Location-based mobile social network services such as foursquare and Gowalla
have grown exponentially over the past several years. These location-based
services utilize the geographical position to enrich user experiences in a
variety of contexts, including location-based searching and location-based
mobile advertising. To attract more users, the location-based mobile social
network services provide real-world rewards to the user, when a user checks in
at a certain venue or location. This gives incentives for users to cheat on
their locations. In this report, we investigate the threat of location cheating
attacks, find the root cause of the vulnerability, and outline the possible
defending mechanisms. We use foursquare as an example to introduce a novel
location cheating attack, which can easily pass the current location
verification mechanism (e.g., cheater code of foursquare). We also crawl the
foursquare website. By analyzing the crawled data, we show that automated large
scale cheating is possible. Through this work, we aim to call attention to
location cheating in mobile social network services and provide insights into
the defending mechanisms.Comment: 10 pages, 8 figures, accepted by the 31st International Conference on
Distributed Computing Systems (ICDCS 2011
