A new proof of concept Python tool recently uploaded to GitHub aims to use data collected through Apple’s location services for iOS devices to reveal where users have been and potentially even their home address. Researcher Hubert Seiwert has taken advantage of previous discoveries that iOS devices often send out ARP requests that disclose previously joined WiFi networks when connecting to access points. Apple responded to concerns of it collecting a database of access points to provide more accurate GPS and wifi location services back in 2011, but that data isn’t supposed to be accessible to just anyone.
Seiwert says sending a single MAC address to Apple returns 400 in return based on recently joined access points and from there iSniff “submits MAC addresses to Apple’s WiFi location service (masquerading as an iOS device) to obtain GPS coordinates for a given BSSID.”
The new Github tool dubbed “iSniff GPS” will allow users to capture SSID probes, ARPs and MDNS (Bonjour) packets to access the location data, highlighting a serious privacy concern for Apple’s location services. Seiwert explained:
The best 4K & 5K displays for Mac
iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks, as described in . iSniff GPS captures these ARPs and submits MAC addresses to Apple’s WiFi location service (masquerading as an iOS device) to obtain GPS coordinates for a given BSSID. If only SSID probes have been captured for a particular device, iSniff GPS can query network names on wigle.net and visualise possible locations… By geo-locating multiple SSIDs and WiFi router MAC addresses, it is possible to determine where a device (and by implication its owner) is likely to have been.
Back in 2011, Google locked down its API for its own WiFi location services for Android devices after reports surfaced prompting similar privacy concerns. Seiwert noted that you “can’t query a single MAC address anymore, you have to give two or more MAC addresses which are close to other before Google will actually turn over location.”
Last year Seiwert talked about how the iSniff GPS tool works. You can check out the full talk in the video below around the 2:15:00 mark: