How to spoof your geolocation on Facebook Places or Twitter

How to spoof your geolocation on Facebook Places or Twitter

Summary: Screenshot gallery: Because of a flaw in design either by BlackBerry or Facebook, those using geolocation features such as Twitter or Facebook Places can now appear to be anywhere in the world at any given time, regardless of whether they are even on the same continent.

SHARE:

Facebook has released the updated application for BlackBerry handsets which finally brought Places, the location-based tagging facility to the device, rivalling the popular Foursquare service.

Yet with this, the developers must not have taken into account the BlackBerry Simulation Software, which for all intents and purposes is a fully functional device for the desktop yet purely for simulating the phone and testing applications. It can be used to spoof your Facebook Places and Twitter status locations.

What if you wanted just half an hour's privacy from your partner to buy them the perfect gift? Or how about fooling your friends and appearing somewhere when you physically couldn't be 'for a bit of a laugh'? Why not while you're at it give yourself an alibi to allow you to commit crime? Or skip work for the day and say you're going to the doctors when in fact you're out shopping 20 miles away?

If you have a computer and a social networking account which supports location based features, you can. You don't even need a mobile device.

Gallery To see the step-by-step process, including the installation of the prerequisites and setting everything up, click here. To skip to the good bit and see how to tweak your location settings and fool your friends and followers, click here.

Gratuitous disclaimer As with other 'proof of concepts' out there, this isn't designed in any way to be used for illegal activity. Sure, you could give yourself an alibi for committing crimes, but don't. We here at ZDNet and CBS Interactive do not in any way, shape or form endorse or support the committing of crime (as the lawyers are keen to stress). By all means test it out, but consider the ethical implications of doing this. Hopefully Facebook and BlackBerry will work together to plug this hole so it can't be further used for unethical or illegal reasons.

In short, the process is simple.

By standard, the BlackBerry Simulation Software by standard doesn't allow Internet access, so by installing the MDS (Mobile Data Service) allows data to flow through the simulated device provided the host computer is connected. This then allows you to download and install BlackBerry App World, the catalogue of approved applications which users can buy and download.

By downloading and installing the latest version of Facebook for BlackBerry, this includes Places. Twitter also works provided you have the geolocation feature turned on from the settings on the full web view. ÜberTwitter works, but only if you turn off the ÜberTwitter's installed geolocation helping feature.

You can alter the GPS on the simulated device by going through the menus, allowing you to check yourself into places that you are not present at, or even on the same continent to.

This simulator and Facebook Places was not designed to be abused in this way, but it can be exploited. There are funny and interesting attributes to this exploit, but unfortunately all I can think are the negative ones. I guess it does bring a whole new meaning to the saying, "where do you want to go today"?

That's it; it's as simple as that. Check out the screenshot gallery detailing this entire process here.

Update: I may have just killed Foursquare... whoops.

Topics: Hardware, Mobility, BlackBerry, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • You just discredited blackberries for use as alibies...

    Any lawyer worth their salt would be able to put this in front of the court, to challenge someone's alibi.

    So, by making it public, you may make it easier to do, but it means that you made it easier to challenge in court.
    shryko
    • RE: How to spoof your geolocation on Facebook Places or Twitter

      @shryko I know. Hopefully it'll ensure that RIM (who make the BlackBerry Facebook app) will ensure this doesn't happen.
      zwhittaker
    • RE: How to spoof your geolocation on Facebook Places or Twitter

      @shryko
      Forensics investigators will most probably use more reliable sources for guessing the location. They use the location of the access point that your phone used to go on the mobile network. This is not spoofed.
      This information is available to the operators regardless of the type of used phones. For many years, it has been used in legal cases.
      Wunderbarb
  • RE: How to spoof your geolocation on Facebook Places or Twitter

    What about the privacy issue? I know the bad guys and spammers can spoof their location for nefarious reasons, but why cant I do so just to be left alone?
    dixon757@...
  • RE: How to spoof your geolocation on Facebook Places or Twitter

    I hope they don't manage to stop it. Or someone finds another way. Busybodies deserve to be pwned!
    jdgalt
  • public apis

    you realise you can do this much easier and in a few lines of code using the public apis of the various service? this solution was amusing in it's unneeded complexity though.

    - http://dev.twitter.com/doc/post/statuses/update
    - http://groups.google.com/group/foursquare-api/web/api-documentation
    faultw