Color App and the future of GPS Spoofing

Google News is full of articles on the pro’s and con’s of the new application, Color. Overall it is a pretty dumb application if you ask me, but it does show that the onslaught of “hyper local” social networks is coming soon. What started as a way to actually test the Color app showcased how much fun it would be to check-in to places. Steps to GPS spoof:

  1. Install Fake GPS from the Market or use ADB/DDMS from the developer tools
  2. Pick your location or long/lat
  3. ???
  4. Profit!

It was pretty fun to see the reactions as I checked into the Oval Office, Falkland Islands, Arab Alabama, and Tripoli. Note to self, the chicken is horrible at the Sheraton in Tripoli and the place is a real hell hole right now :)

For me the takeaway is that GPS coordinates are considered gospel by the internet. With the prevalence of development tools and rooted devices it is very easy to spoof those trusted data sets. When performing social engineering one of the most powerful tools is shared backgrounds. Being able to checkin to a location for a week straight or use Color to pull pictures and information from a company will serve to be a powerful tool in the future.