Apple’s Wi Fi Positioning System Vulnerable to Global User Tracking by Hackers
ฝัง
- เผยแพร่เมื่อ 22 พ.ค. 2024
- A recent study by University of Maryland security researchers has uncovered a major privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS). This flaw allows hackers to track the locations of Wi-Fi access points and their owners globally. The researchers found that an attacker can exploit Apple’s crowdsourced location tracking system to compile a worldwide database of Wi-Fi locations and monitor device movements over time. Apple's WPS uses its network of iPhones, iPads, and MacBooks to collect the geolocation of Wi-Fi access points based on their BSSIDs.
The vulnerability is exploited by querying the WPS with BSSIDs derived from the IEEE’s public database of Organizationally Unique Identifiers (OUIs). This enables attackers to quickly locate millions of Wi-Fi access points without prior knowledge. The WPS returns not only the queried BSSID's location but also the locations of up to 400 nearby access points. Over a year, researchers gathered precise locations for over 2 billion BSSIDs worldwide, revealing profound privacy implications as this data can track device movements.
The researchers highlighted real-world impacts, such as tracking movements in war zones, monitoring natural disaster aftermaths, and identifying Starlink terminals. They responsibly disclosed the vulnerability to Apple, which now allows Wi-Fi access point owners to opt out of location tracking by appending “_nomap” to their SSIDs. Some manufacturers, like SpaceX, are updating firmware to randomize device MAC addresses. - วิทยาศาสตร์และเทคโนโลยี
