Logo

WiFi and Cell towers exploits

Two nights ago, my friend texted me “Hey man, is there any way to locate device without GPS”.
Even tho I have a lot of experience in reverse approach to the matter, it never crossed my mind that this thing actually could be accurately used to locate person.

I am aware that government agencies can use cellphone towers to pinpoint approximate location of a person but it never crossed my mind that WiFi broadcasts can be used for this purpose as well and even more accurately.
In theory, cellphone is able to scan WiFi networks in the range, each of the networks has limited broadcast power and average indoor output is around 6W. This can be used to estimate the broadcasting range of the network but there is lot of things that can reduce this. However this fact might be more useful.

To define location in 2D system (yes, we are tracking person on surface of earth) we need at least 3 reference objects or points (more points, better accuracy). In case of GPS we use 3 satellites to calculate signal’s travel time (and this positioning is in 3D system). With WiFi and Cell Phone towers we can use Signal level. Cell towers have much much wider range of broadcast than WiFi hence the more precision by using WiFi.
If our WiFi hot-spot has 30db signal and we measure that each meter of distance looses one db. By measuring signal strength we can determinate the distance from the hot-spot’s antenna.

wifi-positioningIf we have enough time and money (like Government or such) and we employ drones or just people with cellphones to run trough out areas of the interest, we can collect enough of data to locate WiFi networks we can have map of networks and use it to compare to list of networks scanned on target’s cellphone to find it location.

In illustration on right we have three networks which we already located with our drones and we have target seeing all three of them which gives us it’s exact location within 1-2 meters.