A vulnerability in Apple's location services could allow devices, including Starlink satellites, to be tracked in war zones. This also opens up privacy risks for mobile router users.
Geodata leak
Main flaw
A key component of Apple's location service contains a serious security flaw that allows attackers to track the movements of any mobile device. Wi-Fi router. The problem occurs due to the way the Wi-Fi Positioning System (WPS) works in Apple products. iOS devices query the geolocations of multiple Wi-Fi hotspots instead of servers figuring out the location themselves. This data may reveal the location of individual users.
Positioning method
Along with GPS, Apple mobile gadgets use WPS to determine coordinates. The system relies on a global database of nearly 500 million Wi-Fi routers. The devices recognize nearby access points by BSSIDs, measure signal strength and correlate this information with data in the WPS database.
Meanwhile, Apple and Google's algorithms for implementing WPS are different. Android devices transmit data about detected BSSIDs and the strength of received signals to servers. Servers calculate coordinates based on these parameters and send a response back to the gadget.
Flaw in the system
In contrast, Apple products ask WPS for geolocation of hundreds of thousands of nearby access points, and then determine the device's position locally, based on known landmarks. Thus, instead of the result, they receive the original data from the database.
Researchers have revealed that by repeatedly querying Apple's Wi-Fi geolocation API, they were able to "steal" virtually the entire WPS database containing the coordinates of billions of BSSIDs around the world. Analyzing this information, they discovered the ability to track the movements of Starlink devices in the combat zone in Ukraine.
Glossary
- BSSID (Basic Service Set Identifier) - a unique identifier for a Wi-Fi wireless access point, consisting of a 48-bit MAC addresses.
- API (Application Programming Interface) - application programming interface, a set of rules for the interaction of software components.
- Starlink is a constellation of small telecommunications satellites for distributing Internet access from Elon Musk’s SpaceX company.
Links
Answers to questions
How do Apple devices determine their location?
What is the privacy vulnerability of Apple Location Services?
How were researchers able to “steal” Apple's WPS database?
What privacy risk does this vulnerability pose?
What steps are being taken to address this vulnerability?
Hashtags
Save a link to this article
Discussion of the topic – Apple Wi-Fi Positioning Vulnerability Reveals Starlink Location at Front
Researchers have discovered a serious vulnerability in Apple's location services that allows Starlink to be tracked in the war zone on the Russian-Ukrainian front. This same vulnerability also threatens the privacy of anyone using a mobile Wi-Fi router.
Latest comments
8 comments
Write a comment
Your email address will not be published. Required fields are checked *
André
This is very worrying. I understand that location data is important for many applications, but are there safer ways to obtain it? 🤔
Григорий
This doesn't surprise me. These tech giants are constantly watching us. It's time to think about our privacy. 😒
София
Indeed, this is a serious problem. But I think Apple and other companies need to be more transparent about data collection and give users more control. 🤨
Ян
Ha, I always knew these guys were spying on us! Maybe it's time to go back to the good old cards? 😄
Густав
Well, technology evolves and some vulnerabilities are inevitable. But I agree that privacy should be a priority. I hope Apple fixes this problem. 💻
Бронислав
Eh, young people, you worry too much about your privacy. Back in my day, we were glad we even had phones! 😂 But I understand your concern.
Анна
I think it's important to find a balance between usability and privacy. Perhaps companies could offer stronger default privacy settings? 🤔
Мария
This is a really serious problem, especially considering that we are talking about such large-scale services as Apple. We need stronger data privacy laws. 👮♀️