A vulnerability in Apple’s location service could allow for the tracking of troop movements

Gamingdeputy reported on May 25 that the security blog Krebs on Security published a blog post this month stating that there is a vulnerability in Apple's location service, and by “stealing” the WPS database, it is possible to locate the whereabouts of troops..

Related background knowledge

Mobile phone positioning mainly relies on satellite positioning. However, in urban areas, dense high-rise buildings make it difficult for mobile devices to receive weak satellite signals. Therefore, mobile devices rely on Wi-Fi-based positioning systems (WPS) in such scenarios.


WPS uses a global database of nearly 500 million Wi-Fi routers. Crucially, this isn't just the public routers they can actually access, but all the BSSIDs they can see, which includes a lot of Wi-Fi routers in homes.

Devices can't access your router, but they can detect it and query a database to find out exactly where it is. These databases are created by cars driving around, tracking their own locations using a variety of methods, and collecting BSSIDs, which are then matched against those locations.

Gamingdeputy Note: The BSSID set by the manufacturer is different from the router SSID selected by the user. In simple terms, it can be regarded as the MAC address of the wireless network card in the router.

Apple and Google both have their own WPS databases, and they use essentially the same method: detecting nearby BSSIDs, measuring the strength of each signal, and then comparing that data to the WPS database to figure out the location of the mobile device.


Google positioning method

AndroidThe phone records the BSSIDs it can see and their signal strengths, and sends that data to Google servers, which use the WPS database to calculate the phone's location and send it to the phone.

Apple positioning method

Apple's WPS also accepts a list of nearby BSSIDs, and instead of calculating the device's location based on observed access points and their received signal strength, Apple returns the geolocation of up to 400 BSSIDs via the API, and then uses about 8 of those BSSIDs to determine the user's location based on known landmarks.

Essentially, Google's WPS calculates a user's location and shares it with the device. Apple's WPS provides its devices with enough data about the locations of known access points in the area that the device can make its own estimates.

Apple's positioning method vulnerability

Researchers at the University of Maryland say they can exploit the lengthy capabilities of Apple's API to map the movement of a single device in and out of nearly any given area in the world.

The University of Maryland researchers said they initially spent a month querying the API for the locations of more than a billion randomly generated BSSIDs.

Of these randomly generated BSSIDs, only about 3 million were known to Apple's Wi-Fi geolocation API, but Apple also returned locations for another 488 million BSSIDs that it had already stored in its WPS through other queries.

The researchers said that by zeroing in, or “geofencing,” other smaller areas indexed by Apple's location API, they could monitor how Wi-Fi access points moved over time.

This issue could be a big problem on a practical level. The team can locate the Russian-Ukrainian conflict zone and confirm the location and movement of Starlink devices used by Ukrainian and Russian troops.

Gamingdeputy attaches the reference address

Advertising Statement: The external jump links contained in the article (including but not limited to hyperlinks, QR codes, passwords, etc.) are used to convey more information and save selection time. The results are for reference only. All articles in Gamingdeputy contain this statement.