Sunday, March 20, 2011

WiFi Geolocation

I knew about IP geolocation, but someone knowing my country is not enough to set on my paranoia alarm. One day i was having fun with an Apple iPad and when i open the Maps application y suddenly freaked out. The iPad knew my exact position, my paranoia alarm is on for sure, this was the cheap iPad so no assisted GPS here.


After some searches on the web I found that this was using access points as if they were cellphone towers to get my position on the globe.
Recently Google got into some trouble[1][2] for their war driving van, aka street view van.
So it’s not new that companies are doing some war driving to make geolocation, but i didn’t believe this could be so accurate and up to date, I was wrong.

But I don’t live in the US, I’m far away from Google street view or companies doing war driving. I’m safe, aren’t I? Again wrong!! It doesn’t matter, apparently some companies are using the users to do war driving for them. I continued my search through the web and found this document, it is theresponse of Apple to query about privacy policy changes, here are some quotes:


To provide the high quality products and services that its customers demand, Apple must have access to comprehensive location-based information. For devices running the iPhone OS versions 1.1.3 to 3.1, Apple relied on (and still relies on) databases maintained by Google and Skyhook Wireless (“Skyhook”) to provide location-based services. Beginning with the iPhone OS version 3.2 released in April 2010, Apple relies on its own databases to provide location based services and for diagnostic purposes. These databases must be updated continuously to account for, among other things, the ever-changing physical landscape, more innovative uses of mobile technology, and the increasing number of Apple’s customers. Apple always has taken great care to protect the privacy of its customers.
To provide location-based services, Apple must be able to determine quickly and precisely where a device is located. To do this, Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points. The information is stored in a database accessible only by Apple and does not reveal personal information about any customer.
Information about nearby cell towers and Wi-Fi access points is collected and sent to Apple with the GPS coordinates of the device, if available: (1) when a customer requests current location information and (2) automatically, in some cases, to update and maintain databases with known location information. In both cases, the device collects the following anonymous information:
  • Cell Tower Information: Apple collects information about nearby cell towers, such as the location of the tower(s), Cell IDs, and data about the strength of the signal transmitted from the towers. A Cell ID refers to the unique number assigned by a cellular provider to a cell, a defined geographic area covered by a cell tower in a mobile network. Cell IDs do not provide any personal information about mobile phone users located in the cell. Location, Cell ID, and signal strength information is available to anyone with certain commercially available software.
  • Wi-Fi Access Point Information: Apple collects information about nearby Wi-Fi access points, such as the location of the access points), Media Access Control (MAC) addresses, and data about the strength and speed of the signal transmitted by the access point(s). A MAC address (a term that does not refer to Apple products) is a unique number assigned by a manufacturer to a network adapter or network interface card (“NIC”). The address provides the means by which a computer or mobile device is able to connect to the Internet. MAC addresses do not provide any personal information about the owner of the network adapter or NIC. Anyone with a wireless network adapter or NIC can identify the MAC address of a Wi-Fi access point. Apple does not collect the user-assigned name of the Wi-Fi access point (known as the “SSID,” or service set identifier) or data being transmitted over the Wi-Fi network (known as “payload data”).
 First, when a customer requests current location information, the device encrypts and transmits Cell Tower and Wi-Fi Access Point Information and the device’s GPS coordinates (if available) over a secure Wi-Fi Internet connection to Apple,” For requests transmitted from devices running the iPhone OS version 3.2 or iOS 4, Apple will retrieve known locations for nearby cell towers and Wi-Fi access points from its proprietary database and transmit the information back to the device. For requests transmitted from devices running prior versions of the iPhone OS, Apple transmits-anonymously-the Cell Tower Information to Google and Wi-Fi Access Point Information to Skyhook. These providers return to Apple known locations of nearby cell towers and Wi-Fi access points, which Apple transmits back to the device. The device uses the information, along with GPS coordinates (if available), to determine its actual location. Information about the device’s actual location is not transmitted to Apple, skyhook, or Google. Nor is it transmitted to any third-party application provider, unless the customer expressly consents. Second, to help Apple update and maintain its database with known location information, Apple may also collect and transmit Cell Tower and Wi-Fi Access Point Information automatically. With one exception,” Apple automatically collects this information only (1) if the device’s location-based service capabilities are toggled to “On” and (2) the customer uses an application requiring location-based information. If both conditions are met, the device intermittently and anonymously collects Cell Tower and Wi-Fi Access Point Information from the cell towers and Wi-Fi access points that it can “see,” along with the device’s GPS coordinates, if available. This information is batched and then encrypted and transmitted to Apple over a Wi-Fi Internet connection every twelve hours (or later if the device does not have Wi-Fi Internet access at that time).
The document is really interesting, something to read besides WiFi Geolocation.

The Apple Geolocation DB is only useful if you have an Apple device. But as we could read on the document Apple continues to use on some devices Skyhook and Google DBs. For more information on Skyhook you could visit their page. There’s also some information on “Online Mapping Services” on“Hacking Wireless Exposed – Second Edition”(isbn:9780071666619).


To be able to test the Google DB I created a script that let you make queries using one or many MAC addresses.


Download the script here.

No comments:

Post a Comment