Beacons are starting to be deployed to provide micro-location information to receivers, which in-turn, can be used to invoke location-based applications. For example, a typical scenario may include multiple beacons deployed throughout a building. The beacons may include low-powered transmitters that broadcast unique identifiers (IDs). Mobile devices may run mobile applications that listen for the beacon signals to understand the current locations of the mobile devices in the building and to provide content to users based on the locations. For example, based on the location of the mobile device in a grocery store, which is determined from beacons, a mobile application may provide coupons relevant to a product displayed at the location. In another example, a mobile application may control appliances or lighting based on the current location determined from beacons.
Surprisingly, these type of beacon systems can be hacked using a mobile device to spoof a beacon. A hacker can enter a store or property of interest, and using a simple application, scan for the beacons in the store to discover beacon identifiers broadcasted by the beacons in the store. The hacker can create a custom application to act as a beacon that tricks a mobile application on a user's mobile device into believing that the user is inside the store, and the mobile application performs its functions as if the user is in the store. A hacker may use this technique to get unearned rewards, all the coupons offered by vendors, discounts, etc. In a more egregious situation, the mobile application may be designed to receive private user data, when the user is near a beacon. The hacker may inappropriately try to collect private user data by mimicking a beacon.