WILD Attack: Stealthy Undermining of Wi-Fi-Based Geolocation Through Remote Crowdsourced Data Injection

Traditional Wi-Fi Positioning System (WPS) spoofing attacks, while seemingly effective, have failed to raise major WPS security concerns due to their lack of stealth and persistence. This paper introduces a novel WILD Attack that undermines WPS security by subverting its core infrastructure–the Location Lookup Table (LLT). In this attack, an adversary remotely submits falsified crowd-sourced reports for target Wi-Fi access points, inducing WPS providers to update LLT based on falsified rather than legitimate data. We examine four widely deployed WPS providers–Google, Apple, A-Map, and WiGLE–and observe that they all accept falsified reports and apply distinct policies to resolve conflicts between legitimate and falsified data. Exploiting these policies, the attacker can induce two forms of LLT subversion: LLT Entry Tampering and LLT Entry Removal , both persisting for weeks even after the attacker ceases activity. We further present three case studies that show the real-world impact of the WILD Attack and propose countermeasures to mitigate such threats.