https://arxiv.org/abs/2405.14975

Skip to main content
Cornell University
We gratefully acknowledge support from the Simons Foundation, member
institutions, and all contributors. Donate
 
arxiv logo > cs > arXiv:2405.14975
[                    ]

Help | Advanced Search

[All fields        ]
Search
arXiv logo
Cornell University Logo
[                    ] GO
quick links

  * Login
  * Help Pages
  * About

Computer Science > Cryptography and Security

arXiv:2405.14975 (cs)
[Submitted on 23 May 2024]

Title:Surveilling the Masses with Wi-Fi-Based Positioning Systems

Authors:Erik Rye, Dave Levin
View a PDF of the paper titled Surveilling the Masses with
Wi-Fi-Based Positioning Systems, by Erik Rye and 1 other authors
View PDF HTML (experimental)

    Abstract:Wi-Fi-based Positioning Systems (WPSes) are used by
    modern mobile devices to learn their position using nearby Wi-Fi
    access points as landmarks. In this work, we show that Apple's
    WPS can be abused to create a privacy threat on a global scale.
    We present an attack that allows an unprivileged attacker to
    amass a worldwide snapshot of Wi-Fi BSSID geolocations in only a
    matter of days. Our attack makes few assumptions, merely
    exploiting the fact that there are relatively few dense regions
    of allocated MAC address space. Applying this technique over the
    course of a year, we learned the precise locations of over 2
    billion BSSIDs around the world.
    The privacy implications of such massive datasets become more
    stark when taken longitudinally, allowing the attacker to track
    devices' movements. While most Wi-Fi access points do not move
    for long periods of time, many devices -- like compact travel
    routers -- are specifically designed to be mobile. We present
    several case studies that demonstrate the types of attacks on
    privacy that Apple's WPS enables: We track devices moving in and
    out of war zones (specifically Ukraine and Gaza), the effects of
    natural disasters (specifically the fires in Maui), and the
    possibility of targeted individual tracking by proxy -- all by
    remotely geolocating wireless access points. We provide
    recommendations to WPS operators and Wi-Fi access point
    manufacturers to enhance the privacy of hundreds of millions of
    users worldwide. Finally, we detail our efforts at responsibly
    disclosing this privacy vulnerability, and outline some
    mitigations that Apple and Wi-Fi access point manufacturers have
    implemented both independently and as a result of our work.

Comments: Published at IEEE S&P 2024
Subjects: Cryptography and Security (cs.CR); Networking and Internet
          Architecture (cs.NI)
Cite as:  arXiv:2405.14975 [cs.CR]
          (or arXiv:2405.14975v1 [cs.CR] for this version)

Submission history

From: Erik Rye [view email]
[v1] Thu, 23 May 2024 18:22:12 UTC (3,376 KB)
Full-text links:

Access Paper:

    View a PDF of the paper titled Surveilling the Masses with
    Wi-Fi-Based Positioning Systems, by Erik Rye and 1 other authors
  * View PDF
  * HTML (experimental)
  * TeX Source
  * Other Formats

license icon view license
Current browse context:
cs.CR
< prev   |   next >
new | recent | 2405
Change to browse by:
cs
cs.NI

References & Citations

  * NASA ADS
  * Google Scholar
  * Semantic Scholar

a export BibTeX citation Loading...

BibTeX formatted citation

x
[loading...          ]
Data provided by:

Bookmark

BibSonomy logo Reddit logo
(*) Bibliographic Tools

Bibliographic and Citation Tools

[ ] Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
[ ] Litmaps Toggle
Litmaps (What is Litmaps?)
[ ] scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
( ) Code, Data, Media

Code, Data and Media Associated with this Article

[ ] Links to Code Toggle
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
[ ] DagsHub Toggle
DagsHub (What is DagsHub?)
[ ] GotitPub Toggle
Gotit.pub (What is GotitPub?)
[ ] Links to Code Toggle
Papers with Code (What is Papers with Code?)
[ ] ScienceCast Toggle
ScienceCast (What is ScienceCast?)
( ) Demos

Demos

[ ] Replicate Toggle
Replicate (What is Replicate?)
[ ] Spaces Toggle
Hugging Face Spaces (What is Spaces?)
[ ] Spaces Toggle
TXYZ.AI (What is TXYZ.AI?)
( ) Related Papers

Recommenders and Search Tools

[ ] Link to Influence Flower
Influence Flower (What are Influence Flowers?)
[ ] Connected Papers Toggle
Connected Papers (What is Connected Papers?)
[ ] Core recommender toggle
CORE Recommender (What is CORE?)

  * Author
  * Venue
  * Institution
  * Topic

( ) About arXivLabs

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and
share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have
embraced and accepted our values of openness, community, excellence,
and user data privacy. arXiv is committed to these values and only
works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community?
Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is
MathJax?)

  * About
  * Help

  * Click here to contact arXiv Contact
  * Click here to subscribe Subscribe

  * Copyright
  * Privacy Policy

  * Web Accessibility Assistance
  * arXiv Operational Status
    Get status notifications via email or slack