The Technology section is published with the support of Favbet Tech
A key element of Apple's location services contains a serious privacy vulnerability that allows tracking moving Starlink in a combat zone. The vulnerability also allows an attacker to determine the location of anyone who has a mobile Wi-Fi router.
How Wi-Fi positioning works
How Apple Devices Determine Their Location? GPS is the main technology used, but not the only one. In cities, for example, tall buildings can make it difficult to receive signals from GPS satellites. Another key technique used by mobile devices is known as Wi-Fi Positioning Systems (WPS).
WPS uses a global database of nearly 500 million Wi-Fi routers. It's important that it's not just the public devices they can access, but also all the BSSIDs (set by manufacturers) that they can see. This applies, for example, to common common Wi-Fi routers. Devices cannot access the router, but they can discover it and consult a database to find out exactly where it is located.
Apple and Google maintain their own WPS databases. The method they use is essentially the same: determining the BSSID (Basic Service Set Identifier) in the vicinity, measuring the strength of each signal and comparing the results with the WPS database to determine where the mobile device is located.
However, there is a significant difference between how Apple and Google devices perform this task — and this is where the privacy issue comes in.
Apple Location Services Vulnerability
The Android phone records the BSSIDs it can see and the signal strength and sends this data to the Google server. The server uses the WPS database to calculate the location and send it to the phone.
Course English For Tech: Speaking&Listening from Enlgish4IT. After the course, you will be able to better present your achievements, discuss projects and manage your daily tasks in English. Take 10% off with promo code TCENG. Find out about the course
But researchers at the University of Maryland discovered that Apple devices take a different approach. Apple's WPS also accepts a list of nearby BSSIDs, but instead of calculating the device's location based on a set of observed access points and received signal strength, and then reporting that result to the user.
- Apple API returns geolocation to over 400,000 BSSIDs that are nearby.
About eight of these BSSIDs are then used to determine the user's location based on known landmarks.
Basically, Google's WPS calculates the user's location and transmits it to the device. Apple's WPS provides its devices with a large enough amount of data about the location of known access points in the area that the devices can make that assessment on their own. Processing data on the device is one of Apple's “tricks”.
- The researchers say they can use Apple's API data stream to map the movement of individual devices to and from almost any specific area of the world. They spent a month at the beginning of their study continuously querying the API for the location of over a billion randomly generated BSSIDs.
They learned that while only about three million of these randomly generated BSSIDs were known to Apple's Wi-Fi Geolocation API, Apple returned back an additional 488 million BSSIDs already stored in the WPS database from other searches.
- The result was that the researchers were actually able to “steal” Apple's WPS database.
By studying location data collected from Apple WPS for a year from November 2022 to November 2023, researchers gained a near-global view of the locations of more than 2 billion Wi-Fi hotspots.
Course English For Tech: Speaking&Listening from Enlgish4IT. After the course, you will be able to better present your achievements, discuss projects and manage your daily tasks in English. Take 10% off with promo code TCENG. Find out about the course
- Researchers can monitor how Wi-Fi hotspots move over time. Why this could be a big problem? They found that by geofencing active war zones in Ukraine, they were able to determine the location and movement of Starlink devices used by both Ukrainian and Russian forces.
The risk was greatest with Starlink mobile hotspots, and the company has now addressed this by randomizing the BSSIDs used.
- To prevent Apple or Google from adding the router to their databases, you can add _nomap to your SSID.
Apple said it will take steps to limit the number of queries to its database to reduce risk.
Sources: Krebs on Security, 9to5mac
The Technology section is published with the support of Favbet Tech
Favbet Tech is IT a company with 100% Ukrainian DNA, which creates perfect services for iGaming and Betting using advanced technologies and provides access to them. Favbet Tech develops innovative software through a complex multi-component platform that can withstand enormous loads and create a unique experience for players. The IT company is part of the FAVBET group of companies.