XPost: misc.phone.mobile.iphone, alt.comp.os.windows-10, comp.mobile.android   
   From: robin_listas@es.invalid   
      
   On 2025-12-15 00:44, Marian wrote:   
   > Carlos E.R. wrote:   
   >>> And when querying wifi networks almost none are changed from the ISP   
   >>> default.   
   >>   
   >> Around my house I see three customized of mine, one random (computer   
   >> generated long random string), 3 "TP-Link..." one "ARRIS". So   
   >> everybody else except the random one is using factory defaults. Or   
   >> provider defaults.   
   >>   
   >> Using WiFi Analizer (Android) upstairs I see a few more, also   
   >> generated by the ISP.   
   >   
   >   
   > Hi Carlos,   
   >   
   > If you want, you can give me a BSSID of one of the homes near you, and   
   > thanks to Chris who asked me to do it, I can output the nearest 400   
   > BSSID:GPS pairs in that area.   
      
   That would reveal my location to the world :-)   
      
   > If desired, I can "snowball" it even further, to get the nearest 400 to the   
   > outside ring, which will instantly extend to thousands within seconds.   
   >   
   > If you're OK with that, I'll post those thousands so that Chris (and others   
   > who may not have understood what the researchers reported) will see that.   
   >   
   > All I need to do is run the now-modified Apple BSSID locator code:   
   >    
   > where the main change I made to the apple_bssid_locator.py was   
   > FROM: apple_wloc.return_single_result = 1 (which means return only one)   
   > TO:   apple_wloc.return_single_result = 0 (which means unlimited returns)   
   >   
   > In practice, "unlimited" really means Apple throttles returns at 400.   
   > All this I learned from reading the research that was posted about this.   
   >   
   > With the changes I documented, anyone in the world can reproduce what the   
   > security researchers said could be done, which I thank Chris for making me   
   > do it (because it took about a half hour for me to figure out that change).   
   >   
   > Now when I run this command using the modified apple_bssid_locator.py code   
   > python apple_bssid_locator.py 11:22:33:AA:BB:CC --all   
   > I get up to 400 BSSID:GPS pairs per query.   
   >   
   > If ANYONE wants to give me a BSSID of their neighbor, just post it.   
   > I will run the query for them and report the results here for all to see.   
   >   
   > As the researchers stated, it's trivial to "snowball" that query with   
   > automation to the point in two weeks the researchers had billions of   
   > GPS:BSSID pairs, which then they could use to track "households".   
   >   
   > It's so easy to do, it's scary.   
   > Just have someone give me a BSSID and I'll prove it to all right now.   
      
   I don't doubt it.   
      
   --   
   Cheers, Carlos.   
   ES🇪🇸, EU🇪🇺;   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)