Post a video on YouTube and it will be featured here!
Do you have a brand new device you want me to hack?
Send it to me!
Are you producing a device and want me to check it's security?
Send me an email!
As of now more than 3500 people unlocked Huawei E585, E5830,
E5832S, E583C and HW-01C successfully!

Monday, February 15, 2010

Apple and YOUR privacy.

Apple know's your Wifi SSID and where it's located.
You may say, no news here because I authorized it in my iPhone.

Yes, ok.. but did you authorize Apple to know MINE too?

Ok.. you're confused.. I'll explain:
every time you use google maps on your iPhone or any other application
which uses the location service, you are sending Apple your GPS position along with 
the Wifi mac adresses of the networks
(access points) your phone sees.
So, let's say, you didn't authorize Apple to know where you are but someone else has.
Now picture that someone else passing by near your house.
As soon as that someone uses the location service, Apple will know the position of your wifi access point.
I wonder how this passed totally under the radar of "privacy aware" organizations.
It won't be long till someone will exploit this and the pandora box will be opened.

A proof: one of my access points mac addresses is in Apple database. I don't have a 3G or 3Gs iPhone and I've never authorized Apple to map my access point location.
But if I check with my iPod Touch and google maps, while I'm connected to that access point, Apple gives me my position and in a pretty accurate way.
Of course if I switch to another access point in my network, or if I change the mac address of the same access point, Apple doesn't know "yet" where I am.

At least until someone, passing by my house will use the "location" services.

This behaviour is TOTALLY against the law, at least here in Europe.

Feel free to spread the word about this "issue", and please link back to this article.


Derrick Whittet said...

It's certainly shifty, though I imagine they'll keep on doing it and just argue that your network is publicly visible and accessable, therefore has no expectation of privacy.

Not saying that's a goodthing, but I suspect it's how it will all go down.

Note: I've no idea of the specifics of local law where you are.

Zibri said...

You may be right. But it should be the same with photography! I can just go and shoot pictures of people without their consent. Even google maps had to hide people faces.
Because that puts someone in some place at some date and time.
It should be the same with wifi mac addresses.

Zibri said...

Also my door or my car plate are publicly visible.

What if someone maps the location of car labels?

What do you think will happen?
A riot.

Wifi mac address and SSID are visible (sometimes) that doesn't mean anyone can know where an access point is.

Same for cars: you can't know where a car is based on it's plate.

And you can't make a map of were a car plate is in a single date/time.

It's exactly the same thing.

This behaviour is illegal.

Grégoire said...

Are you sure they are not using the IP address to know your location ?
When ISP register IP adress they give locations of the IP adress.
when using DSL, the location is the location of the nearest pop which in dense area is nearby your location.
Are you sure they are not using this ?

Zibri said...

100% sure.

They are using the access point mac address.

Derrick Whittet said...

Yeah, I agree with you 100%. Whether it's strictly legal or not aside, it opens doors to a whole world of problems down the road; particularly given it's mac addresses being recorded, without consent.

Makes me cringe too. All those wifi finder apps that are constantly scanning and geotagging access points for users, just one guy going for a drive would provide Apple with physical locations and mac addies of every network along the way, without his even attempting to join them.

elettrofreak said...

Hi Zibri,

I guess it is an issue of GMaps. I'll try ASAP to sniff GMaps internet traffic off my Android Magic Smartphone.

Cheers Zibri!

elettrofreak said...


Your article just published on my FB wall

Zibri said...

Gmaps is a little different.

This is what happens when you use gmaps on the iPhone:

1) The iPhone contacts Apple sending your gps position and the wifi mac addresses it sees (on an https connection).

2) Apple answers with the position (if they have it).

3) The iPhone asks gmail for the map based on the coordinates Apple gave it and/org cell tower id.

Note: that last one method is the one used on PC and on android too.
I don't care if google know the gps position of cell towers, I care if they know the gps position of a wifi access point mac address.

AriX said...

Zibri, you're entirely incorrect. Apple does not get this information from iPhones that send them the MAC addresses of nearby routers when using CoreLocation. Apple licenses this information from a company called Skyhook that drives around in various towns and cities with trucks that index MAC addresses and log their exact GPS locations.

When you use an iPod touch and use CoreLocation while connected to a Wi-Fi network, it will report all of the MAC addresses of base stations it sees around it and will connect to some server and grab the GPS coordinates of those locations.


Unknown said...

Now the news has spread even outside the iPhone world...

elettrofreak said...

Magari l'hai già letto...

Zibri said...

Si'.. lo avevo letto :)

Post a Comment