A recent study uncovered surveillance on an unprecedented scale.
Researchers from the University of Maryland have identified serious security and privacy issues in the geolocation systems of Apple and Starlink. In the course of the study, it became clear that the data that companies collect and publicly share can be used to track the location of billions of devices around the world.
Apple collects data about the exact location of all Wi - Fi hotspots visible to its devices. This allows the company's devices to provide users with location information without constantly accessing GPS. Similar systems work for Google. Both giants capture Wi-Fi access point IDs, such as MAC addresses (BSSIDs).
Unlike Google, Apple returns geolocation of up to 400 nearby BSSIDs, which allows devices to determine their location based on known access points. This amount of data allowed researchers from Maryland to track the movement of individual devices anywhere in the world. They requested data on more than a billion randomly generated BSSIDs and obtained information on 488 million access points.
So, the researchers used the data obtained to monitor the movements of Starlink satellites. Each Starlink device is equipped with its own Wi-Fi hotspot, which is automatically indexed by the nearest Apple devices with geolocation services enabled.
In response to the study's findings, Starlink has released software updates that randomize the BSSIDs of devices, making them harder to track. The researchers noted that in recent months, the number of Starlink devices whose location could be determined using the Apple system has actually decreased.
Apple also responded to the study by making changes to its privacy policy. In March 2024, the company allowed users to exclude their Wi-Fi access points from the system by adding the suffix "_nomap" to the network name.
The researchers stressed that the inability to opt out of data collection previously posed a serious threat to privacy. According to them, Apple should implement additional measures to limit abuse of its API, for example, limiting the speed of requests.
The discovered vulnerabilities pose a serious problem for users around the world. The study shows the need for additional security and privacy measures in geolocation systems to protect users from potential threats and abuse.
Researchers from the University of Maryland have identified serious security and privacy issues in the geolocation systems of Apple and Starlink. In the course of the study, it became clear that the data that companies collect and publicly share can be used to track the location of billions of devices around the world.
Apple collects data about the exact location of all Wi - Fi hotspots visible to its devices. This allows the company's devices to provide users with location information without constantly accessing GPS. Similar systems work for Google. Both giants capture Wi-Fi access point IDs, such as MAC addresses (BSSIDs).
Unlike Google, Apple returns geolocation of up to 400 nearby BSSIDs, which allows devices to determine their location based on known access points. This amount of data allowed researchers from Maryland to track the movement of individual devices anywhere in the world. They requested data on more than a billion randomly generated BSSIDs and obtained information on 488 million access points.
So, the researchers used the data obtained to monitor the movements of Starlink satellites. Each Starlink device is equipped with its own Wi-Fi hotspot, which is automatically indexed by the nearest Apple devices with geolocation services enabled.
In response to the study's findings, Starlink has released software updates that randomize the BSSIDs of devices, making them harder to track. The researchers noted that in recent months, the number of Starlink devices whose location could be determined using the Apple system has actually decreased.
Apple also responded to the study by making changes to its privacy policy. In March 2024, the company allowed users to exclude their Wi-Fi access points from the system by adding the suffix "_nomap" to the network name.
The researchers stressed that the inability to opt out of data collection previously posed a serious threat to privacy. According to them, Apple should implement additional measures to limit abuse of its API, for example, limiting the speed of requests.
The discovered vulnerabilities pose a serious problem for users around the world. The study shows the need for additional security and privacy measures in geolocation systems to protect users from potential threats and abuse.
