Wrong Siren! A Location Spoofing Attack on Indoor Positioning Systems: The Starbucks Case Study

Junsung Cho, Jaegwan Yu, Sanghak Oh, Jungwoo Ryoo, Jaeseung Song, Hyoungshick Kim

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


The Internet of Things interconnects a mass of billions devices, from smartphones to cars, to provide convenient services to people. This gives immediate access to various data about the objects and the environmental context-leading to smart services and increased efficiency. A number of retail stores have started to adopt IoT enabled services to attract customers. In particular, thanks to indoor proximity technologies, it is possible to introduce location-based smart services to customers, for example, transmitting identifiable signals that represent the locations of stores. In this article, we investigate a potential security risk involved in such technologies: physical signals used as identifiers can be captured and forged easily with today's widely available IoT software for implementing location spoofing attacks. We highlight this security risk by providing a case study: an in-depth security analysis of the recently launched Starbucks service called Siren Order.

Original languageEnglish (US)
Article number7876970
Pages (from-to)132-137
Number of pages6
JournalIEEE Communications Magazine
Issue number3
StatePublished - Mar 2017

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Wrong Siren! A Location Spoofing Attack on Indoor Positioning Systems: The Starbucks Case Study'. Together they form a unique fingerprint.

Cite this