SkyLift WiFi Gelocation Spoofing Device


SkyLift works by broadcasting MAC addresses that are associated with WiFi routers in a different location. WiFi geolocation services rely on the assumed stable location of home and commercial routers to return accurate geolocation information. Because space-based GPS signals are attenuated in dense urban areas, WiFi became a viable alternative for location services in consumer tech. However, it's also vulnerable to spoofing attacks as discovered by researchers at ETH Zurich/Swiss Federal Institute of Technology in 2008.
Ten years later WiFi geolocation spoofing, surprisingly, still works.

WiFi Geolocation Spoofing Device

Made for !Mediengruppe Bitnik’s Assange Room. Developed in collaboration with Surya Mattu

SkyLift is a WiFi geolocation spoofing device that virtually relocates visitors to Julian Assange’s residence at the Ecuadorian Embassy in London. The device was made for !Mediengruppe Bitnik’s Assange room and works by broadcasting WiFi signals (beacon frames) that exploit WiFi geolocation services.

Thanks to a web-residency grant from Schloss Solitude SkyLift now runs on the ESP8266, a low-cost Arduino-compatible WiFi microcontroller, and is open source. Full code and documentation on

Previously, this technique would require a small linux computer, USB WiFi dongles, and a program such as mdk3 to broadcast beacon frames with custom MAC addresses. This was functional but less practical. The small size and low cost of the ESP8266 microcontroller offers new possibilities for creative geolocation spoofing.

How it Works

To get started you can follow the instructions on and use the provided beacon frames to virtually relocate your smartphone to Julian Assange's residence in London. Once successfully relocated, every app on your phone will think you're standing outside 3 Hans Crescent, London SW1X 0LS, even FindMyPhone and Pokemon.

If you'd rather go somewhere sunny, record your own locations using the instructions on GitHub.

SkyLift only relies on broadcasting MAC addresses. There is no IP spoofing, no GPS signal spoofing, no VPN, and no 3rd party app involved. It works for any app on your phone with location services available, including FindMyPhone (iOS) and Pokemon. It works without connecting to any WiFi network. However, it only works when you have WiFi location services enabled. And typically works best indoors (where GPS is attenutated) and in locations where nearby WiFi signals are less than -80dBm.

For a more thorough technical overview about how Beacon Frames work and the basic WiFi protocol information visit PacketBridge (2012), an earlier project from the Critical Engineering group using the same technique, or view the README on

Project Timeline

Prototyping with various WiFi devices. Photo: Adam Harvey

Prototyping with various WiFi devices. Photo: Adam Harvey

Emulating the Ecuadorian Embassy from within Germany. Photo: Adam Harvey

Emulating the Ecuadorian Embassy from within Germany. Photo: Adam Harvey

Tweet from Wikileaks

Tweet from Wikileaks | source

Collecting data in London. Photo: !Mediengruppe Bitnik

Collecting data in London. Photo: !Mediengruppe Bitnik

Also works with FindMyPhone (iOS). Adam Harvey

Also works with FindMyPhone (iOS). Adam Harvey


  • Version 0.3 made with support from a web residency with Akademie Schloss Solitude & ZKM
  • Version 0.2 made with support from exhibitions at La Gaîté Lyrique and FACT Liverpool.
  • Version 0.1 made with support from Zoo Galerie in Nantes, France.
  • Research and development of proof of concept: Surya Mattu (US)
  • Concept in collaboration with !Mediengruppe Bitnik
  • Technical advisement from Julian Oliver (DE) | packetbridge
  • Research assistance and Python development contributions by Leon Eckert (US/DE)




  • Check local WiFi transmission power regulations and set your device's TX power accordingly. Acceptable WiFi TX power varies by country. Specific mW values are listed here though the list may not be up-to-date.