Threat impact analysis of man-in-the-middle attacks on delay-based geolocation on the internet

Open Webpage

Bar Pincu, Aviram Zilberman, Ilia Leibovich, Rami Puzis, Andikan Otung, Motoyoshi Sekiya, Yuval Elovici

Published: 01 Jan 2025, Last Modified: 10 Nov 2025Comput. Networks 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Man-in-the-middle (MITM) attacks on the Internet pose significant security threats. These attacks enable hackers to intercept and manipulate traffic between routers, exploit vulnerabilities in the Internet’s trust model, divert traffic, eavesdrop on communications, or insert malicious data into the network. This paper investigates the abilities of MITM attackers to manipulate delay-based geolocation algorithms. The focus is on how attackers, controlling a series of routers and a host computer, can distort geolocation results by altering delay measurements obtained from ICMP ping messages sent to the host computer. This manipulation targets delay-based geolocation techniques used in location-based services (LBSs). Through a systematic investigation, this study evaluates the effectiveness and capabilities of MITM attackers in subverting geolocation algorithms to falsify a victim’s location. Our findings highlight the necessity of implementing robust security measures on the Internet to mitigate the risk of MITM attacks and protect the integrity of geolocation-based services.