Security researchers have uncovered a significant privacy flaw in Apple’s Wi-Fi Positioning System (WPS), allowing hackers to track Wi-Fi access points and their owners globally. Apple’s WPS, relying on its vast device network, collects Wi-Fi access point locations based on their unique identifiers. By querying the WPS with BSSIDs from the IEEE’s database, attackers can amass a worldwide database of access point locations, posing profound privacy implications.
The vulnerability lies in Apple’s WPS returning the location of queried BSSIDs and up to 400 nearby access points, enabling attackers to track device movements. Over a year, researchers collected over 2 billion BSSID locations, demonstrating the potential to track device movements over time. This privacy breach allows monitoring troop movements in war zones, tracking natural disaster aftermaths, and identifying specific internet terminals like Starlink satellites.
Researchers suggest MAC address randomization for Wi-Fi access points and improved access restriction to WPS APIs as mitigation measures. Apple introduced an opt-out mechanism for Wi-Fi owners to prevent tracking, while manufacturers like SpaceX are updating firmware to randomize MAC addresses. The discovery underscores the need for enhanced privacy safeguards in geolocation services and internet-connected devices as connectivity expands.
