Affordable Access

Ranging and Location attacks on 802.11 FTM

Authors
  • Henry, Jerome
  • Busnel, Yann
  • Ludinard, Romaric
  • Montavont, Nicolas
Publication Date
May 28, 2021
Source
HAL-INRIA
Keywords
Language
English
License
Unknown
External links

Abstract

802.11 Fine Timing Measurement is an indoor ranging technique. Because it is unauthenticated and unprotected, our experiments indicate that an adversary can implement ranging and location attacks, by inserting one or more rogue responders and causing an unsuspecting client to incorporate forged values into its location computation. FTM clients tend to a small set of responders to range against (top 3 to 6 responders with strongest signal). Once ranges have been collected, the client can compute its location using various techniques, such as 3-sphere intersection, matrix error minimization techniques or Kalman filter. Regardless of the technique in use, we show in this paper that an attacker can cause a ranging client to deviate from its intended path. We also show that protection intended for attacks on comparable ranging techniques, like GPS, are ineffective in the case of FTM.

Report this publication

Statistics

Seen <100 times