefits of both the worlds
 
#Continuous delivery with #Deployit
#Continuous delivery with #Deployit#Continuous delivery with #Deployit
#Continuous delivery with #Deployit
 
Continuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with seleniumContinuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with selenium
 
Battlefield agility
Battlefield agilityBattlefield agility
Battlefield agility
 
Fish!ing for agile teams
Fish!ing for agile teamsFish!ing for agile teams
Fish!ing for agile teams
 
Xebia-Agile consulting and training offerings
Xebia-Agile consulting and training offeringsXebia-Agile consulting and training offerings
Xebia-Agile consulting and training offerings
 
Xebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce SolutionsXebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce Solutions
 
Growth at Xebia
Growth at XebiaGrowth at Xebia
Growth at Xebia
 
A warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clientsA warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clients
 
"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia India"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia India
 
Agile 2.0 - Our Road to Mastery
Agile 2.0 - Our Road to MasteryAgile 2.0 - Our Road to Mastery
Agile 2.0 - Our Road to Mastery
 
Agile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant VashishthaAgile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant Vashishtha
 
Agile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal JaviaAgile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal Javia
 
Practicing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran MirPracticing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran Mir
 
Moving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita GuptaMoving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita Gupta
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Exploiting vulnerabilities in location based commerce

  • 1. Location Based Services → Exploiting Vulnerabilities        
  • 2. + SOFTWARE DEVELOPMENT DONE RIGHT Netherlands | USA | India | France | UK www.xebia.in; Blog :http://.xebee.xebia.in
  • 3. What are Location Based Services ? → A service that depends on the network knowing your location   LBS allow consumers to receive services and advertising based on their geographic location.
  • 4. Location Based Services   Location Based Services Can be basically divided into 4 Broad Categories1. Location Based Search Information 2. Location Based Commerce 3. Navigation Services 4. Tracking Applications
  • 7.     Location Based Navigation        
  • 8.     Location Based Tracking        
  • 11. A  New  Man  Made  Constella&on  
  • 12. Loca&on  Acquisi&on  Methods   1.GPS 2.Assisted GPS 3.Cell Towers 4.Cell-ID
  • 13. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   GPS (Global Positioning System) •  24 satellites in orbit. Typically 5 to 8 are visible from any one place •  Distance calculated by time it takes for signal to travel from satellite to receiver. Calculating the time it takes from 4 satellites provides an accurate fix.
  • 14. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   Assisted -GPS •  GPS has a slow time to fix unless it is permanently tracking satellites •  Assisted GPS is based upon providing GPS satellite information to the handset, via the cellular network •  Assisted GPS gives improvements in Time to First Fix
  • 15. NO  Loca+on  Verifica+on   •  99 % of Applications Providing Location Based Services lack Location Verification Mechanism.          This  Leaves  all  these  Applica+ons            Vulnerable  to  Loca+on  Spoofing  A=acks  
  • 16. Loca+on  Spoofing                        Injec+ng  Fake  Loca+ons  
  • 18. Results  of  Loca+on  Spoofing   •  Commercial   applica+ons  can   be  fooled  by   Checking  in  with   spoofed   Loca+ons.     •  Rewards,  Offers,   Deals  on  Specific   Loca+ons  Can  be   Availed  ☺  
  • 19. Results  of  Loca+on  Spoofing   •  Tracking  Applica+ons   can  be  fooled  by  fixing  a   fake  loca+on  or   Randomly  changing     Loca+on.     •  Incase  of  Con+nuous     Fleet  tracking,  Pre-­‐ Designed  Routes  can  be   Simulated  to  spoof   con+nuous  Loca+on  
  • 20. Solu+ons  to  Loca+on  Spoofing    Client  side  valida+ons       •  Hourly  loca+on   •  Cell  towers  triangula+on   Server  side  Valida+ons   •  •  •  •  •  •  •  Date  of  Registra+on   RapidFire  Check-­‐ins   Previous  Check-­‐ins,  History     Distance  Algorithims   Traffic  updates.   Speed  and  stops   Loca+ons  in  other  Applica+ons  
  • 22. Spoofing  GPS  Constella+on   GPS Signal Simulators / Signal Spoofer
  • 23. Spoofing  GPS  Constella+on   Possible Solutions ????????????
  • 24. Spoofing  GPS  Constella+on   Happy Spoofing :) Thank You ! Thank You
  • 25. Agile Testing Current Competencies Mobile Testing: Appium, Calabash Performance Testing Tools: JMeter, LoadUI Automation Frameworks in place -  Selenium/Webdriver keyword driven -  SoapUI ATDD Tools: Cucumber, Fitnesse, JBehave, Geb Language Proficiencies: Java, Ruby, Groovy, Python Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP Knowledge Sharing: Speakers in national and international conferences
  • 26. Contact us @ Websites www.xebia.in www.xebia.com www.xebia.fr Xebia India infoindia@xebia.com Thought Leadership Htto://xebee.xebia.in http://blog.xebia.com http://podcast.xebia.com