Smartphones Spy on Your Router.



Fixxx

Fixxx

Elite
Ultimate
Joined
31.10.19
Messages
378
Reaction score
833
Points
93
wifi.jpg

The exact location of your router is publicly available through global geo databases.
Let's figure out why this is necessary, what risks it carries and how to reduce them...

Every time a person with a smartphone and GPS turned on passes or drives past your Wi-Fi access point, the approximate geographic coordinates of the router end up in the databases of Apple, Google and other tech giants. This is an integral part of the Wi-Fi positioning system (WPS, Wi-Fi Positioning System). And in order for your router to be included in this database you don’t even have to have a smartphone - it’s enough that your neighbors or those simply passing by have smartphones. Thanks to WPS, you see a point corresponding to your location on the screen of your smartphone an instant after launching the map, instead of several minutes required when receiving "pure" GPS data from satellites. The smartphone checks which Wi-Fi access points are nearby, sends the list to Google/Apple and in response receives either it's calculated coordinates (from Google) or a list of router coordinates (from Apple) to calculate the position itself. This type of geolocation can be successfully used by devices without GPS at all, such as laptops. As MIT researchers found, Apple allows you to request the coordinates of access points without any special restrictions, so you can create your own map of all the routers in the world and sometimes follow the right people on it...


What are the Risks of Spying on Routers?

Although the approximate physical location of the router doesn't seem like particularly sensitive information, there are a number of cases when it's desirable to hide this information. Here are just some examples:
  • Satellite Internet terminals, such as Starlink. They distribute the Internet via Wi-Fi and surveillance of the terminal is equal to surveillance of the user’s position. This is especially sensitive when terminals are used in areas of military conflicts and emergency situations.
  • Users of mobile hotspots for business and travel. If you find it convenient to distribute the Internet from a mobile router to your laptop and other devices, it's very likely that a pocket hotspot accompanies you on all your business trips. At the same time, it creates opportunities to monitor their schedule, frequency and directions. The same applies to hotspots installed in motorhomes and yachts.
  • People who have moved. Often a router moves with it's owner and then it's new address can be recognized by those who have been to the old address at least once and connected to Wi-Fi. While this situation is usually innocent and has no negative consequences it can be different for those who have moved to escape serious problems.

Natural Limitations of WPS Tracking.
Although the above sounds unpleasant, the accuracy and speed of tracking via WPS is lower than for other tracking methods...
  1. In order for a router to be included in the WPS database, it must be consistently detected in the same area for a certain period of time. In experiments by MIT researchers, a new router got into the WPS database in 2 to 7 days. If you go somewhere with a mobile router for a short period of time, it's unlikely that this movement will be reflected in the database.
  2. In order for a router to be included in the WPS database, it must be scanned by at least several smartphones with activated geolocation services. Therefore, a router installed in isolated or deserted places may never get on the map.
  3. Router binding and further tracking are based on an identifier broadcast by the access point called BSSID. Wi-Fi standards allow BSSID randomization - if this feature is enabled, the identifier automatically changes at regular intervals. This doesn't interfere with the normal operation of devices connected to the access point but it makes it difficult to re-identify the router. Just as the "confidential/private MAC address" settings in Android, iOS and Windows can reduce the risk of tracking client devices, randomizing the BSSID makes it much more difficult to track access points.


How to Protect your Router from WPS Tracking?
Apple and Google have a little-known tool that allows you to exclude an access point from their WPS databases. To do this, you need to add the suffix _nomap to the end of the access point name - for example, the MyHomeWifi access point will need to be renamed to MyHomeWifi_nomap. For home and office routers an additional security measure is to rent a device from a provider rather than buying your own. Then, whenever you move you can simply hand it over and rent a new router in a new place. A more technologically advanced solution, although more difficult to implement, would be one of the routers that supports BSSID randomization. For example, from the open source Supernetworks. The popular alternative firmware for DD-WRT routers also allows for BSSID randomization with hardware support.

For those who use a modern smartphone as an access point, I recommend checking the device settings. In Apple, BSSID randomization for "Modem Mode" (Hotspot) is turned on in a very non-obvious way: there's no such switch directly in the "Modem Mode" settings. But if the "Private Wi-Fi Address" function is activated on the device for at least some Wi-Fi networks (Settings → Wi-Fi → click on the name of the connected Wi-Fi network → enable "Private Wi-Fi Address") then "Modem Mode" begins to randomize the BSSID of the access point. Occasionally, this function is also found in Android smartphones but it's activation procedure differs for different manufacturers. Starlink terminals, according to the manufacturer, will also gradually receive a software update that automatically activates BSSID randomization from the beginning of 2023.
 
Last edited:
You must log in or register to reply here.
Top Bottom