PDA

View Full Version : ipod tracking - how does it work?



pillow
20.12.09, 16:49
a friend of mine got an ipod touch 1g.
we connected it via wlan and tested the google tracking where it asks "can we use your spot" or similar. after some seconds our place was shown EXACTLY! :eek13:

how the heck can we be tracked if we are only connected via internet,
this thing has no mobilephone part.
so the only thing would be then through the ip that the provider gave us.
but exactly the house where we were at was shown!
so every house has its own ip pool?? and how does google know this then?

pretty scary.

Hush
20.12.09, 16:57
it has got an integrated gps device. the gps device is supported by the internet. how it works (technical), i actually do not know.

pillow
20.12.09, 17:44
wow, the "simple" ipod has a gps already,so it can be tracked also without internet?
can this be turned off then somehow?

Hush
20.12.09, 18:12
i do not know if the device is able to work as a "stand alone" without connecting to the internet. but the most smartphones have an integrated gps device.

pillow
20.12.09, 18:19
yep, but this is why i wondered, it has no phoneparts, its just a player!

plentonimus
20.12.09, 18:48
how the heck can we be tracked if we are only connected via internet,
this thing has no mobilephone part.
The Ipod touch uses a methode similar to AGPS that works only with your wifi.

Every wireless access point should have it's own unique MAC-Address.
If someone records all available wifi networks at "any" given point you can determine where you are by reversing this process.
Skyhook Wireless has a good instructional video:
http://www.skyhookwireless.com/flash/loader_howitworks.swf
Please notice this only works in dense urban areas and in case of the Ipod touch only by wifi.

pillow
20.12.09, 19:37
wtf! somebody drives around and records the mac of my ap??
meaning, if i am connected via my ap and some client (javascript exploit?trojan etc..) on my pc/ipod sends my ap's mac out,
everybody (at least the people with access to that database - google?..) knows exactly where i am at (and with measuring the signal-strength of my ap when in front of the house probably also my exact position inside it).
so knowing this renders vpn, tor, anon-proxies etc. not really secure/useless?
hm.
does hiding my mac work to pass this insecurity?

(so there is no gps inside the ipod?)

Kyllyee
20.12.09, 21:17
wtf! somebody drives around and records the mac of my ap??
meaning, if i am connected via my ap and some client (javascript exploit?trojan etc..) on my pc/ipod sends my ap's mac out,
everybody (at least the people with access to that database - google?..) knows exactly where i am at (and with measuring the signal-strength of my ap when in front of the house probably also my exact position inside it).
so knowing this renders vpn, tor, anon-proxies etc. not really secure/useless?
hm.
does hiding my mac work to pass this insecurity?

(so there is no gps inside the ipod?)

There is no actual GPS in the iPod, as far as I know. :)
As for people getting you AP info, its not the uncommon. If it is available to be seen, you can get some type of info from it.

plentonimus
20.12.09, 21:58
wtf! somebody drives around and records the mac of my ap??
Google Streetview - you can be sure that they were not only taking pictures :rolleyes:



meaning, if i am connected via my ap and some client (javascript exploit?trojan etc..) on my pc/ipod sends my ap's mac out,
With only your mac address it will 'locate' you 30-40 meter accurately (you have to run a malicious program (trojan) - a javascript won't do it).


everybody (at least the people with access to that database - google?..) knows exactly where i am at (and with measuring the signal-strength of my ap when in front of the house probably also my exact position inside it).
Well, it will never determine your exact position (with only your mac adress & singal strength) but it will definitively scale down to 10-20 meter.
In short: pretty close.


so knowing this renders vpn, tor, anon-proxies etc. not really secure/useless?
yes, but you must be compromised in the first place.
Keep in mind that knowing your location is in most cases useless (except a hitman is hunting you). Stealing your identity/passwords/bank account or monitoring your activities/communication pays off much more (knowing your real IP address will be in most cases enough).


does hiding my mac work to pass this insecurity?
Hiding the mac address of your access point wouldn't solve the problem. The malicious software could still look for all the other access points (their mac address).
Just don't run malicious software (knowingly or unknowingly) and you'll be fine.


(so there is no gps inside the ipod?)
Yes, no GPS chip inside the ipod touch.


EDIT: This technology can only determine where it is but not where other connected wifi clients are.

pillow
20.12.09, 22:08
Hiding the mac address of your access point wouldn't solve the problem.
hm, how about if we bought the ap of ebay some month ago, it was used.
and still they got it right. so they are frequently updates it seems.

youre right with scanning the other aps near me of course...
so no hiding.

thanks for shining a light on this!

plentonimus
20.12.09, 22:32
hm, how about if we bought the ap of ebay some month ago, it was used.
All the other access point in your area remained overall the same and therefore they were able to tell you your position.


and still they got it right. so they are frequently updates it seems.
Fun fact: Every device/request is updating their database.
When the request contains a mac address unknown to the provider (e.g. skyhook) they can still tell you where you are due to the known ap's and immediately update their database.
If a access point "moved" the algorithm will notice and also update (or more precise "add it" to the determined) location.
The provider must only ensure that their database doesn’t get messed up by phony/injected mac addresses.

pillow
21.12.09, 02:32
but when you hide your mac BEFORE you first use it in your area,
they will only know about it, if you send the info from your own pc to them, or not?

so what the ipod does when you allow it to get you location is to scan all the neighborhood aps and send that info also to google?
so actually every ipod/iphone user who uses this (and he will at least once, like us) are collaborators who update googles/skyhooks database, not only for your own ap but all the others too.
:balloons:
eek.

plentonimus
21.12.09, 12:01
but when you hide your mac BEFORE you first use it in your area,
they will only know about it, if you send the info from your own pc to them, or not?
If I’m informed correctly you can not hide your mac address but you can form time to time change it. But anyway hiding your SSID (stop broadcasting it) will do the job.
In this case they will only know about it, if you send the info to them. Correct.


so what the ipod does when you allow it to get you location is to scan all the neighborhood aps and send that info also to google?
Yes (the info doesn't get sent to google but more likely to skyhook or similar provider).


so actually every ipod/iphone user who uses this (and he will at least once, like us) are collaborators who update googles/skyhooks database, not only for your own ap but all the others too.
:balloons:
eek.
Yes.