Login
Image: Shutterstock.
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.
At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.
Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.
Periodically, Apple and Google mobile devices will forward their locations — by querying GPS and/or by using cellular towers as landmarks — along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it’s what allows your mobile phone to continue displaying your planned route even when the device can’t get a fix on GPS.
With Google’s WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths — via an application programming interface (API) request to Google — whose WPS responds with the device’s computed position. Google’s WPS requires at least two BSSIDs to calculate a device’s approximate position.
Apple’s WPS also accepts a list of nearby BSSIDs, but instead of computing the device’s location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple’s API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user’s location based on known landmarks.
In essence, Google’s WPS computes the user’s location and shares it with the device. Apple’s WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own.
That’s according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple’s API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random.
They learned that while only about three million of those randomly generated BSSIDs were known to Apple’s Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups.
UMD Associate Professor David Levin and Ph.D student Erik Rye found they could mostly avoid requesting unallocated BSSIDs by consulting the list of BSSID ranges assigned to specific device manufacturers. That list is maintained by the Institute of Electrical and Electronics Engineers (IEEE), which is also sponsoring the privacy and security conference where Rye is slated to present the UMD research later today.
Plotting the locations returned by Apple’s WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points. The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America.
A “heatmap” of BSSIDs the UMD team said they discovered by guessing randomly at BSSIDs.
The researchers said that by zeroing in on or “geofencing” other smaller regions indexed by Apple’s location API, they could monitor how Wi-Fi access points moved over time. Why might that be a big deal? They found that by geofencing active conflict zones in Ukraine, they were able to determine the location and movement of Starlink devices used by both Ukrainian and Russian forces.
The reason they were able to do that is that each Starlink terminal — the dish and associated hardware that allows a Starlink customer to receive Internet service from a constellation of orbiting Starlink satellites — includes its own Wi-Fi access point, whose location is going to be automatically indexed by any nearby Apple devices that have location services enabled.
A heatmap of Starlink routers in Ukraine. Image: UMD.
The University of Maryland team geo-fenced various conflict zones in Ukraine, and identified at least 3,722 Starlink terminals geolocated in Ukraine.
“We find what appear to be personal devices being brought by military personnel into war zones, exposing pre-deployment sites and military positions,” the researchers wrote. “Our results also show individuals who have left Ukraine to a wide range of countries, validating public reports of where Ukrainian refugees have resettled.”
In an interview with KrebsOnSecurity, the UMD team said they found that in addition to exposing Russian troop pre-deployment sites, the location data made it easy to see where devices in contested regions originated from.
“This includes residential addresses throughout the world,” Levin said. “We even believe we can identify people who have joined the Ukraine Foreign Legion.”
A simplified map of where BSSIDs that enter the Donbas and Crimea regions of Ukraine originate. Image: UMD.
Levin and Rye said they shared their findings with Starlink in March 2024, and that Starlink told them the company began shipping software updates in 2023 that force Starlink access points to randomize their BSSIDs.
Starlink’s parent SpaceX did not respond to requests for comment. But the researchers shared a graphic they said was created from their Starlink BSSID monitoring data, which shows that just in the past month there was a substantial drop in the number of Starlink devices that were geo-locatable using Apple’s API.
UMD researchers shared this graphic, which shows their ability to monitor the location and movement of Starlink devices by BSSID dropped precipitously in the past month.
They also shared a written statement they received from Starlink, which acknowledged that Starlink User Terminal routers originally used a static BSSID/MAC:
“In early 2023 a software update was released that randomized the main router BSSID. Subsequent software releases have included randomization of the BSSID of WiFi repeaters associated with the main router. Software updates that include the repeater randomization functionality are currently being deployed fleet-wide on a region-by-region basis. We believe the data outlined in your paper is based on Starlink main routers and or repeaters that were queried prior to receiving these randomization updates.”
The researchers also focused their geofencing on the Israel-Hamas war in Gaza, and were able to track the migration and disappearance of devices throughout the Gaza Strip as Israeli forces cut power to the country and bombing campaigns knocked out key infrastructure.
“As time progressed, the number of Gazan BSSIDs that are geolocatable continued to decline,” they wrote. “By the end of the month, only 28% of the original BSSIDs were still found in the Apple WPS.”
In late March 2024, Apple quietly updated its website to note that anyone can opt out of having the location of their wireless access points collected and shared by Apple — by appending “_nomap” to the end of the Wi-Fi access point’s name (SSID). Adding “_nomap” to your Wi-Fi network name also blocks Google from indexing its location.
Apple updated its privacy and location services policy in March 2024 to allow people to opt out of having their Wi-Fi access point indexed by its service, by appending “_nomap” to the network’s name.
Asked about the changes, Apple said they have respected the “_nomap” flag on SSIDs for some time, but that this was only called out in a support article earlier this year.
Rye said Apple’s response addressed the most depressing aspect of their research: That there was previously no way for anyone to opt out of this data collection.
“You may not have Apple products, but if you have an access point and someone near you owns an Apple device, your BSSID will be in [Apple’s] database,” he said. “What’s important to note here is that every access point is being tracked, without opting in, whether they run an Apple device or not. Only after we disclosed this to Apple have they added the ability for people to opt out.”
The researchers said they hope Apple will consider additional safeguards, such as proactive ways to limit abuses of its location API.
“It’s a good first step,” Levin said of Apple’s privacy update in March. “But this data represents a really serious privacy vulnerability. I would hope Apple would put further restrictions on the use of its API, like rate-limiting these queries to keep people from accumulating massive amounts of data like we did.”
