Every time you use Google or Apple mobile location services, you’re not just telling the services where you are. You’re also shouting many of the places you’ve been to anyone who happens to be listening around you—at least if you follow Google’s and Apple’s advice and turn on Wi-Fi for improved accuracy.
Wi-Fi is everywhere. And because of its ubiquity, Wi-Fi access points have become the navigational beacons of the 21st century, allowing location-based services on mobile devices to know exactly where you are. But thanks to the way Wi-Fi protocols work, mapping using Wi-Fi is a two-way street—just as your phone listens for information about networks around it to help you find your way, it is shouting out the name of every network it remembers you connecting to as long as it remains unconnected.
The problem with Wi-Fi “probe” requests is nothing new—Dan Goodin covered the vulnerability for Ars two years ago. The problem poses a significant security issue in some cases—particularly for AT&T customers, whose phones automatically join networks named “attwifi” when their probe requests are answered. That’s something we’ve demonstrated ourselves in controlled test at Ars’ security skunkworks.