Precise geolocation via Wi-Fi Positioning System

[wsces]

No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.

That said, I hope the service doesn't implicitly trust data sent by untrusted clients like web browsers, otherwise someone could just use something like this to send it a false location: https://chromewebstore.google.com/detail/spoof-geolocation/i...

[oceanplexian]

Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..

[DrawTR]

The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.

[runjake]

Minor but important correction: The BSSID is almost never the AP MAC address.

The BSSID is unique per SSID, per AP. The BSSID is usually derived (usually by incrementing the last octet) from the AP MAC address, however.

So an AP MAC might be 77:99:44:EE:C4:11.

It has a wireless network called "Bob's SSID". It will have a BSSID of something like 77:99:44:EE:C4:12.

Then, the AP may be broadcasting another called "Mary's SSID", and it will have a BSSID of something like 77:99:44:EE:C4:13.

Edit: More not-well-written info on BSSIDs: https://en.wikipedia.org/wiki/Service_set_(802.11_network)

Looks like the BSSID is derived from the AP serial number by some vendors. Never seen that myself.

[DrawTR]

I see, thanks. I've definitely seen instances where an AP is broadcasting multiple SSIDs with different BSSIDs. I suppose I just thought nothing of it... but that makes sense.

[kbaker]

That would be a fun project. Capture some WiFi geolocation data and rebroadcast it later with an ESP32 that switches its BSSID/SSID/frequency/transmit power to match an existing fingerprint.

And then see if you can be magically transported somewhere else.

[emilburzo]

Already done: https://hackaday.com/2024/11/15/bypassing-airpods-hearing-ai...

[1bpp]

Shouldn't be any harder than the name.

[DrawTR]

Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)

[Aachen]

Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality

Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)

[stackskipton]

Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.

Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.

[ralsei]

Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location