- Last 7 days
-
media.dltj.org media.dltj.org
-
by Erik Rye, Researcher, University of Maryland
Wi-Fi Positioning Systems are used by modern mobile operating systems to geolocate themselves without the use of GPS. Both Google and Apple, for instance, run Wi-Fi Positioning Systems for Android and iOS devices to obtain their own location using nearby Wi-Fi access points as landmarks.
In this work, we show that Apple's Wi-Fi Positioning System represents a global threat to the privacy of hundreds of millions of people. When iOS devices need to geolocate themselves using nearby Wi-Fi landmarks, they transmit a list of hardware identifiers to Apple and receive the geolocations of those access points in return. Unfortunately, this process can be replicated by an unprivileged adversary, who can recreate a copy of Apple's Wi-Fi geolocation database by requesting the locations of access points around the world with no prior knowledge.
To make matters worse, we demonstrate that by repeatedly querying Apple's Wi-Fi Positioning System for the same identifiers, we can detect Wi-Fi router movement over time. In our data, we see evidence of home relocations, family vacations, and the aftermath of natural disasters like the 2023 Maui wildfires. More disturbingly, we also observe troop and refugee movements into and out of the Ukraine war and the impact of the war in Gaza.
We conclude by detailing our efforts at responsible disclosure, and offer a number of suggestions for limiting Wi-Fi Positioning Systems' effects on user privacy in the future.
-
- Sep 2023
- Apr 2023
- Aug 2022
-
-
let's start giving a bit of a recap of all these vulnerabilities that I talked about and be basically aligned to what we defined as intercept for example
5 areas of vulnerabilities
- Intercept calls and texts
- Impersonate user identity
- Track users
- Conduct fraud
- DoS users or network
For each of these types of attacks, vulnerabilities were found in RCS to exploit them.
Tags
Annotators
URL
-
-
www.dasp.co www.dasp.co
-
It was first unveiled during a multimillion dollar heist which led to a hard fork of Ethereum. Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete.
Reenter attack - The DAO. Basically withdrawal calls before the end of initial execution.
-
-
a16zcrypto.com a16zcrypto.com
-
The more community members are free to gain governance power and influence the protocol, the easier it is for attackers to use that same mechanism to make malicious changes.
indistinguishability problem and premissionless voting
-
- Dec 2021
-
-
Edge computing is an emerging new trend in cloud data storage that improves how we access and process data online. Businesses dealing with high-frequency transactions like banks, social media companies, and online gaming operators may benefit from edge computing.
Edge Computing: What It Is and Why It Matters0 https://en.itpedia.nl/2021/12/29/edge-computing-what-it-is-and-why-it-matters/ Edge computing is an emerging new trend in cloud data storage that improves how we access and process data online. Businesses dealing with high-frequency transactions like banks, social media companies, and online gaming operators may benefit from edge computing.
-
- Feb 2021
-
medium.com medium.com
-
I’d notice the network requests going out!Where would you notice them? My code won’t send anything when the DevTools are open (yes even if un-docked).I call this the Heisenberg Manoeuvre: by trying to observe the behaviour of my code, you change the behaviour of my code.
-