Although the location of devices through this type of data was already known, the study explores to what extent it is possible to obtain data of strategic value through a database that is publicly accessible.
A new study carried out by two researchers from the University of Maryland, United States, warns of the potential risk posed by the WiFi Positioning System (WPS) present in Apple devices, since it would be possible to access its data and analyze the movements of people in a specific area.
WPS is a technology that allows a device to be geolocated using WiFi devices such as routers that are around it, without the need for a GPS satellite signal. Our mobile phones, both iPhones and Android, collect data from the WiFi points that we use to connect, including their location, and these are uploaded to a large database in the cloud. This is something fully known and studied since 2009 or 2010, as cybersecurity expert Chema Alonso explains in his Blog.
But the study cited above, published on May 23 and titled “Surveillance of the masses with WiFi-based positioning systems,” has shown the great value at a geostrategic level that this information could have for States or other entities. This is because researchers have managed to perform a large-scale dump of WPS data for a given period of time.
This can be used to verify how events such as wars or catastrophes affect the movement of connections, but also for governments to monitor where new devices enter a country, which may come, for example, from conflict zones or enemy countries.
To ensure security, along with the discoveries, the study also includes various ways in which WiFi hotspot manufacturers can prevent an enemy actor from using this database to acquire knowledge for dubious purposes.
The abstract of study states: «We present an attack that allows an unprivileged attacker to accumulate a global snapshot of WiFi BSSID geolocations in just a matter of days. Our attack makes few assumptions and simply takes advantage of the fact that there are relatively few dense regions of allocated MAC address space. By applying this technique over a year, we learned the precise location of more than 2 billion BSSIDs around the world,” says this work by Erik Rye and Dave Levin.
“We present several cases that demonstrate the types of privacy attacks that Apple’s WPS allows: we track devices entering and leaving war zones (specifically Ukraine and Gaza), the effects of natural disasters (specifically the fires in Maui) and the possibility of specific individual tracking by proxy, all through remote geolocation of wireless access points,” the researchers point out.
They use BSSID addresses
The way to know the approximate location of a mobile device is simply to access the list of BSSID addresses to which it has access. The BSSID is a code used to identify a WiFi access point, such as a router or repeater. Preventing an Apple phone from collecting this type of information is impossible, although it can be hidden from Google services by changing the name of the home WiFi networks.
