Wi-Fi Positioning Systems (WPS) used by mobile devices can be exploited by Apple, posing a global privacy threat. An attack allows unauthorized access to worldwide Wi-Fi BSSID geolocations within days due to limited dense MAC address space. Over a year, 2 billion BSSIDs were located worldwide, enabling tracking of device movements. Case studies show tracking in war zones, natural disasters, and individual tracking possibilities. Recommendations are provided to enhance privacy for millions of users. Efforts were made to disclose this vulnerability responsibly, resulting in some mitigations by Apple and Wi-Fi access point manufacturers.
https://arxiv.org/abs/2405.14975