Today I read a paper titled “Location Cheating: A Security Challenge to Location-based Social Network Services”
The abstract is:
Location-based mobile social network services such as foursquare and Gowalla have grown exponentially over the past several years
These location-based services utilize the geographical position to enrich user experiences in a variety of contexts, including location-based searching and location-based mobile advertising
To attract more users, the location-based mobile social network services provide real-world rewards to the user, when a user checks in at a certain venue or location
This gives incentives for users to cheat on their locations
In this report, we investigate the threat of location cheating attacks, find the root cause of the vulnerability, and outline the possible defending mechanisms
We use foursquare as an example to introduce a novel location cheating attack, which can easily pass the current location verification mechanism (e.g., cheater code of foursquare)
We also crawl the foursquare website
By analyzing the crawled data, we show that automated large scale cheating is possible
Through this work, we aim to call attention to location cheating in mobile social network services and provide insights into the defending mechanisms