SlideShare uma empresa Scribd logo
1 de 26
Baixar para ler offline
Location Based Services
→ Exploiting Vulnerabilities

	
  
	
  
	
  
	
  
+

SOFTWARE DEVELOPMENT DONE RIGHT
Netherlands | USA | India | France | UK

www.xebia.in; Blog :http://.xebee.xebia.in
What are Location Based Services ?
→ A service that depends on the network knowing your location

	
  

LBS allow consumers to receive services and advertising based on
their geographic location.
Location Based Services
	
  
Location Based Services Can be basically divided into 4 Broad
Categories1. Location Based Search Information
2. Location Based Commerce
3. Navigation Services
4. Tracking Applications
Location Based Information
Location Based Commerce
 
	
  

Location Based Navigation
	
  
	
  
	
  
	
  
 
	
  

Location Based Tracking
	
  
	
  
	
  
	
  
Loca&on	
  and	
  Constella&ons	
  	
  
Loca&on	
  and	
  Constella&ons	
  	
  
A	
  New	
  Man	
  Made	
  Constella&on	
  
Loca&on	
  Acquisi&on	
  Methods	
  
1.GPS
2.Assisted GPS
3.Cell Towers
4.Cell-ID
Loca&on	
  Accuracy	
  and	
  Usage	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  Precise	
  Loca+on	
  Acquisi+on	
  

GPS (Global Positioning System)

•  24 satellites in orbit. Typically 5 to 8 are
visible from any one place
•  Distance calculated by time it takes for signal
to travel from satellite to receiver. Calculating
the time it takes from 4 satellites provides an
accurate fix.
Loca&on	
  Accuracy	
  and	
  Usage	
  
	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  Precise	
  Loca+on	
  Acquisi+on	
  
Assisted -GPS
•  GPS has a slow time to
fix unless it is
permanently tracking
satellites

•  Assisted GPS is based
upon providing GPS
satellite information to
the handset, via the
cellular network

•  Assisted GPS gives
improvements in
Time to First Fix
NO	
  Loca+on	
  Verifica+on	
  
•  99 % of Applications Providing Location Based
Services lack Location Verification Mechanism.

	
  	
  	
  	
  	
  This	
  Leaves	
  all	
  these	
  Applica+ons	
  
	
  	
  	
  	
  	
  Vulnerable	
  to	
  Loca+on	
  Spoofing	
  A=acks	
  
Loca+on	
  Spoofing	
  

	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  	
  Injec+ng	
  Fake	
  Loca+ons	
  
Loca+on	
  Spoofers	
  
Results	
  of	
  Loca+on	
  Spoofing	
  
•  Commercial	
  
applica+ons	
  can	
  
be	
  fooled	
  by	
  
Checking	
  in	
  with	
  
spoofed	
  
Loca+ons.	
  
	
  
•  Rewards,	
  Offers,	
  
Deals	
  on	
  Specific	
  
Loca+ons	
  Can	
  be	
  
Availed	
  ☺	
  
Results	
  of	
  Loca+on	
  Spoofing	
  
•  Tracking	
  Applica+ons	
  
can	
  be	
  fooled	
  by	
  fixing	
  a	
  
fake	
  loca+on	
  or	
  
Randomly	
  changing	
  	
  
Loca+on.	
  
	
  
•  Incase	
  of	
  Con+nuous	
  	
  
Fleet	
  tracking,	
  Pre-­‐
Designed	
  Routes	
  can	
  be	
  
Simulated	
  to	
  spoof	
  
con+nuous	
  Loca+on	
  
Solu+ons	
  to	
  Loca+on	
  Spoofing	
  
	
  Client	
  side	
  valida+ons	
  
	
  
	
  

•  Hourly	
  loca+on	
  
•  Cell	
  towers	
  triangula+on	
  

Server	
  side	
  Valida+ons	
  
• 
• 
• 
• 
• 
• 
• 

Date	
  of	
  Registra+on	
  
RapidFire	
  Check-­‐ins	
  
Previous	
  Check-­‐ins,	
  History	
  	
  
Distance	
  Algorithims	
  
Traffic	
  updates.	
  
