|
Top-level
 Thought experiment: So, just supposing one finds oneself able to RCE into a machine in that happens to have a wifi card, just have it scan and list the access points in its vicinity. That will give you everything you need to ask Apple (via its API) for the set of all the nearby access points, to calculate fairly precise GPS coordinates of that box, along with the ability to watch that set change over time to see what comes and goes. But why would anyone want such a thing? I have no idea. 7 comments
@BradRubenstein @briankrebs that’s exactly what apple uses it for: geo locating devices that do not have gps radios. @BradRubenstein@infosec.exchange @briankrebs@infosec.exchange How hard would it be to trace where someone's been based on what access points a device has accessed or saved? Or even seen from their phone? Like, would it be possible for one to figure out someone has visited an abortion clinic if there's a history of their phone seeing access points that are near the clinic?  @BradRubenstein @briankrebs That's nothing new, this has been the case for the last 20 years? Community-run WiFi mapping projects exist, even Mozilla has such a database (MLS). @BradRubenstein I fail to see your point? Firefox does this, Windows does this, it's just normal at this point? |
Gregory's Server
@BradRubenstein @briankrebs The name used for it in location circles is WPS https://en.m.wikipedia.org/wiki/Wi-Fi_positioning_system
There are a bunch of open APIs that allow navigation. I think Google had a semi public API at some point until a country took the@ to court for unlawful packet capture.
For phone makers it allows them to provide location services with a super low power budget. (GPS eats battery and you’re normally scanning for WiFi anyway)