Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tool Reveals iPad and iPhone User Locations

Posted by timothy on from the cat's-away-mice-will-play dept.

mask.of.sanity writes "A researcher has found that Apple user locations can be potentially determined by tapping into Apple Maps and he has created a Python tool to make the process easier. iSniff GPS accesses Apple's database of wireless access points, which is collected by iPhones and iPads that have GPS and Wi-Fi location services enabled. Apple uses this crowd-sourced data to run its location services; however, the location database is not meant to be public. You can download the tool via Giuthub."

11 of 36 comments (clear)

  1. Re:GUITHUB???? by Anonymous Coward · · Score: 5, Funny

    No, Giuthub. Learn to read, asshole.

  2. Ouch! by hcs_$reboot · · Score: 5, Funny

    The divorce rate will increase dramatically if Apple doesn't fix this ...

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  3. Protect yourself by Thornburg · · Score: 4, Informative

    And this is why your iDevice should never be set to automatically join wifi networks.

    Actually, NO device should be configured to automatically join wifi networks.

    (For those who didn't read the docs that go with the software, this relies upon running an access point with no DHCP, which is what forces the iDevice to send ARPs for the last DHCP server it used).

    Also, this means that if you want to "hide" your home network, don't run DHCP on your WiFi router, use another device.

    1. Re:Protect yourself by beelsebob · · Score: 3, Interesting

      Joining, and discovering are not the same thing. You don't need to join a network for your phone to register it as near your location.

    2. Re:Protect yourself by Thornburg · · Score: 4, Interesting

      Joining, and discovering are not the same thing. You don't need to join a network for your phone to register it as near your location.

      Absolutely true. But your phone won't give away the MAC address of your previous network unless it's trying to join the fake wifi network. Unless I'm greatly misunderstanding what I read.

      From GitHub:

      To solicit ARPs from iOS devices, set up an access point with DHCP disabled (e.g. using airbase-ng) and configure your sniffing interface to the same channel.

      Once associated, iOS devices will send up to three ARPs destined for the MAC address of the DHCP server on previously joined networks. On typical home WiFi routers, the DHCP server MAC address is the same as the WiFi interface MAC address, which can be used for accurate geolocation. On larger corporate WiFi networks, the MAC of the DHCP server may be different and thus cannot be used for geolocation.

      I'm pretty sure that for a device to be associated, it has to be attempting to join the network. I could be wrong, I'm not a WiFi engineer. Please correct me if I'm wrong about that.

    3. Re:Protect yourself by Smurf · · Score: 3, Funny

      I'm pretty sure that for a device to be associated, it has to be attempting to join the network. I could be wrong, I'm not a WiFi engineer. Please correct me if I'm wrong about that.

      No, I'm pretty sure that you are absolutely right about that: You are not a WiFi engineer.

  4. Can be used to find where people live.... by Xenious · · Score: 3, Insightful

    Hmmm, "it can be used to find where people live", so can a phone book. ;) A lot of the time summaries take a very specific issue (quoting from Thornburg) "this relies upon running an access point with no DHCP, which is what forces the iDevice to send ARPs for the last DHCP server it used" and escalating it to a more dramatic issue. Sometimes with a very simple partial solution (again from Thornburg) "NO device should be configured to automatically join wifi networks," and a general attack with the open source vs closed or apple vs anyone fighting. Grated the dry description isn't as eye catching but its much more logical.

    For the record yes I have an iPhone and no I am not setup to automatically join new wifi networks.
    -Xen

    --
    -Xen
  5. Presented at Blackhat USA July 2012, code publish by fuzzel · · Score: 2

    From the github page: "Written by @hubert3 / . Presented at Blackhat USA July 2012, code published on Github 2012-08-31"

    Slashdot, News of Last year, today! ;)

    But yes, it is a rather cool hack that still works....

    --
    http://unfix.org
  6. As usual, misleading by gnasher719 · · Score: 3, Insightful

    iOS devices (and many other devices) use the known locations of wireless access points to determine their own location. (They check which wireless access points they can see, with which signal strength, and compare the results with a database of wireless access locations). What this guy found was that he could access the same database. So he can find locations of wireless access locations, which are _not_ iPads or iPhones, and there is no reason to assume that they would be owned by Mac or iOS device owners.

    That said, the information should not be available to anything but the operating system on a device.

  7. Wait a minute by 93+Escort+Wagon · · Score: 4, Funny

    There's a glaring flaw in the summary. In order for this tool to work, the iPad owner has to have used Apple Maps.

    Who actually uses Apple Maps? Haven't most of those people already been eaten by kangaroos in the desert or driven into canals?

    --
    #DeleteChrome
    1. Re:Wait a minute by Bigby · · Score: 2

      So it is like SimCity, but it works