Speed	
  and	
  stops	
  
Loca+ons	
  in	
  other	
  Applica+ons	
  
Spoofing	
  GPS	
  Constella+on	
  
Spoofing	
  GPS	
  Constella+on	
  

GPS Signal Simulators / Signal Spoofer
Spoofing	
  GPS	
  Constella+on	
  

Possible Solutions ????????????
Spoofing	
  GPS	
  Constella+on	
  
Happy Spoofing :)

Thank You !
Thank You
Agile Testing

Current Competencies
Mobile Testing: Appium, Calabash
Performance Testing Tools: JMeter, LoadUI

Automation Frameworks in place
-  Selenium/Webdriver keyword driven
-  SoapUI

ATDD Tools: Cucumber, Fitnesse, JBehave, Geb
Language Proficiencies: Java, Ruby, Groovy, Python
Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP
Knowledge Sharing: Speakers in national and international conferences
Contact us @

Websites

www.xebia.in
www.xebia.com
www.xebia.fr

Xebia India

infoindia@xebia.com

Thought Leadership

Htto://xebee.xebia.in
http://blog.xebia.com
http://podcast.xebia.com

Mais conteúdo relacionado

Destaque

Xornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruñaXornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruñaDaniel Cerqueiro García
 
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripuladosNavegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripuladosRama Estudiantil IEEE Tucuman
 
Social Media 2010 - SolucionesWeb.la
Social Media 2010  -  SolucionesWeb.laSocial Media 2010  -  SolucionesWeb.la
Social Media 2010 - SolucionesWeb.lasallegro
 
AuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.AAuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.Amateox
 
Redes Sociales y Geolocalizacion
Redes Sociales y GeolocalizacionRedes Sociales y Geolocalizacion
Redes Sociales y Geolocalizacion101 - Cientouno
 
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS  EN LAS REDES SOCIALESPERFIL DE LOS CORREDORES MEXICANOS  EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALESElife Brasil
 
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...Neal Lathia
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredTom Eston
 
Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Murat Can Demir
 
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...irjes
 
Location-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based MarketingLocation-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based MarketingAdam Steinberg
 
Location Based Network Presentation
Location Based Network PresentationLocation Based Network Presentation
Location Based Network Presentationsrndur
 
Foursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoFoursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoMindProject
 
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...alta4 Geoinformatik AG
 
Inertial Navigation System
Inertial Navigation SystemInertial Navigation System
Inertial Navigation Systemaerobuddy
 

Destaque (20)

FOURSQUARE
FOURSQUAREFOURSQUARE
FOURSQUARE
 
Xornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruñaXornada 5 curso asociación de prensa de a coruña
Xornada 5 curso asociación de prensa de a coruña
 
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripuladosNavegación integrada y aplicaciones a vehículos aéreos no tripulados
Navegación integrada y aplicaciones a vehículos aéreos no tripulados
 
Social Media 2010 - SolucionesWeb.la
Social Media 2010  -  SolucionesWeb.laSocial Media 2010  -  SolucionesWeb.la
Social Media 2010 - SolucionesWeb.la
 
AuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.AAuditoríA De Proyecto De Vuelo G.A
AuditoríA De Proyecto De Vuelo G.A
 
Guía básica foursquare
Guía básica foursquareGuía básica foursquare
Guía básica foursquare
 
Redes Sociales y Geolocalizacion
Redes Sociales y GeolocalizacionRedes Sociales y Geolocalizacion
Redes Sociales y Geolocalizacion
 
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS  EN LAS REDES SOCIALESPERFIL DE LOS CORREDORES MEXICANOS  EN LAS REDES SOCIALES
PERFIL DE LOS CORREDORES MEXICANOS EN LAS REDES SOCIALES
 
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
Opportunities and Challenges of Using Smartphones for Health Monitoring and I...
 
Social Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and UncensoredSocial Zombies Gone Wild: Totally Exposed and Uncensored
Social Zombies Gone Wild: Totally Exposed and Uncensored
 
Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101 Introduction to Foursquare: 4SQ 101
Introduction to Foursquare: 4SQ 101
 
13 sadia riaz _13
13 sadia riaz _1313 sadia riaz _13
13 sadia riaz _13
 
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...Functional Simulation of the Integrated Onboard System For a Commercial Launc...
Functional Simulation of the Integrated Onboard System For a Commercial Launc...
 
