You thought you were safe at home, away from prying eyes, but sorry to burst your bubble: your Wi-Fi box is spying on you! Well, not directly, but security researchers have found a way to geolocate you discreetly, simply by capturing the unique identifier of your router, also known as the BSSID (Basic Service Set Identifier).
Indeed, there are Wi-Fi positioning systems (WPS) like Apple’s, that use BSSIDs as beacons to locate you. Basically, as soon as an iPhone or a Mac picks up your Wi-Fi network, the BSSID and your position are sent directly to Apple’s database. Then, anyone can query this WPS to find out where you are without needing to be a professional hacker… they just need to know the trick.
This team of researchers demonstrated the main vulnerability of this system by developing an attack that allows the collection of millions of geolocated BSSIDs without needing authorization. Their method is simple: they bombard Apple’s WPS with randomly generated BSSIDs based on official MAC address ranges, and the system responds by giving the location of the BSSID and often the coordinates of about 400 other nearby BSSIDs.
In one year, they managed to compile an impressive database: more than 2 billion BSSIDs, spread all over the world! Even in Antarctica or on the isolated island of Tristan da Cunha, there’s no escape. The only place that still resists is mainland China. It’s assumed the government there has put in place legal restrictions to prevent this.
But the worst part is that when they tracked portable Wi-Fi routers, they found that 76% of these devices could be tracked over considerable distances, averaging 100 kilometers! This allows following the movements of users who carry their portable router around.
So why would someone be interested in your position? Well, this technique could be used by a stalker to follow you remotely or by governments to know your comings and goings. It can also track movements in conflict zones.
What can be done to prevent this? Firstly, companies like Apple need to stop distributing our BSSIDs so freely. Limiting the number of requests and better filtering would be a good start. Ideally, router manufacturers should implement BSSID randomization, as Apple devices already do in hotspot mode. SpaceX has set an example with its latest Starlink models. It would be great if others followed suit.
In the meantime, if you care about your privacy, the only thing to do is to regularly change your equipment, especially when you’re on the move, and avoid carrying the same router from work to home or from your apartment to your camper. And if you’re a bit handy and have root access to your router, you can force the BSSID to change with each reboot by modifying the hostapd configuration.
But clearly, there’s a significant risk and ethical questions to be raised about these disclosures of our locations without our consent.
For more details, you can read the full study on arXiv.