The research paper, titled Surveilling the Masses with Wi-Fi-Based Positioning Systems demonstrates how WPSes can be exploited to gather the locations of billions of Wi-Fi access points worldwide.
Apple's WPS implementation in its Find My network is designed to help devices determine their location using nearby Wi-Fi access points. However, the research reveals a significant vulnerability in Apple's WPS that allows for the mass surveillance of Wi-Fi access points globally.
This is achieved by exploiting the structure of MAC addresses, the unique identifiers assigned to network interfaces with researchers demonstrating how an attacker can amass a database of Wi-Fi access point locations and track their movements over time.
These findings are particularly concerning for mobile devices like travel routers, which can reveal sensitive information about individual locations and movements.
The study highlights several case studies, including tracking devices in war zones and monitoring the impact of natural disasters, to illustrate the potential for privacy violations.
Simply being within range of a Wi-Fi-enabled device, such as an iPhone, could expose a person's location and movements without their knowledge or consent. This could lead to targeted advertising, discrimination, or even stalking.
The data collected through WPS surveillance could be used for corporate espionage, targeted attacks, or to gain a competitive advantage.
Additionally, businesses that manufacture Wi-Fi access points or operate WPSes could face legal liabilities and reputational damage if they fail to address this vulnerability.
Fortunately, there are steps that businesses can take to mitigate this risk:
Implement MAC address randomisation: This makes it difficult to track devices over time.
Limit access to WPS APIs: This can be achieved through rate limits, authentication, or tying queries to specific user accounts.
Respect user privacy: Provide clear information about data usage and offer opt-out options.
Responsible disclosure: If vulnerabilities are discovered, inform affected parties and work to resolve the issue.
This research serves as a wake-up call to businesses and individuals alike. It is crucial to understand the risks associated with WPSes and take proactive measures to protect privacy.