Location-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based MarketingLocation-Based Services Overview and 5 Tips for Location-Based Marketing
Location-Based Services Overview and 5 Tips for Location-Based Marketing
 
Nasa space app challenge
Nasa space app challengeNasa space app challenge
Nasa space app challenge
 
Location Based Network Presentation
Location Based Network PresentationLocation Based Network Presentation
Location Based Network Presentation
 
Foursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamientoFoursquare para Empresas. Marketing por GeoPosicionamiento
Foursquare para Empresas. Marketing por GeoPosicionamiento
 
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
GPS-Kameras und Photo-Asset-Management – Anwendungsbeispele aus der Wasserwir...
 
Batimetria.
Batimetria.Batimetria.
Batimetria.
 
Inertial Navigation System
Inertial Navigation SystemInertial Navigation System
Inertial Navigation System
 

Semelhante a Exploiting vulnerabilities in location based commerce

Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocationmoduledesign
 
Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocationmoduledesign
 
Farah's presentation
Farah's presentationFarah's presentation
Farah's presentationSheSays US
 
Mobile applications chapter 6
Mobile applications chapter 6Mobile applications chapter 6
Mobile applications chapter 6Akib B. Momin
 
A Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando MendiorozA Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando MendiorozAlan Quayle
 
Location guru product and solution
Location guru product and solutionLocation guru product and solution
Location guru product and solutionShilkumar Patil
 
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for AuthenticationLocaid Technologies
 
LogiCloud Presentation
LogiCloud PresentationLogiCloud Presentation
LogiCloud PresentationLogiCloud
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobslogixgrid
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobsGurchran Singh
 
Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3Charles Li
 
How can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector ServicesHow can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector ServicesMahmoud BEN TAHAR
 
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...GIS in the Rockies
 
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
 gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltdprashant surgude
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev BlrDroid
 
Io13 deep dive location api
Io13 deep dive   location api Io13 deep dive   location api
Io13 deep dive location api amsanjeev
 
WebXpress Corporate Presentation
WebXpress Corporate PresentationWebXpress Corporate Presentation
WebXpress Corporate PresentationWebXpress.IN
 

Semelhante a Exploiting vulnerabilities in location based commerce (20)

Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
 
Lecture 6 geolocation
Lecture 6 geolocationLecture 6 geolocation
Lecture 6 geolocation
 
Farah's presentation
Farah's presentationFarah's presentation
Farah's presentation
 
BBK LBS 2009 ET
BBK LBS 2009 ETBBK LBS 2009 ET
BBK LBS 2009 ET
 
Mobile applications chapter 6
Mobile applications chapter 6Mobile applications chapter 6
Mobile applications chapter 6
 
A Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando MendiorozA Geolocation API, Fernando Mendioroz
A Geolocation API, Fernando Mendioroz
 
Core Location in iOS
Core Location in iOSCore Location in iOS
Core Location in iOS
 
Location guru product and solution
Location guru product and solutionLocation guru product and solution
Location guru product and solution
 
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
1+1=3 Combining IP Intelligence and Mobile Network Location for Authentication
 
LogiCloud Presentation
LogiCloud PresentationLogiCloud Presentation
LogiCloud Presentation
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobs
 
Big data analytics for field jobs
Big data analytics for field jobsBig data analytics for field jobs
Big data analytics for field jobs
 
Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3Channel- Why Wilis v 1.3
Channel- Why Wilis v 1.3
 
Insite deck
Insite deckInsite deck
Insite deck
 
How can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector ServicesHow can IoT reduce waiting queues & Optimize Public Sector Services
How can IoT reduce waiting queues & Optimize Public Sector Services
 
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
2018 GIS in the Rockies Vendor Showcase (Wed): Frontier Precision GIS Service...
 
