Why Your Wi-Fi Router Doubles As an AirTag
Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.
Periodically, Apple and Google mobile devices will forward their locations — by querying GPS and/or by using cellular towers as landmarks — along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it’s what allows your mobile phone to continue displaying your planned route even when the device can’t get a fix on GPS.
[…]
In essence, Google’s WPS computes the user’s location and shares it with the device. Apple’s WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own.
That’s according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple’s API to map the movement of individual devices into and out of virtually any defined area of the world.
See also: Bruce Schneier.
2 Comments RSS · Twitter · Mastodon
> Appleās API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested
This would seem to be the issue. You could eventually dump the entire database just by playing a kind of hopscotch with the locations.
That's nothing new, though, right? That was the poor man's GPS from the beginning of iPhones, iPads and iPods (the latter not having a true GPS receiver): The devices would record the WLANs around them, along with their strength and Apple would build a database with them, combine them with actual GPS info and thereby build a map of all known WLANs. Which sometimes got screwed up when you were using a mobile access point/router (had that experienced myself a few times). 15 years ago.
Or what's different now?