The UMD researchers said they omitted certain details from their study to protect the users they were able to track, noting that the methods they used could present risks for those fleeing abusive relationships or stalkers.
“We observe routers move between cities and countries, potentially representing their owner’s relocation or a business transaction between an old and new owner,” they wrote. “While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location.”
The researchers said Wi-Fi access points that can be created using a mobile device’s built-in cellular modem do not create a location privacy risk for their users because mobile phone hotspots will choose a random BSSID when activated.
“Modern Android and iOS devices will choose a random BSSID when you go into hotspot mode,” he said. “Hotspots are already implementing the strongest recommendations for privacy protections. It’s other types of devices that don’t do that.”
For example, they discovered that certain commonly used travel routers compound the potential privacy risks.
“Because travel routers are frequently used on campers or boats, we see a significant number of them move between campgrounds, RV parks, and marinas,” the UMD duo wrote. “They are used by vacationers who move between residential dwellings and hotels. We have evidence of their use by military members as they deploy from their homes and bases to war zones.”
A copy of the UMD research is available here (PDF).
Update, May 22, 4:54 p.m. ET: Added response from Apple.
It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet and keep their private data safe. But these days, with the rapid growth of online threats and privacy concerns, even casual internet users should seriously consider using a VPN. Nearly 30% of people now use VPNs for personal reasons, and that number is only growing as more people learn about how VPNs offer an effective way to safeguard online privacy, enhance security, and protect against various cyber threats.
If you are not familiar with this technology, a VPN essentially allows you to send and receive data across a public network as if it were a private network that encrypts, or scrambles, your information so others cannot read it. Let’s take a look at the top 3 reasons why a VPN could come in handy for you.
Now that you know why having a personal VPN is so useful, here are a few tips to help you choose the right product for you:
The post Why You Need a Personal VPN appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, its the rise in popularity is two-fold. The first aspect is that users have been educated to distrust email messages and the second is the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
Frequency Independent SDR-based Signal Understanding and Reverse Engineering
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.
The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.
The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.
Supported
There are two branches within FISSURE to make file navigation easier and reduce code redundancy. The Python2_maint-3.7 branch contains a codebase built around Python2, PyQt4, and GNU Radio 3.7; while the Python3_maint-3.8 branch is built around Python3, PyQt5, and GNU Radio 3.8.
| Operating System | FISSURE Branch |
|---|---|
| Ubuntu 18.04 (x64) | Python2_maint-3.7 |
| Ubuntu 18.04.5 (x64) | Python2_maint-3.7 |
| Ubuntu 18.04.6 (x64) | Python2_maint-3.7 |
| Ubuntu 20.04.1 (x64) | Python3_maint-3.8 |
| Ubuntu 20.04.4 (x64) | Python3_maint-3.8 |
In-Progress (beta)
| Operating System | FISSURE Branch |
|---|---|
| Ubuntu 22.04 (x64) | Python3_maint-3.8 |
Note: Certain software tools do not work for every OS. Refer to Software And Conflicts
Installation
FreshRSS 
git clone https://github.com/ainfosec/fissure.git
cd FISSURE
git checkout <Python2_maint-3.7> or <Python3_maint-3.8>
./install
This will automatically install PyQt software dependencies required to launch the installation GUIs if they are not found.
Next, select the option that best matches your operating system (should be detected automatically if your OS matches an option).
| Python2_maint-3.7 | Python3_maint-3.8 |
|---|---|
 |
 |
It is recommended to install FISSURE on a clean operating system to avoid existing conflicts. Select all the recommended checkboxes (Default button) to avoid errors while operating the various tools within FISSURE. There will be multiple prompts throughout the installation, mostly asking for elevated permissions and user names. If an item contains a "Verify" section at the end, the installer will run the command that follows and highlight the checkbox item green or red depending on if any errors are produced by the command. Checked items without a "Verify" section will remain black following the installation.
Usage
fissure
Refer to the FISSURE Help menu for more details on usage.
Components
Capabilities
Signal Detector
IQ Manipulation
Pattern Recognition
Attacks
Fuzzing
Signal Playlists
Image Gallery
Packet Crafting
Scapy Integration
CRC Calculator
Logging
FISSURE comes with several helpful guides to become familiar with different technologies and techniques. Many include steps for using various tools that are integrated into FISSURE.
Suggestions for improving FISSURE are strongly encouraged. Leave a comment in the Discussions page if you have any thoughts regarding the following:
Contributions to improve FISSURE are crucial to expediting its development. Any contributions you make are greatly appreciated. If you wish to contribute through code development, please fork the repo and create a pull request:
git checkout -b feature/AmazingFeature)git commit -m 'Add some AmazingFeature')git push origin feature/AmazingFeature)Creating Issues to bring attention to bugs is also welcomed.
Contact Assured Information Security, Inc. (AIS) Business Development to propose and formalize any FISSURE collaboration opportunities–whether that is through dedicating time towards integrating your software, having the talented people at AIS develop solutions for your technical challenges, or integrating FISSURE into other platforms/applications.
GPL-3.0
For license details, see LICENSE file.
Follow on Twitter: @FissureRF, @AinfoSec
Chris Poore - Assured Information Security, Inc. - poorec@ainfosec.com
Business Development - Assured Information Security, Inc. - bd@ainfosec.com
Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions to this project.
The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?
What is a VPN?
A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.
How does a VPN work and why you need a VPN service?
Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.
|
|
This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.
|
|
One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.
|
|
Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.
Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.
|
|
Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.
|
|
The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.
Choosing the right VPN for you
Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.
Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:
|
|
Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.
Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.
Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.
Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.
Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.
The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .