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
 gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
gps vehicle tracking system dealer in pune-india| nuevas technologies pvt ltd
 
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
June2013 Meetup : IO13 Deep Dive-Location_api_AmritSanjeev
 
Io13 deep dive location api
Io13 deep dive   location api Io13 deep dive   location api
Io13 deep dive location api
 
WebXpress Corporate Presentation
WebXpress Corporate PresentationWebXpress Corporate Presentation
WebXpress Corporate Presentation
 

Mais de Xebia IT Architects

Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.Xebia IT Architects
 
Use Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplicationsUse Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplicationsXebia IT Architects
 
When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !Xebia IT Architects
 
Modelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST urlModelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST urlXebia IT Architects
 
Scrumban - benefits of both the worlds
Scrumban - benefits of both the worldsScrumban - benefits of both the worlds
Scrumban - benefits of both the worldsXebia IT Architects
 
#Continuous delivery with #Deployit
#Continuous delivery with #Deployit#Continuous delivery with #Deployit
#Continuous delivery with #DeployitXebia IT Architects
 
Continuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with seleniumContinuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with seleniumXebia IT Architects
 
Xebia-Agile consulting and training offerings
Xebia-Agile consulting and training offeringsXebia-Agile consulting and training offerings
Xebia-Agile consulting and training offeringsXebia IT Architects
 
Xebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce SolutionsXebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce SolutionsXebia IT Architects
 
A warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clientsA warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clientsXebia IT Architects
 
"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia India"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia IndiaXebia IT Architects
 
Agile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant VashishthaAgile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant VashishthaXebia IT Architects
 
Agile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal JaviaAgile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal JaviaXebia IT Architects
 
Practicing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran MirPracticing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran MirXebia IT Architects
 
Moving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita GuptaMoving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita GuptaXebia IT Architects
 

Mais de Xebia IT Architects (20)

Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.Using Graph Databases For Insights Into Connected Data.
Using Graph Databases For Insights Into Connected Data.
 
Use Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplicationsUse Cases of #Grails in #WebApplications
Use Cases of #Grails in #WebApplications
 
When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !When elephants dance , enterprise goes mobile !
When elephants dance , enterprise goes mobile !
 
DevOps demystified
DevOps demystifiedDevOps demystified
DevOps demystified
 
Modelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST urlModelling RESTful applications – Why should I not use verbs in REST url
Modelling RESTful applications – Why should I not use verbs in REST url
 
Scrumban - benefits of both the worlds
Scrumban - benefits of both the worldsScrumban - benefits of both the worlds
Scrumban - benefits of both the worlds
 
#Continuous delivery with #Deployit
#Continuous delivery with #Deployit#Continuous delivery with #Deployit
#Continuous delivery with #Deployit
 
Continuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with seleniumContinuous integration using thucydides(bdd) with selenium
Continuous integration using thucydides(bdd) with selenium
 
Battlefield agility
Battlefield agilityBattlefield agility
Battlefield agility
 
Fish!ing for agile teams
Fish!ing for agile teamsFish!ing for agile teams
Fish!ing for agile teams
 
Xebia-Agile consulting and training offerings
Xebia-Agile consulting and training offeringsXebia-Agile consulting and training offerings
Xebia-Agile consulting and training offerings
 
Xebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce SolutionsXebia e-Commerce / mCommerce Solutions
Xebia e-Commerce / mCommerce Solutions
 
Growth at Xebia
Growth at XebiaGrowth at Xebia
Growth at Xebia
 
A warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clientsA warm and prosperous Happy Diwali to all our clients
A warm and prosperous Happy Diwali to all our clients
 
"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia India"We Plan to double our headcount" - MD, Xebia India
"We Plan to double our headcount" - MD, Xebia India
 
Agile 2.0 - Our Road to Mastery
Agile 2.0 - Our Road to MasteryAgile 2.0 - Our Road to Mastery
Agile 2.0 - Our Road to Mastery
 
Agile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant VashishthaAgile FAQs by Shrikant Vashishtha
Agile FAQs by Shrikant Vashishtha
 
Agile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal JaviaAgile Team Dynamics by Bhavin Chandulal Javia
Agile Team Dynamics by Bhavin Chandulal Javia
 
Practicing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran MirPracticing Agile in Offshore Environment by Himanshu Seth & Imran Mir
Practicing Agile in Offshore Environment by Himanshu Seth & Imran Mir
 
