Mickey D
2024-05-30 21:30:36 UTC
https://www.plantalibre.mx/en/8jfkdjaa116979Pdfac1d42/
Vulnerability of Apple Location Services - troop movements can be tracked
A key component of Apple Location Services contains a so-called
high-severity privacy vulnerability that could allow troop movements to be
tracked.
The issue could also allow an attacker to track the location of anyone
using a mobile Wi-Fi router, such as those in RVs and travel routers
sometimes used by business travelers.
Both Apple and Google maintain their own WPS databases and the method they
use is essentially the same. Detect nearby BSSIDs, measure the strength of
each signal, then compare this data to the WPS database to find out where
the mobile device is located.
However, there is one crucial difference between the way Apple and Google
devices perform this task - and that's where the privacy problem arises.
Researchers at the University of Maryland found that Apple devices take a
different approach than every other location service does by using
on-device location tracking.
On-device processing is one of Apple's trademarks and sounds more secure
only when advertised in slick ads, but this is where the problem arises.
The researchers said that by geofencing regions indexed by Apple's location
API, they could track how Wi-Fi access points moved over time. Why could
that be a big problem? They found that by geofencing active conflict areas
in Ukraine, they could determine the location and movement of Starlink
devices used by both Ukrainian and Russian military forces.
Vulnerability of Apple Location Services - troop movements can be tracked
A key component of Apple Location Services contains a so-called
high-severity privacy vulnerability that could allow troop movements to be
tracked.
The issue could also allow an attacker to track the location of anyone
using a mobile Wi-Fi router, such as those in RVs and travel routers
sometimes used by business travelers.
Both Apple and Google maintain their own WPS databases and the method they
use is essentially the same. Detect nearby BSSIDs, measure the strength of
each signal, then compare this data to the WPS database to find out where
the mobile device is located.
However, there is one crucial difference between the way Apple and Google
devices perform this task - and that's where the privacy problem arises.
Researchers at the University of Maryland found that Apple devices take a
different approach than every other location service does by using
on-device location tracking.
On-device processing is one of Apple's trademarks and sounds more secure
only when advertised in slick ads, but this is where the problem arises.
The researchers said that by geofencing regions indexed by Apple's location
API, they could track how Wi-Fi access points moved over time. Why could
that be a big problem? They found that by geofencing active conflict areas
in Ukraine, they could determine the location and movement of Starlink
devices used by both Ukrainian and Russian military forces.