On May 25, IT Home reported that Krebs on Security, a security blog, published a blog this month, saying that Apple's location service was vulnerable and could locate the whereabouts of troops by "stealing" the WPS database 。
Relevant background knowledge
Although mobile phone positioning mainly relies on satellite positioning, in urban areas, dense high-rise buildings will make it difficult for mobile devices to receive weak satellite signals, so mobile devices will rely on Wi Fi based positioning systems (WPS) in this scenario.
WPS uses a global database of nearly 500 million Wi Fi routers. Most importantly, this is not only the public router they can actually access, but also all BSSIDs they can see, including Wi Fi routers in many homes.
Devices cannot access your router, but they can detect the router and query the database to find out the exact location of the router. These databases are created by cars travelling around. They use a variety of methods to track their locations, collect BSSIDs, and then match them with these locations.
Note from IT Home: The BSSID set by the manufacturer is different from the router SSID selected by the user. In short, it can be regarded as the MAC address of the wireless network card in the router.
Apple and Google have their own WPS databases, and they use basically the same method. Detect the nearby BSSID, measure the strength of each signal, and then compare these data with the WPS database to find the location of the mobile device.
Google Positioning Method
The Android phone will record the BSSID and signal strength it can see, and send the data to the Google server, which uses the WPS database to calculate the location of the phone and send it to the phone.
Apple positioning mode
Apple's WPS also receives a list of nearby BSSIDs. Instead of calculating the location of the device based on the observed access point and the signal strength it receives, Apple returns the geographical location of up to 400 BSSIDs through the API, and then uses about 8 of these BSSIDs to determine the user's location based on known landmarks.
In essence, Google's WPS can calculate the user's location and share it with the device. Apple's WPS provides enough data about the location of known access points in the region for its devices, which can be estimated by the devices themselves.
Apple positioning method vulnerability
Researchers from the University of Maryland said that they can use the lengthy function of Apple's API to draw a mobile map of a single device entering or leaving almost any designated area in the world.
The researchers from the University of Maryland said that they spent one month at the beginning of the study constantly querying the API and asking the location of more than one billion BSSIDs randomly generated.
Of these randomly generated BSSIDs, only about 3 million are known by Apple's Wi Fi geolocation API, but Apple also returned another 488 million BSSID locations, which have been stored in its WPS through other queries.
Researchers say that by zeroing or "geo fencing" other smaller areas indexed by Apple's location API, they can monitor how Wi Fi access points move over time.
This problem may be a big problem in practical terms. The team can locate the conflict area between Russia and Ukraine and confirm the location and movement of the star chain equipment used by the Ukrainian and Russian armies.
Reference address attached to IT home
Special statement: The above content (including pictures or videos, if any) is uploaded and released by users of "Netease" on our media platform, and this platform only provides information storage services.
Notice: The content above (including the pictures and videos if any) is uploaded and posted by a user of NetEase Hao, which is a social media platform and only provides information storage services.