Apple may have turned Wi-Fi routers into a privacy threat

Recent research from the University of Maryland has revealed a significant vulnerability in Wi-Fi Positioning Systems (WPSes), which are used by devices to determine their location based on nearby Wi-Fi access points. This vulnerability could enable mass surveillance on a global scale, raising serious concerns for both individuals and businesses.

By Lindsey Schutters

22 May 2024

Apple has evolved its Find My service to be always on which benefits device users, but also compromises safety.

The research paper, titled Surveilling the Masses with Wi-Fi-Based Positioning Systems demonstrates how WPSes can be exploited to gather the locations of billions of Wi-Fi access points worldwide.

Apple's WPS implementation in its Find My network is designed to help devices determine their location using nearby Wi-Fi access points. However, the research reveals a significant vulnerability in Apple's WPS that allows for the mass surveillance of Wi-Fi access points globally.

A smartphone is seen on a selfie stick in Manhattan, in New York City. Source: Reuters/Andrew Kelly

Counterpoint: iPhone 15 and Huawei Mate 60 drive smartphone market growth

Baranjot Kaur 22 Nov 2023

This is achieved by exploiting the structure of MAC addresses, the unique identifiers assigned to network interfaces with researchers demonstrating how an attacker can amass a database of Wi-Fi access point locations and track their movements over time.

These findings are particularly concerning for mobile devices like travel routers, which can reveal sensitive information about individual locations and movements.

The study highlights several case studies, including tracking devices in war zones and monitoring the impact of natural disasters, to illustrate the potential for privacy violations.

Simply being within range of a Wi-Fi-enabled device, such as an iPhone, could expose a person's location and movements without their knowledge or consent. This could lead to targeted advertising, discrimination, or even stalking.

Businesses are also at risk

The data collected through WPS surveillance could be used for corporate espionage, targeted attacks, or to gain a competitive advantage.

Additionally, businesses that manufacture Wi-Fi access points or operate WPSes could face legal liabilities and reputational damage if they fail to address this vulnerability.

Heatmap of BSSIDs discovered by guessing randomly among IEEE-assigned OUIs and their locally assigned variants

Fortunately, there are steps that businesses can take to mitigate this risk:

Implement MAC address randomisation: This makes it difficult to track devices over time.

Limit access to WPS APIs: This can be achieved through rate limits, authentication, or tying queries to specific user accounts.

Respect user privacy: Provide clear information about data usage and offer opt-out options.

Responsible disclosure: If vulnerabilities are discovered, inform affected parties and work to resolve the issue.

This research serves as a wake-up call to businesses and individuals alike. It is crucial to understand the risks associated with WPSes and take proactive measures to protect privacy.