Apple reveals nuclear bomb-level vulnerability! Abuse of location services can monitor global privacy: not even Apple can avoid it

News on May 27th: Recently, Apple’s Wi-Fi Positioning Service (WPS) was exposed to have a serious vulnerability. This vulnerability may be abused to monitor the privacy of users around the world, even non-Apple device users will not be immune.

Security researchers from the University of Maryland in the United States described in detail the design flaws of Apple's WPS in the paper "Monitoring Crowds Using Wi-Fi-Based Positioning Systems." This flaw not only affects Apple devices, but may also allow other devices to User privacy is at risk.

According to the description of the paper, WPS positioning has two main working methods: one is to calculate the client location and return these coordinates; the other is to return the geographical location of the submitted BSSID (Basic Service Set Identifier) ​​(with the AP hardware associated) and let the client do the calculations to determine its location.

Google's WPS uses the former. The Android phone will record the BSSID it can see and its signal strength, and send the data to the Google server. The server uses the WPS database to calculate the location of the phone and sends it to cell phone.

Compared with Google's WPS, the Apple system not only returns the requested BSSID location, but also returns the locations of up to 400 nearby BSSIDs. This process requires no authentication, no rate limit, and is completely free.

Therefore, researchers found that by sending requests to Apple’s WPS API, a large amount of BSSID precise location information can be obtained, which can be used to track and monitor individuals and groups. of movement.

The research team collected location data of more than one billion BSSIDs through a month of API queries, and then mapped the movement of devices around the world.

They even used this vulnerability to track the movement of military equipment in the Russia-Ukraine conflict area, showing the seriousness of this vulnerability and the danger of practical application.

The above is the detailed content of Apple reveals nuclear bomb-level vulnerability! Abuse of location services can monitor global privacy: not even Apple can avoid it. For more information, please follow other related articles on the PHP Chinese website!