Moving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita GuptaMoving Gradually to Agile Development by Kavita Gupta
Moving Gradually to Agile Development by Kavita Gupta
 

Último

Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Último (20)

201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

Exploiting vulnerabilities in location based commerce

  • 1. Location Based Services → Exploiting Vulnerabilities        
  • 2. + SOFTWARE DEVELOPMENT DONE RIGHT Netherlands | USA | India | France | UK www.xebia.in; Blog :http://.xebee.xebia.in
  • 3. What are Location Based Services ? → A service that depends on the network knowing your location   LBS allow consumers to receive services and advertising based on their geographic location.
  • 4. Location Based Services   Location Based Services Can be basically divided into 4 Broad Categories1. Location Based Search Information 2. Location Based Commerce 3. Navigation Services 4. Tracking Applications
  • 7.     Location Based Navigation        
  • 8.     Location Based Tracking        
  • 11. A  New  Man  Made  Constella&on  
  • 12. Loca&on  Acquisi&on  Methods   1.GPS 2.Assisted GPS 3.Cell Towers 4.Cell-ID
  • 13. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   GPS (Global Positioning System) •  24 satellites in orbit. Typically 5 to 8 are visible from any one place •  Distance calculated by time it takes for signal to travel from satellite to receiver. Calculating the time it takes from 4 satellites provides an accurate fix.
  • 14. Loca&on  Accuracy  and  Usage                        Precise  Loca+on  Acquisi+on   Assisted -GPS •  GPS has a slow time to fix unless it is permanently tracking satellites •  Assisted GPS is based upon providing GPS satellite information to the handset, via the cellular network •  Assisted GPS gives improvements in Time to First Fix
  • 15. NO  Loca+on  Verifica+on   •  99 % of Applications Providing Location Based Services lack Location Verification Mechanism.          This  Leaves  all  these  Applica+ons            Vulnerable  to  Loca+on  Spoofing  A=acks  
  • 16. Loca+on  Spoofing                        Injec+ng  Fake  Loca+ons  
  • 18. Results  of  Loca+on  Spoofing   •  Commercial   applica+ons  can   be  fooled  by   Checking  in  with   spoofed   Loca+ons.     •  Rewards,  Offers,   Deals  on  Specific   Loca+ons  Can  be   Availed  ☺  
  • 19. Results  of  Loca+on  Spoofing   •  Tracking  Applica+ons   can  be  fooled  by  fixing  a   fake  loca+on  or   Randomly  changing     Loca+on.     •  Incase  of  Con+nuous     Fleet  tracking,  Pre-­‐ Designed  Routes  can  be   Simulated  to  spoof   con+nuous  Loca+on  
  • 20. Solu+ons  to  Loca+on  Spoofing    Client  side  valida+ons       •  Hourly  loca+on   •  Cell  towers  triangula+on   Server  side  Valida+ons   •  •  •  •  •  •  •  Date  of  Registra+on   RapidFire  Check-­‐ins   Previous  Check-­‐ins,  History     Distance  Algorithims   Traffic  updates.   Speed  and  stops   Loca+ons  in  other  Applica+ons  
  • 22. Spoofing  GPS  Constella+on   GPS Signal Simulators / Signal Spoofer
  • 23. Spoofing  GPS  Constella+on   Possible Solutions ????????????
  • 24. Spoofing  GPS  Constella+on   Happy Spoofing :) Thank You ! Thank You
  • 25. Agile Testing Current Competencies Mobile Testing: Appium, Calabash Performance Testing Tools: JMeter, LoadUI Automation Frameworks in place -  Selenium/Webdriver keyword driven -  SoapUI ATDD Tools: Cucumber, Fitnesse, JBehave, Geb Language Proficiencies: Java, Ruby, Groovy, Python Functional automation Tools: Selenium/Webdriver, AUTO IT, SoapUI, QTP Knowledge Sharing: Speakers in national and international conferences
  • 26. Contact us @ Websites www.xebia.in www.xebia.com www.xebia.fr Xebia India infoindia@xebia.com Thought Leadership Htto://xebee.xebia.in http://blog.xebia.com http://podcast.xebia.com