New vulnerability in Apple's positioning service allows troop movements to be tracked

Discussion:

(too old to reply)

Mickey D

2024-05-30 21:30:36 UTC

https://www.plantalibre.mx/en/8jfkdjaa116979Pdfac1d42/
Vulnerability of Apple Location Services - troop movements can be tracked

A key component of Apple Location Services contains a so-called
high-severity privacy vulnerability that could allow troop movements to be
tracked.

The issue could also allow an attacker to track the location of anyone
using a mobile Wi-Fi router, such as those in RVs and travel routers
sometimes used by business travelers.

Both Apple and Google maintain their own WPS databases and the method they
use is essentially the same. Detect nearby BSSIDs, measure the strength of
each signal, then compare this data to the WPS database to find out where
the mobile device is located.

However, there is one crucial difference between the way Apple and Google
devices perform this task - and that's where the privacy problem arises.

Researchers at the University of Maryland found that Apple devices take a
different approach than every other location service does by using
on-device location tracking.

On-device processing is one of Apple's trademarks and sounds more secure
only when advertised in slick ads, but this is where the problem arises.

The researchers said that by geofencing regions indexed by Apple's location
API, they could track how Wi-Fi access points moved over time. Why could
that be a big problem? They found that by geofencing active conflict areas
in Ukraine, they could determine the location and movement of Starlink
devices used by both Ukrainian and Russian military forces.

Jörg Lorenz

2024-05-30 21:36:13 UTC

Permalink

Post by Mickey D
https://www.plantalibre.mx/en/8jfkdjaa116979Pdfac1d42/
Vulnerability of Apple Location Services - troop movements can be tracked.

Very old news.

--
"Alea iacta est." (Julius Caesar)

Jolly Roger

2024-05-30 21:40:20 UTC

Permalink

[a bunch of pearl-clutching nonsense from someone who doesn't
understand that all WiFi access points broadcast their SSIDs and
BSSIDs to the world]

Poor, little ignorant Arlen thinks he's latched onto a huge "gotcha",
when it's really just a big nothing burger yet again. *YAWN*

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Oscar Mayer

2024-05-31 18:57:15 UTC

Permalink

TheRegister reports Apple is throwing UK residents' privacy under the bus.
https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/
"The threat applies even to users that do not own devices for which the
WPSes are designed - individuals who own no Apple products, for instance,
can have their AP in Apple's WPS merely by having Apple devices come within
Wi-Fi transmission range."
Here's the paper.
https://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf

Here's more information about Apple's privacy flaw which affects everyone.

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"There is one crucial difference between the way in which
Apple and Google devices carry out this task
and that's exactly where the privacy issue arises."

[https://www.macworld.com/article/2343297/apple-wi-fi-network-wps-vulnerability-location-services-leak.html]
"Researchers have discovered a crucial vulnerability in the way
only Apple's location services work"

[https://www.govinfosecurity.com/surveillance-risk-apples-wifi-based-positioning-system-a-25330]
"The attack risk stems from Apple's WiFi-based Positioning System, or WPS"

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"We need to understand Apple devices figure out locations differently"

[https://securityboulevard.com/2024/05/apple-wi-fi-location-privacy-richixbw/]
"An unrestricted Apple API endpoint allows for easy tracking."

[https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/]
"Anyone can exploit Apple's flawed WiFi-based positioning system (WPS)*

[https://arxiv.org/abs/2405.14975]
"In this work, we show that Apple's flawed WPS can too easily be abused"

Andrew

2024-05-31 17:37:35 UTC

Permalink

The "general" case is that it is absolutely not an Apple issue.
SSID/BSSID's are OPENLY AND LOUDLY BROADCAST WORLDIWDE IN THE BILLIONS.

The fact is you're defending Apple's holes, to the death, no matter what.

Every desperate excuse you make for the flaws in Apple's implementation
show you not understand what only Apple does that's different here.

Worse, you were not aware the outward facing MAC address cannot be cloned
(in almost all routers and particularly in the tested travel routers).

And you were not aware that the SSID is meaningless for this exploit, other
than the workaround that Apple suggested (of appending _nomac to the SSID).

Furthermore, you're still not aware that a "hidden broadcast" has been a
feature of nearly every router since the dawn of Wi-Fi, where the mere act
of clicking that checkbox prevents the BSSID from being *uploaded* to the
Google and Apple and Mozilla and Wigle databases, by default. (See notes in
the sig, given the Apple religious zealots don't understand this issue).

While you're frantically desperate to fabricate excuses for Apple's
vulnerabilities, you don't ever show any understanding of them.

Notes in the sig given Apple religious zealots don't understand anything.
--
Note 1: The hidden broadcast won't hide the BSSID from a seasoned attacker
(such as a Google or Apple transit vehicle - depending on how its code is
written); but the mere act of hiding the SSID broadcast packet has been
proven to prevent the normal users' device (i.e., mobile phones) from
uploading your BSSID using the typical software that we are speaking about

Note 2: Since the Apple religious zealots act only out of franctic
desperation to make excuses for all Apple's vulnerabilities, it should be
noted that an intelligent person knows the difference between the upload of
the BSSID (which is a first-order issue) vs the deletion of the BSSID from
the Internet databases (which requires second-order software processing).

Note 3: There's no way the Apple religious zealots will understand the two
notes above, but for the intelligent people reading this thread, it should
be noted that if you do hide your broadcast packets, then you often might
want to set your client (such as a phone) to "remember" and "reconnect";
but this has other issues - where the Apple zealots won't understand but
you might understand that the "remember" is fine (unless you're worried
about your phone being stolen) but the "automatic reconnect" should be
turned off because that setting causes the phone to seek out the named AP.